Releases: jetty/jetty.project
Releases · jetty/jetty.project
10.0.6
Changelog
- This release resolves CVE-2021-34429
- #6473 - Improve alias checking in PathResource
- #6468 - Revert logic in Request.setMetaData & clear emptySegment on HttpUri.clear()
- #6464 - Wrong files/lib definitions in certain *-capture.mod files?
- #6447 - Deprecate support for UTF16 encoding in URIs
- #6426 - Update to spifly 1.3.3
- #6425 - Update to asm 9.1
- #6418 - Bad and/or missing Require-Capability for osgi.serviceloader
- #6410 - Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
- #6407 - Malformed scheme logical expression check in WebSocket ClientUpgradeRequest
- #6394 - Review osgi manifests within Jetty 10
- #6376 - Cleanups for SslClientCertAuthenticator.
- #6375 - Always check XML
Setelements withpropertyattribute - #6353 - Rename EWYK The AdaptiveExecutionStrategy
11.0.5
Changelog
- #6392 - Review accidental xml config changes
- #6379 - Reduce contention in all
ByteBufferPoolimplementations - #6354 - org.slfj dependency imports packages at 2.0
- #6329 - Regression on graceful shutdown default in Jetty 10
- #6302 - Treat empty path segments are ambiguous.
- #4772 - Jetty WebSocket API onMessage annotation does not support partial messages.
10.0.5
Changelog
- #6392 - Review accidental xml config changes
- #6379 - Reduce contention in all
ByteBufferPoolimplementations - #6354 - org.slfj dependency imports packages at 2.0
- #6329 - Regression on graceful shutdown default in Jetty 10
- #6302 - Treat empty path segments are ambiguous.
- #4772 - Jetty WebSocket API onMessage annotation does not support partial messages.
9.4.42.v20210604
Changelog
- #6342 - Explain EatWhatYouKill naming
- #6330 - CustomRequestLog is missing HTTP version format option
- #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
- #6308 - Ensure buffers are returned to pool by MessageInputStream
- #6287 - Class loading broken for WebSocketClient used inside webapp
- #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
- #6276 - Support non-standard domains in SNI and X509
- #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
- #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
- #5931 - SslConnection should implement getBytesIn()/getBytesOut()
11.0.4
Special Thanks to the following Eclipse Jetty community members
- @tjwatson (Thomas Watson)
Changelog
- #6354 - org.slfj dependency imports packages at 2.0 (@tjwatson)
- #6347 - session-store-gcloud module broken logging dependency
- #6330 - CustomRequestLog is missing HTTP version format option
- #6305 - Optimise
ContextHandler.isProtectedTarget - #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
- #6276 - Support non-standard domains in SNI and X509
- #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
- #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
- #6114 - Jetty Deploy scan / symlink behavior is broken
- #6112 - Jetty logging service file leaking to web applications
10.0.4
Special Thanks to the following Eclipse Jetty community members
- @tjwatson (Thomas Watson)
Changelog
- #6354 - org.slfj dependency imports packages at 2.0 (@tjwatson)
- #6347 - session-store-gcloud module broken logging dependency
- #6330 - CustomRequestLog is missing HTTP version format option
- #6305 - Optimise
ContextHandler.isProtectedTarget - #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
- #6276 - Support non-standard domains in SNI and X509
- #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
- #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
- #6114 - Jetty Deploy scan / symlink behavior is broken
- #6112 - Jetty logging service file leaking to web applications
11.0.3
Changelog
- This release resolves CVE-2021-28169 and CVE-2021-34428
- #3764 DeprecationWarning Decorator
- #5684 Review disabled tests
- #5798 jetty-runner startup error with jetty-10
- #5817 Provide more filtering for CustomRequestLog
- #6049 Default provider [files] section always executed
- #6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
- #6098 jetty-cdi is missing from jetty-bom
- #6099 Cipher preference may break SNI if certificates have different key types
- #6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
- #6106 WebSocket/CDI integration is broken in Jetty 10
- #6125 Do not allow override of jakarta.* container classes by webapps per Servlet 5.0 Section 15.2.1
- #6132 Ambiguous segment in URI in DELETE /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from 10.0.0 to 10.0.2
- #6153 jetty-maven-plugin does not correctly pass JVM arguments for external deployMode
- #6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname.
- #6166 WebSocket MessageInputStream.read() spends a lot of time in ByteBuffer.compact()
- #6205 OpenIdAuthenticator may use incorrect redirect
- #6208 HTTP/2 max local stream count exceeded
- #6224 make jetty-jspc-maven-plugin
@threadsafe - #6227 Better resolve race between
AsyncListener.onTimeoutandAsyncContext.dispatch - #6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
- #6250 Lazily allocate HTTP2Stream data queue
- #6251 Use CyclicTimeout for HTTP2Streams
- #6254 Total timeout not enforced for queued requests
- #6263 Review URI encoding in ConcatServlet & WelcomeFilter
- #6277 Better handle exceptions thrown from session destroy listener
- #6280 Copy ServletHolder class/instance properly during startWebapp
- #6287 Class loading broken for WebSocketClient used inside webapp
10.0.3
Changelog
- This release resolves CVE-2021-28169 and CVE-2021-34428
- #3764 DeprecationWarning Decorator
- #5684 Review disabled tests
- #5798 jetty-runner startup error with jetty-10
- #5817 Provide more filtering for CustomRequestLog
- #6049 Default provider [files] section always executed
- #6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
- #6098 jetty-cdi is missing from jetty-bom
- #6099 Cipher preference may break SNI if certificates have different key types
- #6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
- #6106 WebSocket/CDI integration is broken in Jetty 10
- #6132 Ambiguous segment in URI in DELETE /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from 10.0.0 to 10.0.2
- #6153 jetty-maven-plugin does not correctly pass JVM arguments for external deployMode
- #6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname.
- #6166 WebSocket MessageInputStream.read() spends a lot of time in ByteBuffer.compact()
- #6205 OpenIdAuthenticator may use incorrect redirect
- #6208 HTTP/2 max local stream count exceeded
- #6224 make jetty-jspc-maven-plugin
@threadsafe - #6227 Better resolve race between
AsyncListener.onTimeoutandAsyncContext.dispatch - #6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
- #6250 Lazily allocate HTTP2Stream data queue
- #6251 Use CyclicTimeout for HTTP2Streams
- #6254 Total timeout not enforced for queued requests
- #6263 Review URI encoding in ConcatServlet & WelcomeFilter
- #6277 Better handle exceptions thrown from session destroy listener
- #6280 Copy ServletHolder class/instance properly during startWebapp
- #6287 Class loading broken for WebSocketClient used inside webapp
9.4.41.v20210516
Changelog
- This release resolves CVE-2021-28169 and CVE-2021-34428
- #6099 Cipher preference may break SNI if certificates have different key types
- #6186 Add Null Protection on Log / Logger
- #6205 OpenIdAuthenticator may use incorrect redirect
- #6208 HTTP/2 max local stream count exceeded
- #6227 Better resolve race between
AsyncListener.onTimeoutandAsyncContext.dispatch - #6254 Total timeout not enforced for queued requests
- #6263 Review URI encoding in ConcatServlet & WelcomeFilter
- #6277 Better handle exceptions thrown from session destroy listener
- #6280 Copy ServletHolder class/instance properly during startWebapp