If you think the bug you found is likely to make Netty-based applications vulnerable to an attack, please do not use our public issue tracker but report it privately at the 'Security' tab of the affected repository, as explained here.
This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us 90 days to remediate the vulnerability before public disclosure.
We maintain the most recent minor version of our artifacts for each supported major version. Please note this includes neither pre-releases nor the major versions that reached their end-of-life.
As of May 2023, the following Netty versions receive the security updates:
- 4.1
The following Netty versions have reached their end-of-life, and thus no security updates will be provided:
- 3.x
- 4.0
Please keep in mind that the above list may be out-of-date and contact the Netty team to ensure the version you're using is covered.