(arrow-java) branch main updated: MINOR: Bump io.netty:netty-bom from 4.2.14.Final to 4.2.15.Final (#1175)

Thu, 11 Jun 2026 01:07:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-java.git


The following commit(s) were added to refs/heads/main by this push:
     new cb24576e8 MINOR: Bump io.netty:netty-bom from 4.2.14.Final to 
4.2.15.Final (#1175)
cb24576e8 is described below

commit cb24576e895c0bf8e1d062e2fc82f2b53bfa2eb8
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Jun 11 10:07:43 2026 +0200

    MINOR: Bump io.netty:netty-bom from 4.2.14.Final to 4.2.15.Final (#1175)
    
    Bumps [io.netty:netty-bom](https://github.com/netty/netty) from
    4.2.14.Final to 4.2.15.Final.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/netty/netty/releases";>io.netty:netty-bom's
    releases</a>.</em></p>
    <blockquote>
    <h2>netty-4.2.15.Final</h2>
    <h2>Security fixes</h2>
    <ul>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j";>CVE-2026-48059</a>:
    memory exhaustion in <code>io.netty:netty-codec-haproxy</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85";>CVE-2026-47691</a>:
    DNS cache poisoning in <code>io.netty:netty-resolver-dns</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-563q-j3cm-6jxm";>CVE-2026-50560</a>:
    DDoS in <code>io.netty:netty-codec-http2</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7";>CVE-2026-50011</a>:
    memory exhaustion in <code>io.netty:netty-codec-redis</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2";>CVE-2026-44250</a>:
    memory exhaustion in <code>io.netty:netty-codec-redis</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3";>CVE-2026-44890</a>:
    memory exhaustion in <code>io.netty:netty-codec-redis</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5";>CVE-2026-50009</a>:
    information disclosure and denial of service in
    <code>io.netty:netty-codec-classes-quic</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86";>CVE-2026-44249</a>:
    IPv6 subnet filter bypass in <code>io.netty:netty-handler</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-hvcg-qmg6-jm4c";>CVE-2026-50020</a>:
    request smuggling in <code>io.netty:netty-codec-http</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2";>CVE-2026-44892</a>:
    memory exhaustion in <code>io.netty:netty-codec-http3</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv";>CVE-2026-44893</a>:
    memory leak in <code>io.netty:netty-codec-haproxy</code> (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j";>CVE-2026-44894</a>:
    traffic amplification in <code>io.netty:netty-codec-classes-quic</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9";>CVE-2026-50010</a>:
    TLS hostname verification accidentally disabled in
    <code>io.netty:netty-handler</code> (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78";>CVE-2026-45673</a>:
    DNS cache poisoning in <code>io.netty:netty-resolver-dns</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh";>CVE-2026-45416</a>:
    excessive memory usage from SNIHandler in
    <code>io.netty:netty-handler</code> (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9";>CVE-2026-45536</a>:
    file descriptor leak in
    <code>io.netty:netty-transport-native-epoll</code> and
    <code>io.netty:netty-transport-native-kqueue</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc";>CVE-2026-45674</a>:
    DNS cache poisoning in <code>io.netty:netty-resolver-dns</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch";>CVE-2026-46340</a>:
    memory exhaustion in <code>io.netty:netty-transport-sctp</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q";>CVE-2026-47244</a>:
    denial of service in <code>io.netty:netty-codec-http2</code>.</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-6jv9-x5w9-2ccm";>CVE-2026-48006</a>:
    memory exhaustion in <code>io.netty:netty-codec-redis</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-4grm-h2qv-h6w6";>CVE-2026-48748</a>:
    memory exhaustion in <code>io.netty:netty-codec-http3</code>
    (high).</li>
    <li><a
    
href="https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j";>CVE-2026-48043</a>:
    memory exhaustion in <code>io.netty:netty-codec-http2</code>.</li>
    </ul>
    <h2>What's Changed</h2>
    <ul>
    <li>Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by <a
    href="https://github.com/dreamlike-ocean";><code>@​dreamlike-ocean</code></a>
    in <a
    
href="https://redirect.github.com/netty/netty/pull/16836";>netty/netty#16836</a></li>
    <li>HTTP/2: Parse request-target path like Vert.x by <a
    href="https://github.com/yawkat";><code>@​yawkat</code></a> in <a
    
href="https://redirect.github.com/netty/netty/pull/16810";>netty/netty#16810</a></li>
    <li>Auto-port 4.2: ChannelInitializer: correct misleading comment on
    exceptionCaught route by <a
    
href="https://github.com/netty-project-bot";><code>@​netty-project-bot</code></a>
    in <a
    
href="https://redirect.github.com/netty/netty/pull/16853";>netty/netty#16853</a></li>
    <li>FlowControlHandler: Suppress duplicate channelReadComplete after
    draining queue (<a
    href="https://redirect.github.com/netty/netty/issues/15053";>#15053</a>)
    by <a href="https://github.com/schiemon";><code>@​schiemon</code></a> in
    <a
    
href="https://redirect.github.com/netty/netty/pull/16837";>netty/netty#16837</a></li>
    <li>Pass maxAllocation to Brotli and Zstd decoders by <a
    href="https://github.com/fedinskiy";><code>@​fedinskiy</code></a> in <a
    
href="https://redirect.github.com/netty/netty/pull/16844";>netty/netty#16844</a></li>
    <li>Fix revapi warnings by <a
    href="https://github.com/chrisvest";><code>@​chrisvest</code></a> in <a
    
href="https://redirect.github.com/netty/netty/pull/16885";>netty/netty#16885</a></li>
    <li>Fix SCTP and Redis tests by <a
    href="https://github.com/chrisvest";><code>@​chrisvest</code></a> in <a
    
href="https://redirect.github.com/netty/netty/pull/16893";>netty/netty#16893</a></li>
    <li>Add maxWindowLog parameter to ZstdDecoder to bound memory allocation
    by <a href="https://github.com/skyguard1";><code>@​skyguard1</code></a>
    in <a
    
href="https://redirect.github.com/netty/netty/pull/16850";>netty/netty#16850</a></li>
    <li>Auto-port 4.2: MQTT: Reject malformed no-payload packets with
    non-zero Remaining Length by <a
    
href="https://github.com/netty-project-bot";><code>@​netty-project-bot</code></a>
    in <a
    
href="https://redirect.github.com/netty/netty/pull/16890";>netty/netty#16890</a></li>
    </ul>
    <h2>New Contributors</h2>
    <ul>
    <li><a href="https://github.com/schiemon";><code>@​schiemon</code></a>
    made their first contribution in <a
    
href="https://redirect.github.com/netty/netty/pull/16837";>netty/netty#16837</a></li>
    <li><a href="https://github.com/fedinskiy";><code>@​fedinskiy</code></a>
    made their first contribution in <a
    
href="https://redirect.github.com/netty/netty/pull/16844";>netty/netty#16844</a></li>
    </ul>
    <p><strong>Full Changelog</strong>: <a
    
href="https://github.com/netty/netty/compare/netty-4.2.14.Final...netty-4.2.15.Final";>https://github.com/netty/netty/compare/netty-4.2.14.Final...netty-4.2.15.Final</a></p>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    
href="https://github.com/netty/netty/commit/a41f7b289ce1d697c50846f3ade3983e22b2ed40";><code>a41f7b2</code></a>
    [maven-release-plugin] prepare release netty-4.2.15.Final</li>
    <li><a
    
href="https://github.com/netty/netty/commit/2394530bdb6837d928c2ec0b4d8f598487059ef9";><code>2394530</code></a>
    Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero
    Remain...</li>
    <li><a
    
href="https://github.com/netty/netty/commit/0bd1657a601da85c324d28562dc7d1ae220ad3a7";><code>0bd1657</code></a>
    Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (<a
    href="https://redirect.github.com/netty/netty/issues/16850";>#16850</a>)</li>
    <li><a
    
href="https://github.com/netty/netty/commit/76291f58a901e021289e5c30618b6e136d605163";><code>76291f5</code></a>
    Fix SCTP and Redis tests (<a
    href="https://redirect.github.com/netty/netty/issues/16893";>#16893</a>)</li>
    <li><a
    
href="https://github.com/netty/netty/commit/e067b6e3376afee7629481d46333c3acf7f95943";><code>e067b6e</code></a>
    Fix revapi warnings (<a
    href="https://redirect.github.com/netty/netty/issues/16885";>#16885</a>)</li>
    <li><a
    
href="https://github.com/netty/netty/commit/5a52600d96cc6f4d38098e0645be53ecbfc8a811";><code>5a52600</code></a>
    Pass maxAllocation to Brotli and Zstd decoders (<a
    href="https://redirect.github.com/netty/netty/issues/16844";>#16844</a>)</li>
    <li><a
    
href="https://github.com/netty/netty/commit/541add0f7f5486ef15834da51d8dd983ec12e2b3";><code>541add0</code></a>
    Merge commit from fork</li>
    <li><a
    
href="https://github.com/netty/netty/commit/270800e5d336913606493a562c8200ecf321a0c1";><code>270800e</code></a>
    Merge commit from fork</li>
    <li><a
    
href="https://github.com/netty/netty/commit/3d45a1e4e8eb99144f716e54be5ac57e525fa7ca";><code>3d45a1e</code></a>
    Merge commit from fork</li>
    <li><a
    
href="https://github.com/netty/netty/commit/75127cab731ee35068d1f0667bffa188bc332f5d";><code>75127ca</code></a>
    Merge commit from fork</li>
    <li>Additional commits viewable in <a
    
href="https://github.com/netty/netty/compare/netty-4.2.14.Final...netty-4.2.15.Final";>compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 63128589a..877a35586 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@ under the License.
     <dep.junit.jupiter.version>6.1.0</dep.junit.jupiter.version>
     <dep.slf4j.version>2.0.18</dep.slf4j.version>
     <dep.guava-bom.version>33.6.0-jre</dep.guava-bom.version>
-    <dep.netty-bom.version>4.2.14.Final</dep.netty-bom.version>
+    <dep.netty-bom.version>4.2.15.Final</dep.netty-bom.version>
     <dep.grpc-bom.version>1.81.0</dep.grpc-bom.version>
     <dep.protobuf-bom.version>4.35.0</dep.protobuf-bom.version>
     <dep.jackson-bom.version>2.22.0</dep.jackson-bom.version>

Reply via email to