Bump io.netty:netty-bom from 4.2.10.Final to 4.2.12.Final

[dependabot]

Bumps io.netty:netty-bom from 4.2.10.Final to 4.2.12.Final.

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.12.Final

What's Changed

• Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by @​chrisvest in netty/netty#16550

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

• CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service
• CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

What's Changed

• Update to latest JDK 26 EA release by @​normanmaurer in netty/netty#16230
• HTTP3: Allow to support non-standard HTTP3 settings by @​normanmaurer in netty/netty#16171
• Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by @​adwsingh in netty/netty#16245
• Allocate one large segment and slice for each MsgHdrMemory by @​dreamlike-ocean in netty/netty#16234
• Make RefCntOpenSslContext.deallocate more robust by @​chrisvest in netty/netty#16253
• Epoll: Fix excessive CPU usage when Channel is only registered but no… by @​normanmaurer in netty/netty#16250
• Update to gcc for arm 10.3-2021.07 by @​m1ngyuan in netty/netty#16255
• Add acmeIdentifier extension support to pkitesting by @​chrisvest in netty/netty#16256
• Update JDK versions to latest patch releases by @​m1ngyuan in netty/netty#16254
• Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by @​doom369 in netty/netty#16241
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16269
• Revert "Automatic backporting workflow from 4.1 to 4.2" by @​chrisvest in netty/netty#16270
• HTTP2: Correctly account for padding when decompress by @​normanmaurer in netty/netty#16264
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16271
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16273
• Backport PRs must be created with personal access tokens by @​chrisvest in netty/netty#16276
• Expose QuicSslContextBuilder::sni by @​ZeroErrors in netty/netty#16178
• Add more porting workflows by @​chrisvest in netty/netty#16275
• Add more porting workflows by @​chrisvest in netty/netty#16283
• Remove the unpooled allocator from test permutations by @​chrisvest in netty/netty#16282
• Some polishing of the porting workflows by @​chrisvest in netty/netty#16288
• Allow to set destination connection id when creating a client side QuicheChannel by @​normanmaurer in netty/netty#16286
• Update to latest JDK26 EA build by @​normanmaurer in netty/netty#16295
• Add javadoc to clarify responsibility of the user when generating the remote connection id by @​normanmaurer in netty/netty#16293
• Make the build run faster by @​chrisvest in netty/netty#16290
• Fix IDE warnings in SslHandler by @​doom369 in netty/netty#16237
• Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by @​doom369 in netty/netty#16242
• Support boringssl SSLCredential API by @​jmcrawford45 in netty/netty#15919
• Fix high-order bit aliasing in HttpUtil.validateToken by @​furkanvarol in netty/netty#16279
• Improve multi-byte access performance when UNALIGNED availability is unknown by @​Songdoeon in netty/netty#16207
• Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by @​doom369 in netty/netty#16278
• Support more branch freedom for auto-porting by @​chrisvest in netty/netty#16300
• fix: the precedence of + is higher than >> by @​cuiweixie in netty/netty#16312
• AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by @​laosijikaichele in netty/netty#16309
• Fix flaky PooledByteBufAllocatorTest by @​chrisvest in netty/netty#16313
• Fix pooled arena accounting tests by @​chrisvest in netty/netty#16321

... (truncated)

Commits

• 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
• 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
• c3b0a43 [maven-release-plugin] prepare for next development iteration
• c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
• 3b76df1 Merge commit from fork
• aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
• 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
• a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
• 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
• 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.