diff --git a/CVE-2021-43797-pre.patch b/CVE-2021-43797-pre.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d18e213d3092085bd84795e05de0532b5e3948a8
--- /dev/null
+++ b/CVE-2021-43797-pre.patch
@@ -0,0 +1,231 @@
+From 74187ebf123de466cb31270213b2464267a1cfd4 Mon Sep 17 00:00:00 2001
+From: Norman Maurer <norman_maurer@apple.com>
+Date: Wed, 26 Feb 2020 09:49:39 +0100
+Subject: [PATCH 1/1] More strict parsing of initial line / http headers
+ (#10058)
+
+Motivation:
+
+Our parsing of the initial line / http headers did treat some characters as separators which should better trigger an exception during parsing.
+
+Modifications:
+
+- Tighten up parsing of the inital line by follow recommentation of RFC7230
+- Restrict separators to OWS for http headers
+- Add unit test
+
+Result:
+
+Stricter parsing of HTTP1
+---
+ .../handler/codec/http/HttpObjectDecoder.java | 63 ++++++++++++++-----
+ .../codec/http/HttpRequestDecoderTest.java    | 25 +++++++-
+ .../codec/http/HttpResponseDecoderTest.java   |  2 +-
+ .../util/internal/AppendableCharSequence.java |  7 +++
+ 4 files changed, 80 insertions(+), 17 deletions(-)
+
+diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java b/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
+index 82b0c36..b4de681 100644
+--- a/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
++++ b/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
+@@ -773,13 +773,13 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         int cStart;
+         int cEnd;
+ 
+-        aStart = findNonWhitespace(sb, 0);
+-        aEnd = findWhitespace(sb, aStart);
++        aStart = findNonSPLenient(sb, 0);
++        aEnd = findSPLenient(sb, aStart);
+ 
+-        bStart = findNonWhitespace(sb, aEnd);
+-        bEnd = findWhitespace(sb, bStart);
++        bStart = findNonSPLenient(sb, aEnd);
++        bEnd = findSPLenient(sb, bStart);
+ 
+-        cStart = findNonWhitespace(sb, bEnd);
++        cStart = findNonSPLenient(sb, bEnd);
+         cEnd = findEndOfString(sb);
+ 
+         return new String[] {
+@@ -796,7 +796,7 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         int valueStart;
+         int valueEnd;
+ 
+-        nameStart = findNonWhitespace(sb, 0);
++	nameStart = findNonWhitespace(sb, 0, false);
+         for (nameEnd = nameStart; nameEnd < length; nameEnd ++) {
+             char ch = sb.charAt(nameEnd);
+             // https://tools.ietf.org/html/rfc7230#section-3.2.4
+@@ -813,7 +813,7 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+                     // is done in the DefaultHttpHeaders implementation.
+                     //
+                     // In the case of decoding a response we will "skip" the whitespace.
+-                    (!isDecodingRequest() && Character.isWhitespace(ch))) {
++                    (!isDecodingRequest() && isOWS(ch))) {
+                 break;
+             }
+         }
+@@ -831,7 +831,7 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         }
+ 
+         name = sb.subStringUnsafe(nameStart, nameEnd);
+-        valueStart = findNonWhitespace(sb, colonEnd);
++        valueStart = findNonWhitespace(sb, colonEnd, true);
+         if (valueStart == length) {
+             value = EMPTY_VALUE;
+         } else {
+@@ -840,19 +840,45 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         }
+     }
+ 
+-    private static int findNonWhitespace(AppendableCharSequence sb, int offset) {
++    private static int findNonSPLenient(AppendableCharSequence sb, int offset) {
+         for (int result = offset; result < sb.length(); ++result) {
+-            if (!Character.isWhitespace(sb.charAtUnsafe(result))) {
++            char c = sb.charAtUnsafe(result);
++            // See https://tools.ietf.org/html/rfc7230#section-3.5
++            if (isSPLenient(c)) {
++                continue;
++            }
++            if (Character.isWhitespace(c)) {
++                // Any other whitespace delimiter is invalid
++                throw new IllegalArgumentException("Invalid separator");
++            }
++            return result;
++        }
++        return sb.length();
++    }
++
++    private static int findSPLenient(AppendableCharSequence sb, int offset) {
++        for (int result = offset; result < sb.length(); ++result) {
++            if (isSPLenient(sb.charAtUnsafe(result))) {
+                 return result;
+             }
+         }
+         return sb.length();
+     }
+ 
+-    private static int findWhitespace(AppendableCharSequence sb, int offset) {
++    private static boolean isSPLenient(char c) {
++        // See https://tools.ietf.org/html/rfc7230#section-3.5
++        return c == ' ' || c == (char) 0x09 || c == (char) 0x0B || c == (char) 0x0C || c == (char) 0x0D;
++    }
++
++    private static int findNonWhitespace(AppendableCharSequence sb, int offset, boolean validateOWS) {
+         for (int result = offset; result < sb.length(); ++result) {
+-            if (Character.isWhitespace(sb.charAtUnsafe(result))) {
++            char c = sb.charAtUnsafe(result);
++            if (!Character.isWhitespace(c)) {
+                 return result;
++            } else if (validateOWS && !isOWS(c)) {
++                // Only OWS is supported for whitespace
++                throw new IllegalArgumentException("Invalid separator, only a single space or horizontal tab allowed," +
++                        " but received a '" + c + "'");
+             }
+         }
+         return sb.length();
+@@ -867,6 +893,10 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         return 0;
+     }
+ 
++    private static boolean isOWS(char ch) {
++        return ch == ' ' || ch == (char) 0x09;
++    }
++
+     private static class HeaderParser implements ByteProcessor {
+         private final AppendableCharSequence seq;
+         private final int maxLength;
+@@ -896,10 +926,13 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         @Override
+         public boolean process(byte value) throws Exception {
+             char nextByte = (char) (value & 0xFF);
+-            if (nextByte == HttpConstants.CR) {
+-                return true;
+-            }
+             if (nextByte == HttpConstants.LF) {
++                int len = seq.length();
++                // Drop CR if we had a CRLF pair
++                if (len >= 1 && seq.charAtUnsafe(len - 1) == HttpConstants.CR) {
++                    -- size;
++                    seq.setLength(len - 1);
++                }
+                 return false;
+             }
+ 
+diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
+index 000bd0c..902b379 100644
+--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
++++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
+@@ -373,6 +373,30 @@ public class HttpRequestDecoderTest {
+         testInvalidHeaders0(requestStr);
+     }
+ 
++    @Test
++    public void testContentLengthAndTransferEncodingHeadersWithVerticalTab() {
++        testContentLengthAndTransferEncodingHeadersWithInvalidSeparator((char) 0x0b, false);
++        testContentLengthAndTransferEncodingHeadersWithInvalidSeparator((char) 0x0b, true);
++    }
++
++    @Test
++    public void testContentLengthAndTransferEncodingHeadersWithCR() {
++        testContentLengthAndTransferEncodingHeadersWithInvalidSeparator((char) 0x0d, false);
++        testContentLengthAndTransferEncodingHeadersWithInvalidSeparator((char) 0x0d, true);
++    }
++
++    private static void testContentLengthAndTransferEncodingHeadersWithInvalidSeparator(
++            char separator, boolean extraLine) {
++        String requestStr = "POST / HTTP/1.1\r\n" +
++                "Host: example.com\r\n" +
++                "Connection: close\r\n" +
++                "Content-Length: 9\r\n" +
++                "Transfer-Encoding:" + separator + "chunked\r\n\r\n" +
++                (extraLine ? "0\r\n\r\n" : "") +
++                "something\r\n\r\n";
++        testInvalidHeaders0(requestStr);
++    }
++
+     @Test
+     public void testContentLengthHeaderAndChunked() {
+         String requestStr = "POST / HTTP/1.1\r\n" +
+@@ -381,7 +405,6 @@ public class HttpRequestDecoderTest {
+                 "Content-Length: 5\r\n" +
+                 "Transfer-Encoding: chunked\r\n\r\n" +
+                 "0\r\n\r\n";
+-
+         EmbeddedChannel channel = new EmbeddedChannel(new HttpRequestDecoder());
+         assertTrue(channel.writeInbound(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII)));
+         HttpRequest request = channel.readInbound();
+diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
+index d67b3ad..66cefc9 100644
+--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
++++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
+@@ -50,7 +50,7 @@ public class HttpResponseDecoderTest {
+         final int maxHeaderSize = 8192;
+ 
+         final EmbeddedChannel ch = new EmbeddedChannel(new HttpResponseDecoder(4096, maxHeaderSize, 8192));
+-        final char[] bytes = new char[maxHeaderSize / 2 - 2];
++        final char[] bytes = new char[maxHeaderSize / 2 - 4];
+         Arrays.fill(bytes, 'a');
+ 
+         ch.writeInbound(Unpooled.copiedBuffer("HTTP/1.1 200 OK\r\n", CharsetUtil.US_ASCII));
+diff --git a/common/src/main/java/io/netty/util/internal/AppendableCharSequence.java b/common/src/main/java/io/netty/util/internal/AppendableCharSequence.java
+index 408c32f..bf1eee5 100644
+--- a/common/src/main/java/io/netty/util/internal/AppendableCharSequence.java
++++ b/common/src/main/java/io/netty/util/internal/AppendableCharSequence.java
+@@ -37,6 +37,13 @@ public final class AppendableCharSequence implements CharSequence, Appendable {
+         pos = chars.length;
+     }
+ 
++    public void setLength(int length) {
++        if (length < 0 || length > pos) {
++            throw new IllegalArgumentException("length: " + length + " (length: >= 0, <= " + pos + ')');
++        }
++        this.pos = length;
++    }
++
+     @Override
+     public int length() {
+         return pos;
+-- 
+2.27.0
+
diff --git a/CVE-2021-43797.patch b/CVE-2021-43797.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1fbaf5e359dc6a35f2089f6abddf9eeddebe4250
--- /dev/null
+++ b/CVE-2021-43797.patch
@@ -0,0 +1,312 @@
+From 2d941652f20135719b9ae5f4a373328ce5379970 Mon Sep 17 00:00:00 2001
+From: Norman Maurer <norman_maurer@apple.com>
+Date: Thu, 9 Dec 2021 14:49:43 +0100
+Subject: [PATCH] Merge pull request from GHSA-wx5j-54mm-rqqq
+
+Motivation:
+
+We should validate that only OWS is allowed before / after a header name and otherwise throw. At the moment we just "strip" everything except OWS.
+
+Modifications:
+
+- Adjust code to correctly validate
+- Add unit tests
+
+Result:
+
+More strict and correct behaviour
+---
+ .../codec/http/DefaultHttpHeaders.java        |  8 ++
+ .../handler/codec/http/HttpObjectDecoder.java |  8 +-
+ .../codec/http/HttpRequestDecoderTest.java    | 87 +++++++++++++++++--
+ .../codec/http/HttpResponseDecoderTest.java   | 78 +++++++++++++++++
+ 4 files changed, 171 insertions(+), 10 deletions(-)
+
+diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java b/codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java
+index d18f196..35dd88e 100644
+--- a/codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java
++++ b/codec-http/src/main/java/io/netty/handler/codec/http/DefaultHttpHeaders.java
+@@ -324,6 +324,10 @@ public class DefaultHttpHeaders extends HttpHeaders {
+ 
+     private static void validateHeaderNameElement(byte value) {
+         switch (value) {
++        case 0x1c:
++        case 0x1d:
++        case 0x1e:
++        case 0x1f:
+         case 0x00:
+         case '\t':
+         case '\n':
+@@ -348,6 +352,10 @@ public class DefaultHttpHeaders extends HttpHeaders {
+ 
+     private static void validateHeaderNameElement(char value) {
+         switch (value) {
++        case 0x1c:
++        case 0x1d:
++        case 0x1e:
++        case 0x1f:
+         case 0x00:
+         case '\t':
+         case '\n':
+diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java b/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
+index b4de681..15e86a5 100644
+--- a/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
++++ b/codec-http/src/main/java/io/netty/handler/codec/http/HttpObjectDecoder.java
+@@ -796,7 +796,7 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         int valueStart;
+         int valueEnd;
+ 
+-	nameStart = findNonWhitespace(sb, 0, false);
++	nameStart = findNonWhitespace(sb, 0);
+         for (nameEnd = nameStart; nameEnd < length; nameEnd ++) {
+             char ch = sb.charAt(nameEnd);
+             // https://tools.ietf.org/html/rfc7230#section-3.2.4
+@@ -831,7 +831,7 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         }
+ 
+         name = sb.subStringUnsafe(nameStart, nameEnd);
+-        valueStart = findNonWhitespace(sb, colonEnd, true);
++        valueStart = findNonWhitespace(sb, colonEnd);
+         if (valueStart == length) {
+             value = EMPTY_VALUE;
+         } else {
+@@ -870,12 +870,12 @@ public abstract class HttpObjectDecoder extends ByteToMessageDecoder {
+         return c == ' ' || c == (char) 0x09 || c == (char) 0x0B || c == (char) 0x0C || c == (char) 0x0D;
+     }
+ 
+-    private static int findNonWhitespace(AppendableCharSequence sb, int offset, boolean validateOWS) {
++    private static int findNonWhitespace(AppendableCharSequence sb, int offset) {
+         for (int result = offset; result < sb.length(); ++result) {
+             char c = sb.charAtUnsafe(result);
+             if (!Character.isWhitespace(c)) {
+                 return result;
+-            } else if (validateOWS && !isOWS(c)) {
++	    } else if (!isOWS(c)) {
+                 // Only OWS is supported for whitespace
+                 throw new IllegalArgumentException("Invalid separator, only a single space or horizontal tab allowed," +
+                         " but received a '" + c + "'");
+diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
+index 902b379..fc7cfb4 100644
+--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
++++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpRequestDecoderTest.java
+@@ -15,6 +15,7 @@
+  */
+ package io.netty.handler.codec.http;
+ 
++import io.netty.buffer.ByteBuf;
+ import io.netty.buffer.Unpooled;
+ import io.netty.channel.embedded.EmbeddedChannel;
+ import io.netty.util.AsciiString;
+@@ -294,6 +295,75 @@ public class HttpRequestDecoderTest {
+         assertFalse(channel.finishAndReleaseAll());
+     }
+ 
++    @Test
++    public void testHeaderNameStartsWithControlChar1c() {
++	 testHeaderNameStartsWithControlChar(0x1c);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1d() {
++	 testHeaderNameStartsWithControlChar(0x1d);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1e() {
++	 testHeaderNameStartsWithControlChar(0x1e);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1f() {
++	 testHeaderNameStartsWithControlChar(0x1f);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar0c() {
++	 testHeaderNameStartsWithControlChar(0x0c);
++    }
++
++    private void testHeaderNameStartsWithControlChar(int controlChar) {
++	 ByteBuf requestBuffer = Unpooled.buffer();
++	 requestBuffer.writeCharSequence("GET /some/path HTTP/1.1\r\n" +
++		 "Host: netty.io\r\n", CharsetUtil.US_ASCII);
++	 requestBuffer.writeByte(controlChar);
++	 requestBuffer.writeCharSequence("Transfer-Encoding: chunked\r\n\r\n", CharsetUtil.US_ASCII);
++	 testInvalidHeaders0(requestBuffer);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1c() {
++	 testHeaderNameEndsWithControlChar(0x1c);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1d() {
++	 testHeaderNameEndsWithControlChar(0x1d);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1e() {
++	 testHeaderNameEndsWithControlChar(0x1e);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1f() {
++	 testHeaderNameEndsWithControlChar(0x1f);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar0c() {
++	 testHeaderNameEndsWithControlChar(0x0c);
++    }
++
++    private void testHeaderNameEndsWithControlChar(int controlChar) {
++	 ByteBuf requestBuffer = Unpooled.buffer();
++	 requestBuffer.writeCharSequence("GET /some/path HTTP/1.1\r\n" +
++		 "Host: netty.io\r\n", CharsetUtil.US_ASCII);
++	 requestBuffer.writeCharSequence("Transfer-Encoding", CharsetUtil.US_ASCII);
++	 requestBuffer.writeByte(controlChar);
++	 requestBuffer.writeCharSequence(": chunked\r\n\r\n", CharsetUtil.US_ASCII);
++	 testInvalidHeaders0(requestBuffer);
++    }
++
+     @Test
+     public void testWhitespace() {
+         String requestStr = "GET /some/path HTTP/1.1\r\n" +
+@@ -303,9 +373,9 @@ public class HttpRequestDecoderTest {
+     }
+ 
+     @Test
+-    public void testWhitespaceBeforeTransferEncoding01() {
++    public void testWhitespaceInTransferEncoding01() {
+         String requestStr = "GET /some/path HTTP/1.1\r\n" +
+-                " Transfer-Encoding : chunked\r\n" +
++                "Transfer-Encoding : chunked\r\n" +
+                 "Content-Length: 1\r\n" +
+                 "Host: netty.io\r\n\r\n" +
+                 "a";
+@@ -313,9 +383,9 @@ public class HttpRequestDecoderTest {
+     }
+ 
+     @Test
+-    public void testWhitespaceBeforeTransferEncoding02() {
++    public void testWhitespaceInTransferEncoding02() {
+         String requestStr = "POST / HTTP/1.1" +
+-                " Transfer-Encoding : chunked\r\n" +
++                "Transfer-Encoding : chunked\r\n" +
+                 "Host: target.com" +
+                 "Content-Length: 65\r\n\r\n" +
+                 "0\r\n\r\n" +
+@@ -412,15 +482,20 @@ public class HttpRequestDecoderTest {
+         assertTrue(request.headers().contains("Transfer-Encoding", "chunked", false));
+         assertFalse(request.headers().contains("Content-Length"));
+         LastHttpContent c = channel.readInbound();
++        c.release();
+         assertFalse(channel.finish());
+     }
+ 
+     private static void testInvalidHeaders0(String requestStr) {
++        testInvalidHeaders0(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII));
++    }
++
++    private static void testInvalidHeaders0(ByteBuf requestBuffer) {
+         EmbeddedChannel channel = new EmbeddedChannel(new HttpRequestDecoder());
+-        assertTrue(channel.writeInbound(Unpooled.copiedBuffer(requestStr, CharsetUtil.US_ASCII)));
++        assertTrue(channel.writeInbound(requestBuffer));
+         HttpRequest request = channel.readInbound();
++        assertThat(request.decoderResult().cause(), instanceOf(IllegalArgumentException.class));
+         assertTrue(request.decoderResult().isFailure());
+-        assertTrue(request.decoderResult().cause() instanceof IllegalArgumentException);
+         assertFalse(channel.finish());
+     }
+ }
+diff --git a/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java b/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
+index 66cefc9..df44293 100644
+--- a/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
++++ b/codec-http/src/test/java/io/netty/handler/codec/http/HttpResponseDecoderTest.java
+@@ -676,4 +676,82 @@ public class HttpResponseDecoderTest {
+         assertEquals("netty.io", response.headers().get(HttpHeaderNames.HOST));
+         assertFalse(channel.finish());
+     }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1c() {
++	 testHeaderNameStartsWithControlChar(0x1c);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1d() {
++	 testHeaderNameStartsWithControlChar(0x1d);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1e() {
++	 testHeaderNameStartsWithControlChar(0x1e);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar1f() {
++	 testHeaderNameStartsWithControlChar(0x1f);
++    }
++
++    @Test
++    public void testHeaderNameStartsWithControlChar0c() {
++	 testHeaderNameStartsWithControlChar(0x0c);
++    }
++
++    private void testHeaderNameStartsWithControlChar(int controlChar) {
++	 ByteBuf responseBuffer = Unpooled.buffer();
++	 responseBuffer.writeCharSequence("HTTP/1.1 200 OK\r\n" +
++		 "Host: netty.io\r\n", CharsetUtil.US_ASCII);
++	 responseBuffer.writeByte(controlChar);
++	 responseBuffer.writeCharSequence("Transfer-Encoding: chunked\r\n\r\n", CharsetUtil.US_ASCII);
++	 testInvalidHeaders0(responseBuffer);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1c() {
++	 testHeaderNameEndsWithControlChar(0x1c);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1d() {
++	 testHeaderNameEndsWithControlChar(0x1d);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1e() {
++	 testHeaderNameEndsWithControlChar(0x1e);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar1f() {
++	 testHeaderNameEndsWithControlChar(0x1f);
++    }
++
++    @Test
++    public void testHeaderNameEndsWithControlChar0c() {
++	 testHeaderNameEndsWithControlChar(0x0c);
++    }
++
++    private void testHeaderNameEndsWithControlChar(int controlChar) {
++	 ByteBuf responseBuffer = Unpooled.buffer();
++	 responseBuffer.writeCharSequence("HTTP/1.1 200 OK\r\n" +
++		 "Host: netty.io\r\n", CharsetUtil.US_ASCII);
++	 responseBuffer.writeCharSequence("Transfer-Encoding", CharsetUtil.US_ASCII);
++	 responseBuffer.writeByte(controlChar);
++	 responseBuffer.writeCharSequence(": chunked\r\n\r\n", CharsetUtil.US_ASCII);
++	 testInvalidHeaders0(responseBuffer);
++    }
++
++    private static void testInvalidHeaders0(ByteBuf responseBuffer) {
++	 EmbeddedChannel channel = new EmbeddedChannel(new HttpResponseDecoder());
++	 assertTrue(channel.writeInbound(responseBuffer));
++	 HttpResponse response = channel.readInbound();
++	 assertThat(response.decoderResult().cause(), instanceOf(IllegalArgumentException.class));
++	 assertTrue(response.decoderResult().isFailure());
++	 assertFalse(channel.finish());
++    }
+ }
+-- 
+2.27.0
+
diff --git a/netty.spec b/netty.spec
index 38ff1deb29ce5774735c1d7db1b95484842d6842..9ba913b7ede691fbe117f1ea0b5e886987fa3424 100644
--- a/netty.spec
+++ b/netty.spec
@@ -2,7 +2,7 @@
 
 Name:             netty
 Version:          4.1.13
-Release:          13
+Release:          14
 Summary:          Asynchronous event-driven network application Java framework
 License:          ASL 2.0
 URL:              https://netty.io/
@@ -26,6 +26,8 @@ Patch0014:        CVE-2021-21295.patch
 Patch0015:        CVE-2021-21409.patch
 Patch0016:        CVE-2021-37136.patch
 Patch0017:        CVE-2021-37137.patch
+Patch0018:        CVE-2021-43797-pre.patch
+Patch0019:        CVE-2021-43797.patch
 
 BuildRequires:    maven-local mvn(ant-contrib:ant-contrib)
 BuildRequires:    mvn(com.jcraft:jzlib) mvn(commons-logging:commons-logging)
@@ -143,6 +145,9 @@ export CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS"
 
 
 %changelog
+* Fri Dec 17 2021 yaoxin <yaoxin30@huawei.com> - 4.1.13-14
+- Fix CVE-2021-43797
+
 * Thu Dec 16 2021 wangkai <wangkai385@huawei.com> - 4.1.13-13
 - This package depends on log4j.After the log4j vulnerability CVE-2021-44228 is fixed,the version needs to be rebuild.