dependabot[bot] opened a new pull request, #8484: URL: https://github.com/apache/hadoop/pull/8484
Bumps [io.netty:netty-handler-proxy](https://github.com/netty/netty) from 4.1.130.Final to 4.1.133.Final. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/netty/netty/releases";>io.netty:netty-handler-proxy's releases</a>.</em></p> <blockquote> <h2>netty-4.1.133.Final</h2> <h2>CVEs Fixed</h2> <ul> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-rgrr-p7gp-5xj7";>CVE-2026-42586</a> (netty-codec-redis)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr";>CVE-2026-42578</a> (netty-handler-proxy)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv";>CVE-2026-42587</a> (netty-codec-http, netty-codec-http2)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv";>CVE-2026-41417</a> (netty-codec-http)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9";>CVE-2026-42581</a> (netty-codec-http)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723";>CVE-2026-42580</a> (netty-codec-http)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv";>CVE-2026-42585</a> (netty-codec-http)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm";>CVE-2026-42579</a> (netty-codec-dns)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw";>CVE-2026-42582</a> (netty-codec-http3)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6";>CVE-2026-42583</a> (netty-codec, netty-codec-compression)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3";>CVE-2026-42584</a> (netty-codec-http)</li> <li><a href="https://github.com/netty/netty/security/advisories/GHSA-jfg9-48mv-9qgx";>CVE-2026-44248</a> (netty-codec-mqtt)</li> </ul> <h2>What's Changed</h2> <ul> <li>Fix IndexOutOfBoundsException in StompSubframeDecoder on heartbeat by <a href="https://github.com/daguimu";><code>@daguimu</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16539";>netty/netty#16539</a></li> <li>Auto-port 4.1: Fix implementation of strerror_r_xsi for GNU by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16561";>netty/netty#16561</a></li> <li>Auto-port 4.1: Replace usage of strerror with thread-safe alternative by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16555";>netty/netty#16555</a></li> <li>Auto-port 4.1: Kqueue: sendfile EINTR doesn't advance offset — data duplication by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16554";>netty/netty#16554</a></li> <li>Auto-port 4.1: Avoid leak in PemReader on OutOfDirectMemoryError by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16576";>netty/netty#16576</a></li> <li>Auto-port 4.1: Native DNS resolver: Guard against malloc failures by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16584";>netty/netty#16584</a></li> <li>Auto-port 4.1: Include user properties and subscription IDs in MqttProperties#isEmpty by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16582";>netty/netty#16582</a></li> <li>Auto-port 4.1: Fix parsing HTTP chunks with multiple extensions by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16588";>netty/netty#16588</a></li> <li>Auto-port 4.1: Stabilize read-only toStringMultipleThreads1 by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16610";>netty/netty#16610</a></li> <li>Auto-port 4.1: Epoll: Cleanup code to always return negative value on failure by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16601";>netty/netty#16601</a></li> <li>Auto-port 4.1: Stabilize more AbstractByteBufTests by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16613";>netty/netty#16613</a></li> <li>Auto-port 4.1: Stabilize testSessionInvalidate for Conscrypt by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16616";>netty/netty#16616</a></li> <li>Auto-port 4.1: Native transports: Correctly create pipe when pipe2 is not supported by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16598";>netty/netty#16598</a></li> <li>Use stream error for maxContentLength exceeded in InboundHttp2ToHttpAdapter by <a href="https://github.com/daguimu";><code>@daguimu</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16558";>netty/netty#16558</a></li> <li>Fix <code>shutdownInput</code> bug in kqueue for empty recv buffer (<a href="https://redirect.github.com/netty/netty/issues/16630";>#16630</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16638";>netty/netty#16638</a></li> <li>Auto-port 4.1: Kqueue: Fix usage of LOCAL_PEERPID by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16646";>netty/netty#16646</a></li> <li>Auto-port 4.1: HTTP2: Ensure HTTP2 preface is always send as first message by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16642";>netty/netty#16642</a></li> <li>Auto-port 4.1: Propagate exceptions from inner threads in buffer tests by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16652";>netty/netty#16652</a></li> <li>Auto-port 4.1: Add maxFrameLength support to ProtobufVarint32FrameDecoder by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16658";>netty/netty#16658</a></li> <li>Auto-port 4.1: Bump up netty-tcnative to 2.0.76.Final by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16672";>netty/netty#16672</a></li> <li>HTTP2: Ensure HTTP2 preface is always send as first message (also on … by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16675";>netty/netty#16675</a></li> <li>Improve flaky NioSocketChannelTest (<a href="https://redirect.github.com/netty/netty/issues/16679";>#16679</a>) by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16681";>netty/netty#16681</a></li> <li>Deprecate ObjectCleaner and remove usage (<a href="https://redirect.github.com/netty/netty/issues/16685";>#16685</a>) by <a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16694";>netty/netty#16694</a></li> <li>Auto-port 4.1: Update to netty-tcnative 2.0.77.Final by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16695";>netty/netty#16695</a></li> <li>Avoid NPE in JdkSslServerContext when TrustManagerFactory returns null by <a href="https://github.com/daguimu";><code>@daguimu</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16691";>netty/netty#16691</a></li> <li>Avoid NPE in JdkSslClientContext when TrustManagerFactory returns null by <a href="https://github.com/daguimu";><code>@daguimu</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16690";>netty/netty#16690</a></li> <li>Auto-port 4.1: Avoid TCPFastOpen in KQueueCompositeBufferGatheringWriteTest by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16699";>netty/netty#16699</a></li> <li>Auto-port 4.1: SCTP: Correctly handle SO_BACKLOG by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16715";>netty/netty#16715</a></li> <li>Fix DiscardClient hang under -Dssl by using a client SSL context by <a href="https://github.com/daguimu";><code>@daguimu</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16717";>netty/netty#16717</a></li> <li>Auto-port 4.1: Consolidate fake exceptions in HTTP/2 tests into Http2TestUtil by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16725";>netty/netty#16725</a></li> <li>Auto-port 4.1: Activate noPrintGC by default by <a href="https://github.com/netty-project-bot";><code>@netty-project-bot</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16735";>netty/netty#16735</a></li> <li>Merge commit from fork by <a href="https://github.com/normanmaurer";><code>@normanmaurer</code></a> in <a href="https://redirect.github.com/netty/netty/pull/16742";>netty/netty#16742</a></li> </ul> <h2>New Contributors</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/netty/netty/commit/fb13125f135ab53203513ff603872a3abe84d38d";><code>fb13125</code></a> [maven-release-plugin] prepare release netty-4.1.133.Final</li> <li><a href="https://github.com/netty/netty/commit/815f71a5c66a4361a8fe18851ab947bb5da33746";><code>815f71a</code></a> Fix compilation after multiple backports</li> <li><a href="https://github.com/netty/netty/commit/1986c38c9ec4f4130786503dfed2563f59132764";><code>1986c38</code></a> Merge commit from fork</li> <li><a href="https://github.com/netty/netty/commit/6f69dc91a22ad4b56b8a9361a1906b17d427d99a";><code>6f69dc9</code></a> Merge commit from fork</li> <li><a href="https://github.com/netty/netty/commit/bf78040ec388483aa83fcb0b51f45eeb66ec6f74";><code>bf78040</code></a> Fix BrotliDecoder not forwarding all decompressed chunks</li> <li><a href="https://github.com/netty/netty/commit/387bbd00ed0d3db8201e17b53396119c73d59448";><code>387bbd0</code></a> Merge commit from fork</li> <li><a href="https://github.com/netty/netty/commit/417ebaa8202ac287729b99ad76ad3aa2f6d99410";><code>417ebaa</code></a> Fix codec-dns tests</li> <li><a href="https://github.com/netty/netty/commit/3c091ab05a297285e7cf19d2976dd50e0a37641b";><code>3c091ab</code></a> Merge commit from fork</li> <li><a href="https://github.com/netty/netty/commit/5d60b87cf3b8219208c14c2e860066af8617e656";><code>5d60b87</code></a> Fix checkstyle in HttpObjectDecoder</li> <li><a href="https://github.com/netty/netty/commit/485f11d322c61d64a188aae412b4627d44a02664";><code>485f11d</code></a> Merge commit from fork</li> <li>Additional commits viewable in <a href="https://github.com/netty/netty/compare/netty-4.1.130.Final...netty-4.1.133.Final";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/hadoop/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
