A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.
Use HTTP/2 instead (clear boundaries between requests)
Disable reuse of backend connections eg.
http-reuse never
in HAProxy or whatever equivalent LB settings