build(deps): bump io.netty:netty-bom from 4.2.10.Final to 4.2.11.Final

[dependabot]

Bumps io.netty:netty-bom from 4.2.10.Final to 4.2.11.Final.

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.11.Final

Security

• CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service
• CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

What's Changed

• Update to latest JDK 26 EA release by @​normanmaurer in netty/netty#16230
• HTTP3: Allow to support non-standard HTTP3 settings by @​normanmaurer in netty/netty#16171
• Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by @​adwsingh in netty/netty#16245
• Allocate one large segment and slice for each MsgHdrMemory by @​dreamlike-ocean in netty/netty#16234
• Make RefCntOpenSslContext.deallocate more robust by @​chrisvest in netty/netty#16253
• Epoll: Fix excessive CPU usage when Channel is only registered but no… by @​normanmaurer in netty/netty#16250
• Update to gcc for arm 10.3-2021.07 by @​m1ngyuan in netty/netty#16255
• Add acmeIdentifier extension support to pkitesting by @​chrisvest in netty/netty#16256
• Update JDK versions to latest patch releases by @​m1ngyuan in netty/netty#16254
• Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by @​doom369 in netty/netty#16241
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16269
• Revert "Automatic backporting workflow from 4.1 to 4.2" by @​chrisvest in netty/netty#16270
• HTTP2: Correctly account for padding when decompress by @​normanmaurer in netty/netty#16264
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16271
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16273
• Backport PRs must be created with personal access tokens by @​chrisvest in netty/netty#16276
• Expose QuicSslContextBuilder::sni by @​ZeroErrors in netty/netty#16178
• Add more porting workflows by @​chrisvest in netty/netty#16275
• Add more porting workflows by @​chrisvest in netty/netty#16283
• Remove the unpooled allocator from test permutations by @​chrisvest in netty/netty#16282
• Some polishing of the porting workflows by @​chrisvest in netty/netty#16288
• Allow to set destination connection id when creating a client side QuicheChannel by @​normanmaurer in netty/netty#16286
• Update to latest JDK26 EA build by @​normanmaurer in netty/netty#16295
• Add javadoc to clarify responsibility of the user when generating the remote connection id by @​normanmaurer in netty/netty#16293
• Make the build run faster by @​chrisvest in netty/netty#16290
• Fix IDE warnings in SslHandler by @​doom369 in netty/netty#16237
• Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by @​doom369 in netty/netty#16242
• Support boringssl SSLCredential API by @​jmcrawford45 in netty/netty#15919
• Fix high-order bit aliasing in HttpUtil.validateToken by @​furkanvarol in netty/netty#16279
• Improve multi-byte access performance when UNALIGNED availability is unknown by @​Songdoeon in netty/netty#16207
• Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by @​doom369 in netty/netty#16278
• Support more branch freedom for auto-porting by @​chrisvest in netty/netty#16300
• fix: the precedence of + is higher than >> by @​cuiweixie in netty/netty#16312
• AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by @​laosijikaichele in netty/netty#16309
• Fix flaky PooledByteBufAllocatorTest by @​chrisvest in netty/netty#16313
• Fix pooled arena accounting tests by @​chrisvest in netty/netty#16321
• Fix RunInFastThreadLocalThreadExtension by @​chrisvest in netty/netty#16314
• AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed by @​laosijikaichele in netty/netty#16327
• Recycler should not use thread locals unless they get cleaned up by @​chrisvest in netty/netty#16315
• OpenSSL: Don't leak OpenSslKeyManagerProvider on exception by @​normanmaurer in netty/netty#16337
• IoUring: Only complete deregistration promise once we received all co… by @​normanmaurer in netty/netty#16330
• Mark LoggingHandlerTest with @​Isolated to fix flaky build by @​normanmaurer in netty/netty#16338
• Fix flaky HTTP/2 test by @​chrisvest in netty/netty#16342

... (truncated)

Commits

• c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
• 3b76df1 Merge commit from fork
• aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
• 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
• a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
• 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
• 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
• 8f744ec Replace ClosedChannelException with StacklessClosedChannelException (#16506)
• 4d7b70d Fix docker image for cross-compiling (#16522)
• cfd0d9a Epoll / IoUring: setTcpMg5Sig(...) might overflow (#16511)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.90%. Comparing base (a51a0e0) to head (b293a9d).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #370   +/-   ##
=======================================
  Coverage   87.90%   87.90%           
=======================================
  Files          20       20           
  Lines        1397     1397           
  Branches      241      241           
=======================================
  Hits         1228     1228           
  Misses         81       81           
  Partials       88       88           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.