You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new ChunksPart in Jetty 12 has a list of chunks whose buffer are released back into the pool when the Part is closed. If the part is used after it is closed it will have a content source returned from newContentSource() which will be accessing buffers which are back in the pool.
Although the part should not be accessed out of scope, we should protect against this as we don't want a bad application to read from buffers which do not belong to them.
For jetty-core we can obtain a chunk from the request and do the same thing. But I think we should at least protect against this in the EE layers.
The text was updated successfully, but these errors were encountered:
… into jetty-12.0.x-old-docs-remove-logging-sections
* 'jetty-12.0.x' of https://github.com/eclipse/jetty.project:
Rename process to handle (jetty#9385)
Bump maven-deploy-plugin from 3.0.0 to 3.1.0
Bump asciidoctorj-diagram from 2.2.3 to 2.2.4
Bump jakarta.servlet.jsp-api from 3.0.0 to 3.1.1
Bump maven-invoker-plugin from 3.4.0 to 3.5.0
Bump maven.surefire.plugin.version from 3.0.0-M8 to 3.0.0-M9
Bump maven-javadoc-plugin from 3.4.1 to 3.5.0
Bump tycho-p2-repository-plugin from 3.0.1 to 3.0.2
Bump maven.version from 3.8.7 to 3.9.0
Remove jetty-ant (jetty#9382)
Added inceptionDates.csv
Issue jetty#9336 - remember ContentSources to fail from ChunksPart
The new
ChunksPart
in Jetty 12 has a list of chunks whose buffer are released back into the pool when thePart
is closed. If the part is used after it is closed it will have a content source returned fromnewContentSource()
which will be accessing buffers which are back in the pool.Although the part should not be accessed out of scope, we should protect against this as we don't want a bad application to read from buffers which do not belong to them.
For jetty-core we can obtain a chunk from the request and do the same thing. But I think we should at least protect against this in the EE layers.
The text was updated successfully, but these errors were encountered: