Upgrade to Netty 4.1.42.Final

[wilkinsona]

No description provided.

[dreis2211]

May I ask why the upgrade was done although reactor/reactor-netty#844 is not resolved yet? Afaik it blocked earlier upgrades.

[wilkinsona]

Of course. The recently announced vulnerability in Netty's HTTP codec caused us to re-evaluate things. Given a choice between UDP client problems and an HTTP server vulnerability, we decided that the former was less bad than the latter. Things are less clear-cut in the 2.1.x line as there's also a connection pooling problem with Reactor Netty 0.8.x and recent Netty 4.1.x releases. Our hope is that these will be addressed in Reactor Netty in time for our 2.1.10 release.

/cc @smaldini @violetagg

[violetagg]

Reactor Netty releases 0.8.13, 0.9.1 are scheduled for Monday 28.10
In the snapshots we've already updated Netty to the latest released version (4.1.42.Final)

[snicoll]

@violetagg for the record 4.1.43.Final was released yesterday.

[violetagg]

thanks - both 0.8.13 and 0.9.1 snapshots are updated to Netty 4.1.43.Final