https://bugzilla.redhat.com/show_bug.cgi?id=1798509
--- Doc Text *updated* by Jonathan Christison jochrist@redhat.com --- It was found Netty before 4.1.44 was found to accept multiple `Content-Length` headers and also accepted `Transfer-Encoding` as well as `Content-Length` headers where it should reject the message under such circumstances.
In circumstances where Netty is used in the context of a server it could result in a viable http smuggling vulnerability.