#28907 Update dependency io.netty to 4.1.127.Final CVE-2025-55163, CVE-2025-58057, CVE-2025-58056

Enhancement

Major

#28753

Detail dialog for editing composition tables in forms

#28760

Extension of JMS to include an automatic reconnect

#28891

TL script: with() function

Detail

#28568

Hiding fieldsets

#28752

OpenID: Configuration of `scope` and `acr_values` via config variables

#28975

MigrationProcessor to convert a Flex attribute into a row attribute

Bugfix

Detail

#28346

Too many close buttons in dialog button bar

#28600

Popup select input fields moved to tables

#28616

Use of GotoHandler for component display in PostCreateActions

#28647

Invalid solution for "Core theme: Theme "comfort/compact" reduces all charts"

#28711

Inappropriate layout in views Group rights and user rights

#28730

Apply button of a grid is displayed incorrectly in a button row

#28731

GridComponent refuses to "accept" if NoTokenHandling is active

#28732

GridComponent: The "rows" channel is not filled or is filled too late

#28733

XML import: The field with the XML data must be mandatory

#28740

"Attribute with replacement value" does not work with I18N in edit mode

#28744

Literal ResKey cannot be decoded if it has literal ResKeys as arguments

#28757

Substitute value in transient objects is not displayed

#28758

Browser back button can lead to IndexOutOfBoundsException

#28759

Incorrect form object in "User-defined transaction"

#28761

TL script: loadFromSession() can return deleted objects

#28834

Error when restoring form changes to transient objects with calculated attributes

#28847

Error during object creation in GridComponent if new object is no longer displayed

#28851

Incorrect fallback for attribute with current-only storage

#28876

No automatic re-login when using OpenID-Auto-Login

#28877

TL script: Missing normalization when reading from the personal configuration

#28878

Sidebar toggle button disappears behind some elements

#28881

Components with collection models do not react to deletion and modification

#28887

Context menu on multi-selection can become nonsensically wide.

#28888

tl_pac_secret is displayed in the environment variables

#28889

In a deployed system, the pop-up for the sidebar is not displayed

#28890

Binary value: Accepted file types does not work for custom extensions

#28896

NPE in GuiEngine.java for deleted persons and historical view

#28912

Component inspector display defective

#28914

TL-Script-Help: Scrollbar on wrong level

#28926

Poor separator when exporting contacts and accounts to Excel

#28929

No value for hidden attributes with default value

#28935

TL-Script: Function as the result of an attribute in the model cannot access variables from its context

#28940

Error in default for IBMMQ reconnect timeout

#28944

No label for fields in editable dynamic columns

#28952

Attribute with replacement value is incorrectly adopted by TL script function Copy

#28969

Non-collapsible fieldsets can be closed by clicking on the header

update

Critical

#28763

Update dependency org.eclipse.angus:angus-mail to v2.0.4 CVE-2025-7962

#28764

Update dependency org.bouncycastle:bcpkix-jdk18on to v1.79 CVE-2025-8916

Detail

#28907

Update dependency io.netty to 4.1.127.Final CVE-2025-55163, CVE-2025-58057, CVE-2025-58056

update

Detail

#28907

Update dependency io.netty to 4.1.127.Final CVE-2025-55163, CVE-2025-58057, CVE-2025-58056

SecurityIssue Update

io.netty is integrated transitively via org.apache.activemq:artemis-jakarta-client and is unfortunately not updated very often. Even in the latest version of artemis-jakarta-client, the security gaps mentioned in the title are not closed or the corresponding Netty version is not included.

Therefore, the corresponding dependencies in the pom.xml are overwritten. This allows Renovate-Bot to keep the Netty packages up-to-date in the future.