Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

io.netty:netty-codec-http2

Ecosystem:
maven
Package URL:
pkg:maven/io.netty:netty-codec-http2
Total PRs:
222 Dependabot PRs
Latest PR:
10 days ago
Unique Repositories:
90 repositories
Unique Repos (30 days):
8 repositories
Security Advisories
Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature
GHSA-563q-j3cm-6jxm CVE-2026-50560 MODERATE published 3 days ago • updated 3 days ago
### Summary Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset. ### Details There is a setting in the http2 spe...
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
GHSA-f6hv-jmp6-3vwv CVE-2026-42587 HIGH published about 1 month ago • updated 2 days ago
## Summary `HttpContentDecompressor` accepts a `maxAllocation` parameter to limit decompression buffer size and prevent decompression bomb attacks...
Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
GHSA-w9fj-cfpg-grvv CVE-2026-33871 HIGH published 3 months ago • updated 15 days ago
### Summary A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of `CONTINUATION` frames. The serv...
Possible request smuggling in HTTP/2 due missing validation of content-length
GHSA-f256-j965-7f32 CVE-2021-21409 MODERATE published about 5 years ago • updated 9 days ago
### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true...
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability
GHSA-prj3-ccx8-p6x4 CVE-2025-55163 HIGH published 10 months ago • updated about 17 hours ago
Below is a technical explanation of a newly discovered vulnerability in HTTP/2, which we refer to as “MadeYouReset.” ### MadeYouReset Vulnerabilit...
View all 9 advisories
Recent PRs
RSS Feed
Bump io.netty:netty-codec-http2 from 4.1.133.Final to 4.1.135.Final in /generated-platform-project/quarkus/bom

quarkusio/quarkus-platform #2005

4.1.133.Final → 4.1.135.Final Patch PR
Open 10 days ago 1 comment
quarkusio
deps(deps-dev): Bump io.netty:netty-codec-http2 from 4.1.130.Final to 4.1.135.Final

montge/ddf #232

4.1.130.Final → 4.1.135.Final Patch PR
Open 10 days ago 2 comments
montge
Bump io.netty:netty-codec-http2 from 4.2.4.Final to 4.2.15.Final in /forms-flow-bpm

AOT-Technologies/forms-flow-ai #3320

4.2.4.Final → 4.2.15.Final Patch PR
Open 10 days ago 3 comments
AOT-Technologies
Bump the bpm-minor-patch group across 1 directory with 29 updates

AOT-Technologies/forms-flow-ai #3317

4.2.4.Final → 4.2.15.Final Patch PR
Open 11 days ago 2 comments
AOT-Technologies
Bump the all-dependencies group across 1 directory with 8 updates

navikt/kabin-api #450

4.2.14.Final → 4.2.15.Final Patch PR
Closed 16 days ago 1 comment
navikt
build(deps): Bump the maven-dependencies group across 1 directory with 6 updates

onyxsellmoore/resale_tracker #17

4.1.132.Final → 4.2.14.Final Minor PR
Open 17 days ago 1 comment
onyxsellmoore
build(deps): bump the gradle-dependencies group across 1 directory with 33 updates

sahilsaraearth-svg/aro-music #6

4.2.13.Final → 4.2.14.Final Patch PR
Closed 17 days ago 1 comment
sahilsaraearth-svg
Bump the maven group across 8 directories with 10 updates

vicaya/pulsar #9

4.1.32.Final → 4.1.133.Final Patch PR
Closed about 1 month ago 1 comment
vicaya
build(deps): bump the minor-and-patch group across 1 directory with 23 updates

Avicennasis/BluePaper #12

4.1.135.Final → 4.2.15.Final Minor PR
Closed about 1 month ago 2 comments
Avicennasis
build(deps): bump io.netty:netty-codec-http2 from 4.1.129.Final to 4.1.133.Final

aimansharief/knowledge-platform-jobs #14

4.1.129.Final → 4.1.133.Final Patch PR
Closed about 1 month ago 1 comment
aimansharief
chore(deps): bump the gradle-dependencies group across 1 directory with 8 updates

AndroidIRCx/NULVEX #53

4.2.12.Final → 4.2.13.Final Patch PR
Closed about 1 month ago 1 comment
AndroidIRCx
chore(deps): bump the all-backend-non-major-dependencies group in /backend with 3 updates

digitalservicebund/ris-norms #2312

4.2.12.Final → 4.2.13.Final Patch PR
Closed about 1 month ago 1 comment
digitalservicebund
build(deps): bump io.netty:netty-codec-http2 from 4.1.89.Final to 4.1.132.Final

mock-server/mockserver #1986

4.1.89.Final → 4.1.132.Final Patch PR
Closed about 2 months ago 2 comments
mock-server
chore(deps): Bump io.netty:netty-codec-http2 from 4.1.118.Final to 4.1.132.Final in /docker_images/java/wrapper

Azure/iot-sdks-e2e-fx #395

4.1.118.Final → 4.1.132.Final Patch PR
Closed about 2 months ago 1 comment
Azure
build(deps): bump io.netty:netty-codec-http2 from 4.1.127.Final to 4.2.12.Final in /apps/nbs-gateway

CDCgov/NEDSS-Modernization #3192

4.1.127.Final → 4.2.12.Final Minor PR
Closed about 2 months ago 2 comments
CDCgov
Bump io.netty:netty-codec-http2 from 4.2.9.Final to 4.2.10.Final in /dusseldorf-ktor-streams

navikt/dusseldorf-ktor #1027

4.2.9.Final → 4.2.10.Final Patch PR
Open 2 months ago 1 comment
navikt
Bump the minor-and-patch-dependencies group across 1 directory with 5 updates

scalar-labs/scalardb #3491

4.1.132.Final → 4.2.12.Final Minor PR
Open 2 months ago 5 comments
scalar-labs
Bump the minor-and-patch-dependencies group with 3 updates

scalar-labs/scalardb #3489

4.1.132.Final → 4.2.12.Final Minor PR
Closed 2 months ago 7 comments
scalar-labs
Bump the maven group across 8 directories with 9 updates

xxubai/amoro #12

4.1.129.Final → 4.1.132.Final Patch PR
Closed 2 months ago 1 comment
xxubai
Bump the maven group across 8 directories with 8 updates

vicaya/pulsar #4

4.1.32.Final → 4.1.132.Final Patch PR
Closed 2 months ago 1 comment
vicaya
build(deps): bump io.netty:netty-codec-http2 from 4.2.10.Final to 4.2.12.Final

OpenAF/openaf-opacks #1720

4.2.10.Final → 4.2.12.Final Patch PR
Closed 3 months ago 2 comments
OpenAF
Bump the maven group across 4 directories with 2 updates

Hawthorne001/azure-sdk-for-java #539

4.1.130.Final → 4.1.132.Final Patch PR
Open 3 months ago 1 comment
Hawthorne001
Bump io.netty:netty-codec-http2 from 4.1.130.Final to 4.1.132.Final in /generated-platform-project/quarkus-universe/bom

quarkusio/quarkus-platform #1841

4.1.130.Final → 4.1.132.Final Patch PR
Open 3 months ago 1 comment
quarkusio
build(deps): bump io.netty:netty-codec-http2 from 4.1.124.Final to 4.1.132.Final in /blob/blob-gcp

salesforce/multicloudj #363

4.1.124.Final → 4.1.132.Final Patch PR
Closed 3 months ago 1 comment
salesforce
Bump io.netty:netty-codec-http2 from 4.1.118.Final to 4.1.132.Final in /sdk/clientcore/http-netty4

FOCONIS/azure-sdk-for-java #20

4.1.118.Final → 4.1.132.Final Patch PR
Closed 3 months ago 1 comment
FOCONIS
build(deps): bump io.netty:netty-codec-http2 from 4.1.124.Final to 4.1.132.Final in /multicloudj-common-gcp

salesforce/multicloudj #362

4.1.124.Final → 4.1.132.Final Patch PR
Closed 3 months ago 1 comment
salesforce
Bump io.netty:netty-codec-http2 from 4.2.4.Final to 4.2.10.Final in /forms-flow-idm/keycloak/idp-selector

AOT-Technologies/forms-flow-ai #3233

4.2.4.Final → 4.2.10.Final Patch PR
Open 3 months ago 3 comments
AOT-Technologies
Bump the maven group across 29 directories with 6 updates

preechapon250/azure-sdk-for-java #9

4.1.130.Final → 4.1.132.Final Patch PR
Closed 3 months ago 1 comment
preechapon250
deps(deps-dev): Bump io.netty:netty-codec-http2 from 4.1.130.Final to 4.1.132.Final

montge/ddf #194

4.1.130.Final → 4.1.132.Final Patch PR
Open 3 months ago 2 comments
montge
Bump the maven group across 4 directories with 5 updates

davidanderson01/netty #2

4.2.1.Final-SNAPSHOT → 4.2.5.Final Patch PR
Closed 3 months ago 1 comment
davidanderson01
Bump the dependencies group with 3 updates

Olsc/DroidGit #19

4.2.10.Final → 4.2.11.Final Patch PR
Open 3 months ago 1 comment
Olsc
Bump the dependencies group across 1 directory with 6 updates

shieldblaze/ExpressGateway #199

4.2.10.Final → 4.2.11.Final Patch PR
Closed 3 months ago 1 comment
shieldblaze
Bump the netty group with 11 updates

IBM/ibm-cos-sdk-java-v2 #39

4.2.9.Final → 4.2.10.Final Patch PR
Closed 3 months ago 1 comment
IBM
Bump the bpm-minor-patch group in /forms-flow-bpm with 30 updates

AOT-Technologies/forms-flow-ai #3206

4.2.4.Final → 4.2.10.Final Patch PR
Open 3 months ago 3 comments
AOT-Technologies
Bump the all-deps group with 10 updates

navikt/arbeidsgiver-mock-enhetsregisteret #4

4.2.9.Final → 4.2.10.Final Patch PR
Open 4 months ago 1 comment
navikt
Bump the dependencies group across 1 directory with 7 updates

Olsc/DroidGit #17

4.2.9.Final → 4.2.10.Final Patch PR
Open 4 months ago 1 comment
Olsc
Bump the gradle-updates group across 1 directory with 9 updates

ministryofjustice/laa-claim-for-payment #106

4.2.7.Final → 4.2.10.Final Patch PR
Closed 4 months ago 1 comment
ministryofjustice
chore(deps): bump the low-risk group across 1 directory with 24 updates

Ensono/stacks-java-cqrs #825

4.2.3.Final → 4.2.10.Final Patch PR
Open 4 months ago 2 comments
Ensono
Bump the dependencies group across 1 directory with 5 updates

Olsc/DroidGit #14

4.2.9.Final → 4.2.10.Final Patch PR
Closed 4 months ago 2 comments
Olsc
Bump the minor-and-patch group across 1 directory with 4 updates

godaddy/asherah #1630

4.2.9.Final → 4.2.10.Final Patch PR
Closed 4 months ago 2 comments
godaddy
build(deps): bump the dependencies group across 1 directory with 31 updates

jooby-project/jooby #3850

4.2.9.Final → 4.2.10.Final Patch PR
Closed 4 months ago 1 comment
jooby-project
Bump io.netty:netty-codec-http2 from 4.2.9.Final to 4.2.10.Final in /app

rtiangha/AdblockAndroid #56

4.2.9.Final → 4.2.10.Final Patch PR
Closed 4 months ago 1 comment
rtiangha
build(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java #1545

4.2.3.Final → 4.2.9.Final Patch PR
Closed 5 months ago 1 comment
Ensono
Bump the minor-and-patch group across 1 directory with 20 updates

navikt/isaktivitetskrav #351

4.2.8.Final → 4.2.9.Final Patch PR
Closed 5 months ago 1 comment
navikt
chore(deps): bump the low-risk group across 1 directory with 24 updates

Ensono/stacks-java-cqrs #807

4.2.3.Final → 4.2.9.Final Patch PR
Open 5 months ago 7 comments
Ensono
build(deps): bump the low-risk group across 1 directory with 23 updates

Ensono/stacks-java #1540

4.2.3.Final → 4.2.9.Final Patch PR
Closed 5 months ago 3 comments
Ensono
build(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java #1537

4.2.3.Final → 4.2.9.Final Patch PR
Open 6 months ago 3 comments
Ensono
Bump io.netty:netty-codec-http2 from 4.2.8.Final to 4.2.9.Final

rtiangha/AdblockAndroid #33

4.2.8.Final → 4.2.9.Final Patch PR
Closed 6 months ago 1 comment
rtiangha
build(deps): bump the low-risk group across 1 directory with 33 updates

Ensono/stacks-java #1534

4.2.3.Final → 4.2.8.Final Patch PR
Closed 6 months ago 1 comment
Ensono
Bump the gradle-updates group across 1 directory with 8 updates

ministryofjustice/laa-claim-for-payment #82

4.2.7.Final → 4.2.8.Final Patch PR
Closed 6 months ago 1 comment
ministryofjustice
Package Details
Name: io.netty:netty-codec-http2
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/io.netty:netty-codec-http2
JSON API: View JSON
Security Advisories

9

Active advisories
HIGH 4
MODERATE 5
View All maven Advisories
Package Information
Description:

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

Repository: https://github.com/netty/netty
Homepage: http://netty.io/
Latest Release: 4.2.2.Final
about 1 year ago
Dependent Repos: 1,457
Dependent Packages: 556
Ranking: Top 0.3036% by dependent repos Top 0.1773% by dependent pkgs
PR Status
Open 103 (46.4%)
Merged 31 (14.0%)
Closed 81 (36.5%)
PR Types
Major 1 (0.5%)
Minor 47 (21.2%)
Patch 167 (75.2%)