This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-java.git
The following commit(s) were added to refs/heads/main by this push:
new 168a96914 MINOR: Bump io.netty:netty-bom from 4.2.10.Final to
4.2.12.Final (#1091)
168a96914 is described below
commit 168a969147ea77a6fe8f12fa15c6bc25b1e671f2
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Mar 30 10:21:57 2026 +0200
MINOR: Bump io.netty:netty-bom from 4.2.10.Final to 4.2.12.Final (#1091)
Bumps [io.netty:netty-bom](https://github.com/netty/netty) from
4.2.10.Final to 4.2.12.Final.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/netty/netty/releases";>io.netty:netty-bom's
releases</a>.</em></p>
<blockquote>
<h2>netty-4.2.12.Final</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert "Eliminate redundant bounds checks in CompositeByteBuf
accessors" by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16550";>netty/netty#16550</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final";>https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final</a></p>
<h2>netty-4.2.11.Final</h2>
<h2>Security</h2>
<ul>
<li>CVE-2026-33871, <a
href="https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv";>HTTP/2
CONTINUATION Frame Flood Denial of Service</a></li>
<li>CVE-2026-33870, <a
href="https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8";>HTTP
Request Smuggling via Chunked Extension Quoted-String Parsing</a></li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Update to latest JDK 26 EA release by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16230";>netty/netty#16230</a></li>
<li>HTTP3: Allow to support non-standard HTTP3 settings by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16171";>netty/netty#16171</a></li>
<li>Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry
loop by <a
href="https://github.com/adwsingh";><code>@adwsingh</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16245";>netty/netty#16245</a></li>
<li>Allocate one large segment and slice for each MsgHdrMemory by <a
href="https://github.com/dreamlike-ocean";><code>@dreamlike-ocean</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16234";>netty/netty#16234</a></li>
<li>Make RefCntOpenSslContext.deallocate more robust by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16253";>netty/netty#16253</a></li>
<li>Epoll: Fix excessive CPU usage when Channel is only registered but
no… by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16250";>netty/netty#16250</a></li>
<li>Update to gcc for arm 10.3-2021.07 by <a
href="https://github.com/m1ngyuan";><code>@m1ngyuan</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16255";>netty/netty#16255</a></li>
<li>Add acmeIdentifier extension support to pkitesting by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16256";>netty/netty#16256</a></li>
<li>Update JDK versions to latest patch releases by <a
href="https://github.com/m1ngyuan";><code>@m1ngyuan</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16254";>netty/netty#16254</a></li>
<li>Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by
<a href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16241";>netty/netty#16241</a></li>
<li>Automatic backporting workflow from 4.1 to 4.2 by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16269";>netty/netty#16269</a></li>
<li>Revert "Automatic backporting workflow from 4.1 to 4.2" by
<a href="https://github.com/chrisvest";><code>@chrisvest</code></a> in
<a
href="https://redirect.github.com/netty/netty/pull/16270";>netty/netty#16270</a></li>
<li>HTTP2: Correctly account for padding when decompress by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16264";>netty/netty#16264</a></li>
<li>Automatic backporting workflow from 4.1 to 4.2 by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16271";>netty/netty#16271</a></li>
<li>Automatic backporting workflow from 4.1 to 4.2 by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16273";>netty/netty#16273</a></li>
<li>Backport PRs must be created with personal access tokens by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16276";>netty/netty#16276</a></li>
<li>Expose QuicSslContextBuilder::sni by <a
href="https://github.com/ZeroErrors";><code>@ZeroErrors</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16178";>netty/netty#16178</a></li>
<li>Add more porting workflows by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16275";>netty/netty#16275</a></li>
<li>Add more porting workflows by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16283";>netty/netty#16283</a></li>
<li>Remove the unpooled allocator from test permutations by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16282";>netty/netty#16282</a></li>
<li>Some polishing of the porting workflows by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16288";>netty/netty#16288</a></li>
<li>Allow to set destination connection id when creating a client side
QuicheChannel by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16286";>netty/netty#16286</a></li>
<li>Update to latest JDK26 EA build by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16295";>netty/netty#16295</a></li>
<li>Add javadoc to clarify responsibility of the user when generating
the remote connection id by <a
href="https://github.com/normanmaurer";><code>@normanmaurer</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16293";>netty/netty#16293</a></li>
<li>Make the build run faster by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16290";>netty/netty#16290</a></li>
<li>Fix IDE warnings in SslHandler by <a
href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16237";>netty/netty#16237</a></li>
<li>Decrease Long allocations and map.put calls in
ReferenceCountedOpenSllEngine in handshake() method by <a
href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16242";>netty/netty#16242</a></li>
<li>Support boringssl SSLCredential API by <a
href="https://github.com/jmcrawford45";><code>@jmcrawford45</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/15919";>netty/netty#15919</a></li>
<li>Fix high-order bit aliasing in HttpUtil.validateToken by <a
href="https://github.com/furkanvarol";><code>@furkanvarol</code></a> in
<a
href="https://redirect.github.com/netty/netty/pull/16279";>netty/netty#16279</a></li>
<li>Improve multi-byte access performance when UNALIGNED availability is
unknown by <a
href="https://github.com/Songdoeon";><code>@Songdoeon</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16207";>netty/netty#16207</a></li>
<li>Avoid unnecessary SSL.getVersion() call and string allocation in
ReferenceCountedOpenSslEngine by <a
href="https://github.com/doom369";><code>@doom369</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16278";>netty/netty#16278</a></li>
<li>Support more branch freedom for auto-porting by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16300";>netty/netty#16300</a></li>
<li>fix: the precedence of + is higher than >> by <a
href="https://github.com/cuiweixie";><code>@cuiweixie</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16312";>netty/netty#16312</a></li>
<li>AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater
than byteBuf.maxCapacity() by <a
href="https://github.com/laosijikaichele";><code>@laosijikaichele</code></a>
in <a
href="https://redirect.github.com/netty/netty/pull/16309";>netty/netty#16309</a></li>
<li>Fix flaky PooledByteBufAllocatorTest by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16313";>netty/netty#16313</a></li>
<li>Fix pooled arena accounting tests by <a
href="https://github.com/chrisvest";><code>@chrisvest</code></a> in <a
href="https://redirect.github.com/netty/netty/pull/16321";>netty/netty#16321</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/netty/netty/commit/67ce541e4692853e24fc506466960db35bb64914";><code>67ce541</code></a>
[maven-release-plugin] prepare release netty-4.2.12.Final</li>
<li><a
href="https://github.com/netty/netty/commit/7074624644b79f4e97081bd58a58ed135962b8c2";><code>7074624</code></a>
Revert "Eliminate redundant bounds checks in CompositeByteBuf
accessors" (<a
href="https://redirect.github.com/netty/netty/issues/16";>#16</a>...</li>
<li><a
href="https://github.com/netty/netty/commit/c3b0a43442dbf84e3eb161d5f252623f832f1579";><code>c3b0a43</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="https://github.com/netty/netty/commit/c94a8180e749f694fb76963dd494bae17c31aff6";><code>c94a818</code></a>
[maven-release-plugin] prepare release netty-4.2.11.Final</li>
<li><a
href="https://github.com/netty/netty/commit/3b76df185678353733aa21702d6be16130d188a0";><code>3b76df1</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/netty/netty/commit/aae944a19eb036993fc47c4b40639476f519deaf";><code>aae944a</code></a>
Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers
(<a
href="https://redirect.github.com/netty/netty/issues/16";>#16</a>...</li>
<li><a
href="https://github.com/netty/netty/commit/60014996491c41d91c26f80bca096610f34fc858";><code>6001499</code></a>
Eliminate redundant bounds checks in CompositeByteBuf accessors (<a
href="https://redirect.github.com/netty/netty/issues/16525";>#16525</a>)</li>
<li><a
href="https://github.com/netty/netty/commit/a7fbb6f84625ef29733a1506ed3520e3c21d5247";><code>a7fbb6f</code></a>
JdkZlibDecoder: accumulate decompressed output before firing channelRead
(<a
href="https://redirect.github.com/netty/netty/issues/16";>#16</a>...</li>
<li><a
href="https://github.com/netty/netty/commit/7937553d8f49e17b064f57b1414907aed8e3be3d";><code>7937553</code></a>
Enforce io.netty.maxDirectMemory accounting on all Java versions (<a
href="https://redirect.github.com/netty/netty/issues/16489";>#16489</a>)</li>
<li><a
href="https://github.com/netty/netty/commit/893ea2ea6c35c9e1812e5d331530b88d8690022b";><code>893ea2e</code></a>
Allocate less in QueryStringDecoder.addParam for typical use case (<a
href="https://redirect.github.com/netty/netty/issues/16527";>#16527</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/netty/netty/compare/netty-4.2.10.Final...netty-4.2.12.Final";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 863169b47..61b5b3f0b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@ under the License.
<dep.junit.jupiter.version>5.12.2</dep.junit.jupiter.version>
<dep.slf4j.version>2.0.17</dep.slf4j.version>
<dep.guava-bom.version>33.5.0-jre</dep.guava-bom.version>
- <dep.netty-bom.version>4.2.10.Final</dep.netty-bom.version>
+ <dep.netty-bom.version>4.2.12.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.79.0</dep.grpc-bom.version>
<dep.protobuf-bom.version>4.34.1</dep.protobuf-bom.version>
<dep.jackson-bom.version>2.21.2</dep.jackson-bom.version>
