diff --git a/VERSION.txt b/VERSION.txt index 123a851a934d..2e0369f9a2d2 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -31,7 +31,8 @@ jetty-12.0.14 - 30 September 2024 1.3 and long-lived client + 12289 Improve ConcurrentPool concurrency + 12297 Avoid list copy on reverse iteration - + 12303 Use sessionRequest for wrapping HTTP stream instead of original Request (@robbie01) + + 12303 Use sessionRequest for wrapping HTTP stream instead of original + Request (@robbie01) + 12309 `SessionAuthentication._session` is not marked as `transient` jetty-12.0.13 - 03 September 2024 @@ -69,6 +70,23 @@ jetty-12.0.13 - 03 September 2024 + 12207 Jetty Maven Plugin 12.x no longer configures `DefaultHandler` + 12212 ShutdownOutput for non-persistent HTTP/1 connections +jetty-10.0.24 - 26 August 2024 + + 12201 backport ThreadLimitHandler improvements from Jetty 12 + +jetty-11.0.24 - 26 August 2024 + + 12201 backport ThreadLimitHandler improvements from Jetty 12 + +jetty-9.4.56.v20240826 - 26 August 2024 + + 12200 Backport ThreadLimitHandler improvements from Jetty 12 + +jetty-11.0.23 - 13 August 2024 + + 12041 backport tracking retainable pool from Jetty 12 + + 12156 Improvements to HttpConnection when reading 0 bytes + +jetty-10.0.23 - 13 August 2024 + + 12041 backport tracking retainable pool from Jetty 12 + + 12156 Improvements to HttpConnection when reading 0 bytes + jetty-12.0.12 - 25 July 2024 + 265 list-config license enhancement + 10904 jetty.sh reports FAILED too early @@ -104,6 +122,17 @@ jetty-12.0.11 - 27 June 2024 succeeded method + 11944 Jetty Part#delete() implementation throws IOException +jetty-10.0.22 - 27 June 2024 + + 11917 Update XML configure.dtd locations to new jetty.org website + +jetty-11.0.22 - 27 June 2024 + + 11917 Update XML configure.dtd locations to new jetty.org website + +jetty-9.4.55.v20240627 - 27 June 2024 + + 10805 Jetty response with an invalid HTTP2 packet if the client set the + hpack table size as 0 + + 11917 Update XML configure.dtd locations to new jetty.org website + jetty-12.0.10 - 30 May 2024 + 1470 Replace Timer use with Jetty Scheduler + 9177 Add JVM info and OS info to Dumpable.dump() @@ -137,6 +166,22 @@ jetty-12.0.10 - 30 May 2024 in different case + 11851 jetty-ee8-websocket-javax-server export not honoured +jetty-11.0.21 - 14 May 2024 + + 10805 Jetty response with an invalid HTTP2 packet if the client set the + hpack table size as 0 + + 11527 Reduce ByteBuffer churning in HttpOutput + + 11634 Socks5Proxy does not support IP addresses with IP segments above 127 + + 11656 Upgrade jetty-quiche-native to version 0.21.0 + + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak + +jetty-10.0.21 - 14 May 2024 + + 10805 Jetty response with an invalid HTTP2 packet if the client set the + hpack table size as 0 + + 11527 Reduce ByteBuffer churning in HttpOutput + + 11634 Socks5Proxy does not support IP addresses with IP segments above 127 + + 11656 Upgrade jetty-quiche-native to version 0.21.0 + + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak + jetty-12.0.9 - 03 May 2024 + 5944 Introduce alias --files for --download + 5945 Introduce alias --skip-create-files to replace --skip-file-validation @@ -232,6 +277,12 @@ jetty-12.0.7 - 29 February 2024 + 11448 UriCompliance.Violation ignored despite being set + 11465 HttpURI.toURI() sets userInfo to null +jetty-9.4.54.v20240208 - 08 February 2024 + + 1256 DoSFilter leaks USER_AUTH entries + + 11259 HTTP/2 connection not closed after idle timeout when TCP congested + (CVE-2024-22201) + + 11389 Strip default ports on ws/wss scheme uris too + jetty-12.0.6 - 29 January 2024 + 10220 Implement CrossOriginHandler + 10870 How to set HttpConfiguration.securePort when the HTTPS port is @@ -275,6 +326,26 @@ jetty-12.0.6 - 29 January 2024 + 11339 Content-type additional parameters + 11349 Update quiche to 0.20.0 +jetty-11.0.20 - 29 January 2024 + + 11081 Dropped WebSocket messages due to race condition in WebSocket frame + handling + + 11223 WebSocketClient.connect with URI including query parameters don't work + for HTTP2 connector + + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have + a `WEB-INF/quickstart-web.xml` + + 11273 Support BSD expr in startup script + + 11349 Update quiche to 0.20.0 + +jetty-10.0.20 - 29 January 2024 + + 11081 Dropped WebSocket messages due to race condition in WebSocket frame + handling + + 11223 WebSocketClient.connect with URI including query parameters don't work + for HTTP2 connector + + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have + a `WEB-INF/quickstart-web.xml` + + 11273 Support BSD expr in startup script + + 11349 Update quiche to 0.20.0 + jetty-12.0.5 - 18 December 2023 + 10277 Review read failures impacting writes + 10852 `ResourceHandler` could use a `.setUseFileMapping(boolean)` option @@ -294,6 +365,30 @@ jetty-12.0.5 - 18 December 2023 + 11040 "not an allowed scheme" for GraalVM Native-Image resource:-URIs + 11064 NPE if MultiPartFormData.setFilesDirectory() is not called +jetty-11.0.19 - 15 December 2023 + + 9900 Improve `Request.getBeginNanoTime()` accuracy + + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled + in at runtime + + 10891 Support the "Partitioned" cookie attribute + + 11014 RedirectRegexRule and RewritePatternRule should consider + relativeRedirectAllowed + + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests + + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after + restart + + 11044 Update jetty-11 to apache jasper 10.0.27 + +jetty-10.0.19 - 15 December 2023 + + 9900 Improve `Request.getBeginNanoTime()` accuracy + + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled + in at runtime + + 10891 Support the "Partitioned" cookie attribute + + 11014 RedirectRegexRule and RewritePatternRule should consider + relativeRedirectAllowed + + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests + + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after + restart + + 11043 Update to apache jasper 9.0.83 + jetty-12.0.4 - 30 November 2023 + 9502 Produce SBOM and deploy to Maven Central + 9900 Improve `Request.getBeginNanoTime()` accuracy @@ -350,6 +445,36 @@ jetty-12.0.3 - 26 October 2023 + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks + 10794 301 Moved Permanently produces query with `;` instead of `?` +jetty-11.0.18 - 26 October 2023 + + 1256 DoSFilter leaks USER_AUTH entries + + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server + + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring + Boot 3.2 + + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux + + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty + 12.0.2 + + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has + a non-null `SSLContext` makes the server fail to start with an unclear error + message + + 10731 org.eclipse.jetty.server.Request uses wrong context attribute name + javax.servlet instead of jakarta.servlet + + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks + +jetty-10.0.18 - 26 October 2023 + + 1256 DoSFilter leaks USER_AUTH entries + + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server + + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring + Boot 3.2 + + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux + + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty + 12.0.2 + + 10669 Provide ability to defer initial deployment of webapps until after + Server has started + + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has + a non-null `SSLContext` makes the server fail to start with an unclear error + message + + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks + jetty-12.0.2 - 09 October 2023 + 7408 Change scope of maven plugin dependencies + 9665 `HttpCookieStore` incorrectly rejects cookies for domains that are an @@ -389,6 +514,28 @@ jetty-12.0.2 - 09 October 2023 + 10665 Wrong BREE in Jetty jars + 10679 Review HTTP/2 rate control (CVE-2023-44487) +jetty-11.0.17 - 09 October 2023 + + 9777 CrossOriginFilter does not return Vary header on no-cors mode + + 9928 Backport `Request.getBeginNanoTime()` + + 10271 jetty.sh does not stop jetty anymore + + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual + start of Jetty + + 10547 Cannot customize Executor on WebSocketClient + + 10679 Review HTTP/2 rate control (CVE-2023-44487) + +jetty-10.0.17 - 09 October 2023 + + 9777 CrossOriginFilter does not return Vary header on no-cors mode + + 9928 Backport `Request.getBeginNanoTime()` + + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual + start of Jetty + + 10547 Cannot customize Executor on WebSocketClient + + 10679 Review HTTP/2 rate control (CVE-2023-44487) + +jetty-9.4.53.v20231009 - 09 October 2023 + + 10546 backport jetty-http Huffman encoders/decoders from Jetty 10.0.x + + 10573 backport hpack improvements from Jetty 10.0.x (CVE-2023-36478) + + 10679 backport HTTP/2 rate control from Jetty 10.0.x (CVE-2023-44487) + jetty-12.0.1 - 29 August 2023 + 8926 HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip @@ -428,116 +575,6 @@ jetty-12.0.1 - 29 August 2023 + 10411 Review deployment of Jetty Context XML files + 10416 EE9 Copies HttpFields in response -jetty-11.0.21 - 14 May 2024 - + 10805 Jetty response with an invalid HTTP2 packet if the client set the - hpack table size as 0 - + 11527 Reduce ByteBuffer churning in HttpOutput - + 11634 Socks5Proxy does not support IP addresses with IP segments above 127 - + 11656 Upgrade jetty-quiche-native to version 0.21.0 - + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak - -jetty-11.0.20 - 29 January 2024 - + 11081 Dropped WebSocket messages due to race condition in WebSocket frame - handling - + 11223 WebSocketClient.connect with URI including query parameters don't work - for HTTP2 connector - + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have - a `WEB-INF/quickstart-web.xml` - + 11273 Support BSD expr in startup script - + 11349 Update quiche to 0.20.0 - -jetty-9.4.54.v20240208 - 08 February 2024 - + 1256 DoSFilter leaks USER_AUTH entries - + 11259 HTTP/2 connection not closed after idle timeout when TCP congested - (CVE-2024-22201) - + 11389 Strip default ports on ws/wss scheme uris too - -jetty-11.0.19 - 15 December 2023 - + 9900 Improve `Request.getBeginNanoTime()` accuracy - + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled - in at runtime - + 10891 Support the "Partitioned" cookie attribute - + 11014 RedirectRegexRule and RewritePatternRule should consider - relativeRedirectAllowed - + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests - + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after - restart - + 11044 Update jetty-11 to apache jasper 10.0.27 - -jetty-11.0.18 - 26 October 2023 - + 1256 DoSFilter leaks USER_AUTH entries - + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server - + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring - Boot 3.2 - + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux - + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty - 12.0.2 - + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has - a non-null `SSLContext` makes the server fail to start with an unclear error - message - + 10731 org.eclipse.jetty.server.Request uses wrong context attribute name - javax.servlet instead of jakarta.servlet - + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks - -jetty-11.0.17 - 09 October 2023 - + 9777 CrossOriginFilter does not return Vary header on no-cors mode - + 9928 Backport `Request.getBeginNanoTime()` - + 10271 jetty.sh does not stop jetty anymore - + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual - start of Jetty - + 10547 Cannot customize Executor on WebSocketClient - + 10679 Review HTTP/2 rate control (CVE-2023-44487) - -jetty-10.0.20 - 29 January 2024 - + 11081 Dropped WebSocket messages due to race condition in WebSocket frame - handling - + 11223 WebSocketClient.connect with URI including query parameters don't work - for HTTP2 connector - + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have - a `WEB-INF/quickstart-web.xml` - + 11273 Support BSD expr in startup script - + 11349 Update quiche to 0.20.0 - -jetty-10.0.19 - 15 December 2023 - + 9900 Improve `Request.getBeginNanoTime()` accuracy - + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled - in at runtime - + 10891 Support the "Partitioned" cookie attribute - + 11014 RedirectRegexRule and RewritePatternRule should consider - relativeRedirectAllowed - + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests - + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after - restart - + 11043 Update to apache jasper 9.0.83 - -jetty-10.0.18 - 26 October 2023 - + 1256 DoSFilter leaks USER_AUTH entries - + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server - + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring - Boot 3.2 - + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux - + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty - 12.0.2 - + 10669 Provide ability to defer initial deployment of webapps until after - Server has started - + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has - a non-null `SSLContext` makes the server fail to start with an unclear error - message - + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks - -jetty-10.0.17 - 09 October 2023 - + 9777 CrossOriginFilter does not return Vary header on no-cors mode - + 9928 Backport `Request.getBeginNanoTime()` - + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual - start of Jetty - + 10547 Cannot customize Executor on WebSocketClient - + 10679 Review HTTP/2 rate control (CVE-2023-44487) - -jetty-9.4.53.v20231009 - 09 October 2023 - + 10546 backport jetty-http Huffman encoders/decoders from Jetty 10.0.x - + 10573 backport hpack improvements from Jetty 10.0.x (CVE-2023-36478) - + 10679 backport HTTP/2 rate control from Jetty 10.0.x (CVE-2023-44487) - jetty-11.0.16 - 25 August 2023 + 6140 Report total number of keys in SelectorManager + 7091 Add SOCKS5 support @@ -589,34 +626,68 @@ jetty-11.0.16 - 25 August 2023 + 10388 Jetty10 inetaccess mod started error + 10397 Iso88591StringBuilder.append seems to have a logic error -jetty-11.0.15 - 11 April 2023 - + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove - the SecurityManager from the JVM - + 6483 Jetty http client SSL connectivity over CNTLM proxy fails - + 9237 Decouple QTP `idleTimeout` from pool shrink rate - + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` - + 9400 Jetty logs warning with stacktrace when annotation parser encounters - module-info.class file inside elasticsearch-x-content jar - + 9464 Add optional configuration to log user out after OpenID idToken expires - (CVE-2023-41900) - + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 - + 9497 Maven plugin effective web xml: add support for jar projects - + 9501 jetty client with proxy - ssl traffic between both proxy and servers - + 9517 Jetty 10.0.14 uses wrong pathSpec for request - + 9556 Password Util does not ask for password - -jetty-11.0.14 - 22 February 2023 - + 7650 QueuedThreadPool: Stopped without executing or closing null - + 9059 IteratingCallback not serializing close() and failed() - + 9119 Wrong value of javax.servlet.forward.context_path attribute - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9183 ConnectHandler may close the connection instead of sending 200 OK - + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped - Response object from Handler chain - + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) - + 9337 LowResourceMonitor.getReasons should include detailed reason instead of - hard-coded message - + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) +jetty-10.0.16 - 25 August 2023 + + 6140 Report total number of keys in SelectorManager + + 7091 Add SOCKS5 support + + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or + h2c if the server doesn't respond within 30s + + 8556 ServletContext.getSessionTimeout() incorrectly throws + IllegalStateException + + 8694 Make QuicServerConnector respect configured key store instances + + 8926 HttpClient GZIPContentDecoder should remove Content-Length and + Content-Encoding: gzip + + 9150 jetty-http-spi: Jetty's implementation of HttpExchange.setStreams + method faulty + + 9386 SSL reports deprecated setting, but ssl.ini still uses it + + 9397 HTTP/3 encryption configuration + + 9476 onCompleteFailure called multiple times + + 9524 InputStreamResponseListener's InputStream creates an exception on + close() + + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to + common location + + 9682 RetainableByteBuffer buffer release bug in WebSocket + + 9685 Jetty doesn't set the date header on error responses + + 9749 Correct HPACK Integer Overflow (CVE-2023-36478) + + 9720 Http2Session.streamIdleTimeout should permit being disabled from + AbstractHTTP2ServerConnectionFactory + + 9772 Improve Quiche certificates deployment + + 9777 CrossOriginFilter does not return Vary header on no-cors mode + + 9795 http3-server is leaking the Jetty logging service to web applications + + 9887 Deprecate CGI Servlet (CVE-2023-36479) + + 9895 A MessageTooLargeException doesn't close a WebSocket connection + + 9947 Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" + because "selector" is null + + 9990 Server rejects certain sizes of streamed request bodies + + 10055 Deployment of static files does not work with --dry-run Jetty-12 + + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's + `XmlParser` class + + 10086 Revisiting ProxyConfiguration.getProxies() + + 10105 Document that Request objects are not reusable + + 10120 OutOfMemoryError caused by CyclicTimeouts + + 10135 Websocket: Using PerMessageDeflateExtension and flush in batchMode + send FLUSH_FRAME to client. + + 10143 Startup fails due to IllegalArgumentException: Comparison method + violates its general contract + + 10145 WritePendingException over HTTP/2 tunnel + + 10160 Verify PROXY_AUTHENTICATION is sent to forward proxies + + 10211 NPE in ArrayByteBufferPool.findOldestEntry() + + 10271 jetty.sh does not stop jetty anymore + + 10312 Remove jetty-home-with-docs to eliminate build time cyclic + dependencies + + 10350 Support Java 21 virtual threads + + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167) + + 10388 Jetty10 inetaccess mod started error + + 10397 Iso88591StringBuilder.append seems to have a logic error + +jetty-9.4.52.v20230823 - 23 August 2023 + + 9476 onCompleteFailure called multiple times + + 9660 OpenId Revoked authentication allows one request (CVE-2023-41900) + + 9887 Deprecate CGI Servlet (CVE-2023-36479) + + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's + `XmlParser` class + + 10168 NPE in websocket extension startup + + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167) + + 10337 SizeLimitHandler does not enforce 0 responseLimit jetty-12.0.0 - 07 August 2023 + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or @@ -780,6 +851,53 @@ jetty-12.0.0.beta1 - 02 May 2023 + 9656 jetty-12 ee10 PushBuilderImpl.push must throw IllegalStateException + 9685 Jetty doesn't set the date header on error responses +jetty-11.0.15 - 11 April 2023 + + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove + the SecurityManager from the JVM + + 6483 Jetty http client SSL connectivity over CNTLM proxy fails + + 9237 Decouple QTP `idleTimeout` from pool shrink rate + + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` + + 9400 Jetty logs warning with stacktrace when annotation parser encounters + module-info.class file inside elasticsearch-x-content jar + + 9464 Add optional configuration to log user out after OpenID idToken expires + (CVE-2023-41900) + + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 + + 9497 Maven plugin effective web xml: add support for jar projects + + 9501 jetty client with proxy - ssl traffic between both proxy and servers + + 9517 Jetty 10.0.14 uses wrong pathSpec for request + + 9556 Password Util does not ask for password + +jetty-11.0.15 - 11 April 2023 + + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove + the SecurityManager from the JVM + + 6483 Jetty http client SSL connectivity over CNTLM proxy fails + + 9237 Decouple QTP `idleTimeout` from pool shrink rate + + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` + + 9400 Jetty logs warning with stacktrace when annotation parser encounters + module-info.class file inside elasticsearch-x-content jar + + 9464 Add optional configuration to log user out after OpenID idToken expires + (CVE-2023-41900) + + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 + + 9497 Maven plugin effective web xml: add support for jar projects + + 9501 jetty client with proxy - ssl traffic between both proxy and servers + + 9517 Jetty 10.0.14 uses wrong pathSpec for request + + 9556 Password Util does not ask for password + +jetty-10.0.15 - 11 April 2023 + + 6184 JEP-411 will deprecate/remove the SecurityManager from the JVM + + 6483 Jetty http client SSL connectivity over CNTLM proxy fails + + 9237 Decouple QTP `idleTimeout` from pool shrink rate + + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` + + 9400 Jetty logs warning with stacktrace when annotation parser encounters + module-info.class file inside elasticsearch-x-content jar + + 9464 Add optional configuration to log user out after OpenID idToken expires + (CVE-2023-41900) + + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 + + 9497 Maven plugin effective web xml: add support for jar projects + + 9501 jetty client with proxy - ssl traffic between both proxy and servers + + 9517 Jetty 10.0.14 uses wrong pathSpec for request + + 9556 Password Util does not ask for password + jetty-12.0.0.beta0 - 23 February 2023 + 7650 QueuedThreadPool: Stopped without executing or closing null + 8069 Jetty 12 is missing a way to record server latencies @@ -825,6 +943,133 @@ jetty-12.0.0.beta0 - 23 February 2023 + 9403 TCK failure: DefaultServlet only sets status 404 instead of sending 404 response +jetty-11.0.14 - 22 February 2023 + + 7650 QueuedThreadPool: Stopped without executing or closing null + + 9059 IteratingCallback not serializing close() and failed() + + 9119 Wrong value of javax.servlet.forward.context_path attribute + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9183 ConnectHandler may close the connection instead of sending 200 OK + + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped + Response object from Handler chain + + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) + + 9337 LowResourceMonitor.getReasons should include detailed reason instead of + hard-coded message + + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) + + 7117 Timeout with Expect 100 continue when using ProxyServlet + + 7286 WebSocket write can time out even if the frame / callback has not been + failed. + + 7993 HttpClient idleTimeout configuration being ignored/overridden + + 8330 Persistent OpenId sessions can throw IllegalStateException + + 8460 Log or throw exception if DefaultSessionIdManager is used but has not + been started. + + 8536 HotSwapHandler race condition + + 8558 Idle timeout occured sometimes on HTTP/2 client with + `InputStreamResponseListener` + + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns + + 8591 Indicate units of HttpClient properties + + 8623 Use AutoLock in InputStreamResponseListener + + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat + reasons + + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) + Server and continue to send traffic on same connection + + 8695 Update quiche to 0.16.0 + + 8712 ELContextCleaner no longer needed + + 8716 Multiple Host header values handled poorly + + 8721 jetty:effective-web-xml doesn't generate quickstart information for web + fragment jars that contain META-INF/resources + + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime + + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers + with empty values + + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE + + 8770 Review whether to send request body in redirects + + 8779 CompactPathRule drops query section on use + + 8786 KeyStoreScanner is not able to monitor a symlink file and always + resolves to the target. + + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices + + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until + stop timeout + + 8863 Provide a possibility to name virtual threads + + 8895 Generate downloadable version of javadocs documentation in website + deploy script + + 8897 Update Conditional request handling for RFC7232 + + 8905 GzipHandler fails to set Vary header on 304 responses + + 8913 Review Jetty XML syntax to allow calling JDK methods + + 8942 Use Logback 1.3.x for Jetty 10.0.x + +jetty-11.0.14 - 22 February 2023 + + 7650 QueuedThreadPool: Stopped without executing or closing null + + 9059 IteratingCallback not serializing close() and failed() + + 9119 Wrong value of javax.servlet.forward.context_path attribute + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9183 ConnectHandler may close the connection instead of sending 200 OK + + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped + Response object from Handler chain + + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) + + 9337 LowResourceMonitor.getReasons should include detailed reason instead of + hard-coded message + + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) jetty-11.0.13 - 07 + December 2022 + + 7117 Timeout with Expect 100 continue when using ProxyServlet + + 7286 WebSocket write can time out even if the frame / callback has not been + failed. + + 7993 HttpClient idleTimeout configuration being ignored/overridden + + 8330 Persistent OpenId sessions can throw IllegalStateException + + 8460 Log or throw exception if DefaultSessionIdManager is used but has not + been started. + + 8536 HotSwapHandler race condition + + 8558 Idle timeout occured sometimes on HTTP/2 client with + `InputStreamResponseListener` + + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns + + 8591 Indicate units of HttpClient properties + + 8623 Use AutoLock in InputStreamResponseListener + + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat + reasons + + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) + Server and continue to send traffic on same connection + + 8695 Update quiche to 0.16.0 + + 8712 ELContextCleaner no longer needed + + 8716 Multiple Host header values handled poorly + + 8721 jetty:effective-web-xml doesn't generate quickstart information for web + fragment jars that contain META-INF/resources + + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime + + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers + with empty values + + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE + + 8770 Review whether to send request body in redirects + + 8779 CompactPathRule drops query section on use + + 8786 KeyStoreScanner is not able to monitor a symlink file and always + resolves to the target. + + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices + + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until + stop timeout + + 8863 Provide a possibility to name virtual threads + + 8895 Generate downloadable version of javadocs documentation in website + deploy script + + 8897 Update Conditional request handling for RFC7232 + + 8905 GzipHandler fails to set Vary header on 304 responses + + 8913 Review Jetty XML syntax to allow calling JDK methods + + 8942 Use Logback 1.3.x for Jetty 10.0.x + +jetty-10.0.14 - 22 February 2023 + + 7650 QueuedThreadPool: Stopped without executing or closing null + + 9059 IteratingCallback not serializing close() and failed() + + 9119 Wrong value of javax.servlet.forward.context_path attribute + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9183 ConnectHandler may close the connection instead of sending 200 OK + + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped + Response object from Handler chain + + 9344 Cleanup Multipart Handling (CVE-2023-26048) + + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) + + 9334 Better support for Cookie RFC 2965 compliance + + 9337 LowResourceMonitor.getReasons should include detailed reason instead of + hard-coded message + +jetty-9.4.51.v20230217 - 17 February 2023 + + 9059 IteratingCallback not serializing close() and failed() + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9345 Backport Fix for CVE-2023-26048 + + 9352 Backport Fix for CVE-2023-26049 + jetty-11.0.13 - 07 December 2022 + 7117 Timeout with Expect 100 continue when using ProxyServlet + 7286 WebSocket write can time out even if the frame / callback has not been @@ -868,206 +1113,6 @@ jetty-11.0.13 - 07 December 2022 + 8942 Use Logback 1.3.x for Jetty 10.0.x + 9006 WebSocket Message InputStream read() returns signed byte -jetty-11.0.12 - 14 September 2022 - + 7970 Maven Plugin - the option to set extraClasspath in the plugin - configuration isn't working - + 8007 Support Loom - + 8151 `JakartaWebSocketSession.close()` blocks long time when called from - `SendHandlerCallback` - + 8152 jetty.sh does not read JAVA_OPTIONS anymore - + 8170 WebSockets closed abruptly when using HTTP/2 - + 8196 Remove unused jetty-plus.xml file - + 8206 Stopping server from within AbstractConnector#accept fails and results - in a partially stopped QueuedThreadPool - + 8216 OpenID logout / more extensibible OpenIdConfiguration - + 8222 Jetty start.jar fails with NullPointerException when referencing a non - existent module and using JVM args - + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is - different from ContextHandler's - + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField - cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField - + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is - called resulting that access to resource is denied - + 8319 Allow configuring initial queue size per destination - + 8353 Automatic pongs should not be sent when connection is closed - + 8414 BlockingArrayQueue drops all contents on drain - + 8493 Review HTTP client feature `setRemoveIdleDestinations` - + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that - cause 404 error - + 8532 Review System.nanoTime() usages - + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded` - and `org.eclipse.jetty/infinispan-remote` - + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in - an authority-form request-target - -jetty-10.0.16 - 25 August 2023 - + 6140 Report total number of keys in SelectorManager - + 7091 Add SOCKS5 support - + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or - h2c if the server doesn't respond within 30s - + 8556 ServletContext.getSessionTimeout() incorrectly throws - IllegalStateException - + 8694 Make QuicServerConnector respect configured key store instances - + 8926 HttpClient GZIPContentDecoder should remove Content-Length and - Content-Encoding: gzip - + 9150 jetty-http-spi: Jetty's implementation of HttpExchange.setStreams - method faulty - + 9386 SSL reports deprecated setting, but ssl.ini still uses it - + 9397 HTTP/3 encryption configuration - + 9476 onCompleteFailure called multiple times - + 9524 InputStreamResponseListener's InputStream creates an exception on - close() - + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to - common location - + 9682 RetainableByteBuffer buffer release bug in WebSocket - + 9685 Jetty doesn't set the date header on error responses - + 9749 Correct HPACK Integer Overflow (CVE-2023-36478) - + 9720 Http2Session.streamIdleTimeout should permit being disabled from - AbstractHTTP2ServerConnectionFactory - + 9772 Improve Quiche certificates deployment - + 9777 CrossOriginFilter does not return Vary header on no-cors mode - + 9795 http3-server is leaking the Jetty logging service to web applications - + 9887 Deprecate CGI Servlet (CVE-2023-36479) - + 9895 A MessageTooLargeException doesn't close a WebSocket connection - + 9947 Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" - because "selector" is null - + 9990 Server rejects certain sizes of streamed request bodies - + 10055 Deployment of static files does not work with --dry-run Jetty-12 - + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's - `XmlParser` class - + 10086 Revisiting ProxyConfiguration.getProxies() - + 10105 Document that Request objects are not reusable - + 10120 OutOfMemoryError caused by CyclicTimeouts - + 10135 Websocket: Using PerMessageDeflateExtension and flush in batchMode - send FLUSH_FRAME to client. - + 10143 Startup fails due to IllegalArgumentException: Comparison method - violates its general contract - + 10145 WritePendingException over HTTP/2 tunnel - + 10160 Verify PROXY_AUTHENTICATION is sent to forward proxies - + 10211 NPE in ArrayByteBufferPool.findOldestEntry() - + 10271 jetty.sh does not stop jetty anymore - + 10312 Remove jetty-home-with-docs to eliminate build time cyclic - dependencies - + 10350 Support Java 21 virtual threads - + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167) - + 10388 Jetty10 inetaccess mod started error - + 10397 Iso88591StringBuilder.append seems to have a logic error - -jetty-9.4.52.v20230823 - 23 August 2023 - + 9476 onCompleteFailure called multiple times - + 9660 OpenId Revoked authentication allows one request (CVE-2023-41900) - + 9887 Deprecate CGI Servlet (CVE-2023-36479) - + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's - `XmlParser` class - + 10168 NPE in websocket extension startup - + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167) - + 10337 SizeLimitHandler does not enforce 0 responseLimit - -jetty-11.0.15 - 11 April 2023 - + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove - the SecurityManager from the JVM - + 6483 Jetty http client SSL connectivity over CNTLM proxy fails - + 9237 Decouple QTP `idleTimeout` from pool shrink rate - + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` - + 9400 Jetty logs warning with stacktrace when annotation parser encounters - module-info.class file inside elasticsearch-x-content jar - + 9464 Add optional configuration to log user out after OpenID idToken expires - (CVE-2023-41900) - + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 - + 9497 Maven plugin effective web xml: add support for jar projects - + 9501 jetty client with proxy - ssl traffic between both proxy and servers - + 9517 Jetty 10.0.14 uses wrong pathSpec for request - + 9556 Password Util does not ask for password - -jetty-10.0.15 - 11 April 2023 - + 6184 JEP-411 will deprecate/remove the SecurityManager from the JVM - + 6483 Jetty http client SSL connectivity over CNTLM proxy fails - + 9237 Decouple QTP `idleTimeout` from pool shrink rate - + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` - + 9400 Jetty logs warning with stacktrace when annotation parser encounters - module-info.class file inside elasticsearch-x-content jar - + 9464 Add optional configuration to log user out after OpenID idToken expires - (CVE-2023-41900) - + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 - + 9497 Maven plugin effective web xml: add support for jar projects - + 9501 jetty client with proxy - ssl traffic between both proxy and servers - + 9517 Jetty 10.0.14 uses wrong pathSpec for request - + 9556 Password Util does not ask for password - -jetty-11.0.14 - 22 February 2023 - + 7650 QueuedThreadPool: Stopped without executing or closing null - + 9059 IteratingCallback not serializing close() and failed() - + 9119 Wrong value of javax.servlet.forward.context_path attribute - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9183 ConnectHandler may close the connection instead of sending 200 OK - + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped - Response object from Handler chain - + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) - + 9337 LowResourceMonitor.getReasons should include detailed reason instead of - hard-coded message - + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) jetty-11.0.13 - 07 - December 2022 - + 7117 Timeout with Expect 100 continue when using ProxyServlet - + 7286 WebSocket write can time out even if the frame / callback has not been - failed. - + 7993 HttpClient idleTimeout configuration being ignored/overridden - + 8330 Persistent OpenId sessions can throw IllegalStateException - + 8460 Log or throw exception if DefaultSessionIdManager is used but has not - been started. - + 8536 HotSwapHandler race condition - + 8558 Idle timeout occured sometimes on HTTP/2 client with - `InputStreamResponseListener` - + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns - + 8591 Indicate units of HttpClient properties - + 8623 Use AutoLock in InputStreamResponseListener - + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat - reasons - + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) - Server and continue to send traffic on same connection - + 8695 Update quiche to 0.16.0 - + 8712 ELContextCleaner no longer needed - + 8716 Multiple Host header values handled poorly - + 8721 jetty:effective-web-xml doesn't generate quickstart information for web - fragment jars that contain META-INF/resources - + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime - + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers - with empty values - + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE - + 8770 Review whether to send request body in redirects - + 8779 CompactPathRule drops query section on use - + 8786 KeyStoreScanner is not able to monitor a symlink file and always - resolves to the target. - + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices - + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until - stop timeout - + 8863 Provide a possibility to name virtual threads - + 8895 Generate downloadable version of javadocs documentation in website - deploy script - + 8897 Update Conditional request handling for RFC7232 - + 8905 GzipHandler fails to set Vary header on 304 responses - + 8913 Review Jetty XML syntax to allow calling JDK methods - + 8942 Use Logback 1.3.x for Jetty 10.0.x - -jetty-10.0.14 - 22 February 2023 - + 7650 QueuedThreadPool: Stopped without executing or closing null - + 9059 IteratingCallback not serializing close() and failed() - + 9119 Wrong value of javax.servlet.forward.context_path attribute - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9183 ConnectHandler may close the connection instead of sending 200 OK - + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped - Response object from Handler chain - + 9344 Cleanup Multipart Handling (CVE-2023-26048) - + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) - + 9334 Better support for Cookie RFC 2965 compliance - + 9337 LowResourceMonitor.getReasons should include detailed reason instead of - hard-coded message - -jetty-9.4.51.v20230217 - 17 February 2023 - + 9059 IteratingCallback not serializing close() and failed() - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9345 Backport Fix for CVE-2023-26048 - + 9352 Backport Fix for CVE-2023-26049 - jetty-11.0.13 - 07 December 2022 + 7117 Timeout with Expect 100 continue when using ProxyServlet + 7286 WebSocket write can time out even if the frame / callback has not been @@ -1200,6 +1245,38 @@ jetty-11.0.12 - 14 September 2022 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in an authority-form request-target +jetty-11.0.12 - 14 September 2022 + + 7970 Maven Plugin - the option to set extraClasspath in the plugin + configuration isn't working + + 8007 Support Loom + + 8151 `JakartaWebSocketSession.close()` blocks long time when called from + `SendHandlerCallback` + + 8152 jetty.sh does not read JAVA_OPTIONS anymore + + 8170 WebSockets closed abruptly when using HTTP/2 + + 8196 Remove unused jetty-plus.xml file + + 8206 Stopping server from within AbstractConnector#accept fails and results + in a partially stopped QueuedThreadPool + + 8216 OpenID logout / more extensibible OpenIdConfiguration + + 8222 Jetty start.jar fails with NullPointerException when referencing a non + existent module and using JVM args + + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is + different from ContextHandler's + + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField + cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField + + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is + called resulting that access to resource is denied + + 8319 Allow configuring initial queue size per destination + + 8353 Automatic pongs should not be sent when connection is closed + + 8414 BlockingArrayQueue drops all contents on drain + + 8493 Review HTTP client feature `setRemoveIdleDestinations` + + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that + cause 404 error + + 8532 Review System.nanoTime() usages + + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded` + and `org.eclipse.jetty/infinispan-remote` + + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in + an authority-form request-target + jetty-10.0.12 - 14 September 2022 + 7970 Maven Plugin - the option to set extraClasspath in the plugin configuration isn't working @@ -1247,6 +1324,14 @@ jetty-10.0.11 - 21 June 2022 + 8184 All suffix globs except first fail to match if path has `.` character in prefix section +jetty-10.0.11 - 21 June 2022 + + 8184 All suffix globs except first fail to match if path has `.` character + in prefix section + +jetty-9.4.48.v20220622 - 21 June 2022 + + 8184 All suffix globs except first fail to match if path has . character in + prefix + jetty-11.0.10 - 16 June 2022 + 1771 Add module for SecuredRedirect support + 4414 GZipHandler not excluding inflation for specified paths @@ -1311,30 +1396,124 @@ jetty-10.0.10 - 16 June 2022 properties + 8161 Improve SSLConnection buffers handling (Resolves CVE-2022-2191) -jetty-11.0.9 - 30 March 2022 - + 5681 Unrecognized jetty-home/start.jar command line option not reported - clearly - + 5965 Option --write-module-graph produces wrong .dot file - + 6879 Remove jminix (not maintained) module as hawtio provide same features - + 7182 jetty.sh start process should remove jetty_state whenever deleting the - pid - + 7344 Incompatible with jacoco due to shutdown race condition - + 7414 QoSFilter.setMaxRequests throws NullPointerException - + 7513 Getter/setter type mismatch for mbean attribute file in class - org.eclipse.jetty.deploy.PropertiesConfigurationManager - + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very - large entry - + 7518 ArrayTrie getBest fails to match the empty string entry in certain - cases - + 7545 Named arguments do not work in jetty-openid.xml - + 7548 Interrupt flag is not always cleared in between requests - + 7567 Gzip compression not working for multipart/form-data when added to the - allowed list using addIncludedMimeTypes. - + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" - + 7575 Misleading docs for `HttpClientTransportDynamic` - + 7613 Configurations.add(Configuration) results in - UnsupportedOperationException - + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ +jetty-10.0.10 - 16 June 2022 + + 1771 Add module for SecuredRedirect support + + 4414 GZipHandler not excluding inflation for specified paths + + 7635 QPACK decoder should fail connection if the encoder blocks more than + SETTINGS_QPACK_BLOCKED_STREAMS + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + + 7754 jetty.sh ignores JAVA_OPTIONS environment variable + + 7801 Session cookie can be set twice after session id changed + + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no + longer possible with Jetty 10 + + 7855 Remove accidentally included package-info.class in all packages + + 7858 GZipHandler does not play nice with other handlers in HandlerCollection + + 7863 Default servlet drops first accept-encoding header if there is more + than one. + + 7880 DefaultServlet should not overwrite programmatically configured + precompressed formats with defaults + + 7891 Better Servlet PathMappings for Regex + + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec + + 7935 Review HTTP/2 error handling (CVE-2022-2048) + + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers + + 7977 UpgradeHttpServletRequest.setAttribute & + UpgradeHttpServletRequest.removeAttribute can throw NullPointerException + + 7994 Ability to construct a detached client Request + + 8014 Review HttpRequest URI construction (CVE-2022-2047) + + 8057 Support Http Response 103 (Early Hints) + + 8067 Wall time usage in DoSFilter RateTracker results in false positive + alert + + 8088 Add option to configure exitVm on ShutdownMonitor from System + properties + + 8161 Improve SSLConnection buffers handling (CVE-2022-2191) + +jetty-9.4.47.v20220610 - 10 June 2022 + + 4717 High CPU spikes with jetty winstone threads + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + + 7801 Session cookie can be set twice after session id changed + + 7855 Remove accidentally included package-info.class in all packages + + 7858 GZipHandler does not play nice with other handlers in HandlerCollection + + 7863 Default servlet drops first accept-encoding header if there is more + than one. + + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec + + 7935 Review HTTP/2 error handling (CVE-2022-2048) + + 8014 Review HttpRequest URI construction (CVE-2022-2047) + + 8067 Wall time usage in DoSFilter RateTracker results in false positive + alert + + 8088 Add option to configure exitVm on ShutdownMonitor from System + properties + +jetty-9.4.46.v20220331 - 31 March 2022 + + 5965 Option --write-module-graph produces wrong .dot file + + 6756 Deprecate `/jetty-spring/` artifact in `jetty-9.4.x` releases + + 7518 ArrayTrie getBest fails to match the empty string entry in certain + cases + + 7548 Interrupt flag is not always cleared in between requests + + 7567 Gzip compression not working for multipart/form-data when added to the + allowed list using addIncludedMimeTypes. + + 7569 Miconfigured headerCacheSize in can result in IllegalArgumentException + + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ + +jetty-11.0.9 - 30 March 2022 + + 5681 Unrecognized jetty-home/start.jar command line option not reported + clearly + + 5965 Option --write-module-graph produces wrong .dot file + + 6879 Remove jminix (not maintained) module as hawtio provide same features + + 7182 jetty.sh start process should remove jetty_state whenever deleting the + pid + + 7344 Incompatible with jacoco due to shutdown race condition + + 7414 QoSFilter.setMaxRequests throws NullPointerException + + 7513 Getter/setter type mismatch for mbean attribute file in class + org.eclipse.jetty.deploy.PropertiesConfigurationManager + + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very + large entry + + 7518 ArrayTrie getBest fails to match the empty string entry in certain + cases + + 7545 Named arguments do not work in jetty-openid.xml + + 7548 Interrupt flag is not always cleared in between requests + + 7567 Gzip compression not working for multipart/form-data when added to the + allowed list using addIncludedMimeTypes. + + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" + + 7575 Misleading docs for `HttpClientTransportDynamic` + + 7613 Configurations.add(Configuration) results in + UnsupportedOperationException + + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ + + 7617 Logback-access RequestLog not working + + 7625 HTTP/3 error against www.google.com + + 7677 jetty-maven-plugin - maven internal dependencies included on webapp + classloader + + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and + always uses non-direct buffers (causing GC locking) + + 7688 Read data to native memory from HttpInput + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + +jetty-10.0.9 - 30 March 2022 + + 5681 Unrecognized jetty-home/start.jar command line option not reported + clearly + + 5965 Option --write-module-graph produces wrong .dot file + + 6879 Remove jminix (not maintained) module as hawtio provide same features + + 7182 jetty.sh start process should remove jetty_state whenever deleting the + pid + + 7344 Incompatible with jacoco due to shutdown race condition + + 7414 QoSFilter.setMaxRequests throws NullPointerException + + 7513 Getter/setter type mismatch for mbean attribute file in class + org.eclipse.jetty.deploy.PropertiesConfigurationManager + + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very + large entry + + 7518 ArrayTrie getBest fails to match the empty string entry in certain + cases + + 7545 Named arguments do not work in jetty-openid.xml + + 7548 Interrupt flag is not always cleared in between requests + + 7567 Gzip compression not working for multipart/form-data when added to the + allowed list using addIncludedMimeTypes. + + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" + + 7575 Misleading docs for `HttpClientTransportDynamic` + + 7613 Configurations.add(Configuration) results in + UnsupportedOperationException + + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ + 7617 Logback-access RequestLog not working + 7625 HTTP/3 error against www.google.com + 7677 jetty-maven-plugin - maven internal dependencies included on webapp @@ -1444,108 +1623,6 @@ jetty-11.0.8 - 07 February 2022 + 7524 Missing package in JmxConfiguration + 7529 Upgrade quiche to version 0.11.0 -jetty-10.0.11 - 21 June 2022 - + 8184 All suffix globs except first fail to match if path has `.` character - in prefix section - -jetty-9.4.48.v20220622 - 21 June 2022 - + 8184 All suffix globs except first fail to match if path has . character in - prefix - -jetty-10.0.10 - 16 June 2022 - + 1771 Add module for SecuredRedirect support - + 4414 GZipHandler not excluding inflation for specified paths - + 7635 QPACK decoder should fail connection if the encoder blocks more than - SETTINGS_QPACK_BLOCKED_STREAMS - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - + 7754 jetty.sh ignores JAVA_OPTIONS environment variable - + 7801 Session cookie can be set twice after session id changed - + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no - longer possible with Jetty 10 - + 7855 Remove accidentally included package-info.class in all packages - + 7858 GZipHandler does not play nice with other handlers in HandlerCollection - + 7863 Default servlet drops first accept-encoding header if there is more - than one. - + 7880 DefaultServlet should not overwrite programmatically configured - precompressed formats with defaults - + 7891 Better Servlet PathMappings for Regex - + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec - + 7935 Review HTTP/2 error handling (CVE-2022-2048) - + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers - + 7977 UpgradeHttpServletRequest.setAttribute & - UpgradeHttpServletRequest.removeAttribute can throw NullPointerException - + 7994 Ability to construct a detached client Request - + 8014 Review HttpRequest URI construction (CVE-2022-2047) - + 8057 Support Http Response 103 (Early Hints) - + 8067 Wall time usage in DoSFilter RateTracker results in false positive - alert - + 8088 Add option to configure exitVm on ShutdownMonitor from System - properties - + 8161 Improve SSLConnection buffers handling (CVE-2022-2191) - -jetty-9.4.47.v20220610 - 10 June 2022 - + 4717 High CPU spikes with jetty winstone threads - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - + 7801 Session cookie can be set twice after session id changed - + 7855 Remove accidentally included package-info.class in all packages - + 7858 GZipHandler does not play nice with other handlers in HandlerCollection - + 7863 Default servlet drops first accept-encoding header if there is more - than one. - + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec - + 7935 Review HTTP/2 error handling (CVE-2022-2048) - + 8014 Review HttpRequest URI construction (CVE-2022-2047) - + 8067 Wall time usage in DoSFilter RateTracker results in false positive - alert - + 8088 Add option to configure exitVm on ShutdownMonitor from System - properties - -jetty-9.4.46.v20220331 - 31 March 2022 - + 5965 Option --write-module-graph produces wrong .dot file - + 6756 Deprecate `/jetty-spring/` artifact in `jetty-9.4.x` releases - + 7518 ArrayTrie getBest fails to match the empty string entry in certain - cases - + 7548 Interrupt flag is not always cleared in between requests - + 7567 Gzip compression not working for multipart/form-data when added to the - allowed list using addIncludedMimeTypes. - + 7569 Miconfigured headerCacheSize in can result in IllegalArgumentException - + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ - -jetty-10.0.9 - 30 March 2022 - + 5681 Unrecognized jetty-home/start.jar command line option not reported - clearly - + 5965 Option --write-module-graph produces wrong .dot file - + 6879 Remove jminix (not maintained) module as hawtio provide same features - + 7182 jetty.sh start process should remove jetty_state whenever deleting the - pid - + 7344 Incompatible with jacoco due to shutdown race condition - + 7414 QoSFilter.setMaxRequests throws NullPointerException - + 7513 Getter/setter type mismatch for mbean attribute file in class - org.eclipse.jetty.deploy.PropertiesConfigurationManager - + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very - large entry - + 7518 ArrayTrie getBest fails to match the empty string entry in certain - cases - + 7545 Named arguments do not work in jetty-openid.xml - + 7548 Interrupt flag is not always cleared in between requests - + 7567 Gzip compression not working for multipart/form-data when added to the - allowed list using addIncludedMimeTypes. - + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" - + 7575 Misleading docs for `HttpClientTransportDynamic` - + 7613 Configurations.add(Configuration) results in - UnsupportedOperationException - + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ - + 7617 Logback-access RequestLog not working - + 7625 HTTP/3 error against www.google.com - + 7677 jetty-maven-plugin - maven internal dependencies included on webapp - classloader - + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and - always uses non-direct buffers (causing GC locking) - + 7688 Read data to native memory from HttpInput - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - jetty-10.0.8 - 07 February 2022 + 2504 Expose more WebSocket details in JMX and Server Dump + 4275 Path Normalization/Traversal - Context Matching @@ -1698,19 +1775,6 @@ jetty-11.0.7 - 06 October 2021 + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option + 6938 module-info.java file do not use the canonical order for the elements -jetty-11.0.6 - 29 June 2021 - + 6375 Always check XML `Set` elements with `property` attribute - + 6382 HttpClient TimeoutException message reports transient values - + 6394 Review osgi manifests within Jetty 10 - + 6407 Malformed scheme logical expression check in WebSocket - ClientUpgradeRequest - + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress - + 6418 Bad and/or missing Require-Capability for osgi.serviceloader - + 6425 Update to asm 9.1 - + 6447 Deprecate support for UTF16 encoding in URIs - + 6451 Request#getServletPath() returns null for ROOT mapping - + 6464 Wrong files/lib definitions in certain *-capture.mod files? - jetty-10.0.7 - 06 October 2021 + 3514 Use interpolation of versions from pom in mod files + 6043 Reimplement UnixSocket support based on Java 16 @@ -1768,29 +1832,77 @@ jetty-10.0.7 - 06 October 2021 + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option + 6938 module-info.java file do not use the canonical order for the elements -jetty-10.0.6 - 29 June 2021 - + 6375 Always check XML `Set` elements with `property` attribute - + 6382 HttpClient TimeoutException message reports transient values - + 6394 Review osgi manifests within Jetty 10 - + 6407 Malformed scheme logical expression check in WebSocket - ClientUpgradeRequest - + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress - + 6418 Bad and/or missing Require-Capability for osgi.serviceloader - + 6425 Update to asm 9.1 - + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) - + 6451 Request#getServletPath() returns null for ROOT mapping - + 6464 Wrong files/lib definitions in certain *-capture.mod files? - + 6473 Improve alias checking in PathResource - -jetty-11.0.5 - 11 June 2021 - + 4772 Jetty WebSocket API onMessage annotation does not support partial - messages. - + 6302 Treat empty path segments are ambiguous - + 6329 Regression on graceful shutdown default in Jetty 10 - + 6354 org.slf4j dependency imports osgi packages at 2.0 - + 6379 Reduce contention in all `ByteBufferPool` implementations - + 6392 Review accidental xml config changes - +jetty-9.4.44.v20210927 - 27 September 2021 + + 3514 Use interpolation of versions from pom in mod files + + 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond + + 6372 Review socket options configuration + + 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing + libraries to use + + 6491 onDataAvailable() not called when HttpParser is closed prematurely + + 6520 Error page has HTML error when writePoweredBy is enabled + + 6545 image/webp MIME type support + + 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler + + 6554 Allow creation of DefaultIdentityService without realmName + + 6558 Allow to configure return type in JSON array parsing + + 6562 HttpOutput.write(ByteBuffer buffer) + + 6603 HTTP/2 max local stream count exceeded + + 6617 Add basic auth support for OpenId token endpoint (client_secret_basic) + + 6618 ID token `azp` claim should not be required if `aud` is single value + array + + 6652 Improve ReservedThreadExecutor dump + + 6671 Update to apache jsp 8.5.70 + + 6772 Update to asm 9.2 + + 6853 Remove pack200 plugins + + 6860 Correct IPv6 format + + 6869 Correct Content-Type within HTML error pages + + 6870 Encode control characters in URIUtil.encodePath + + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option + +jetty-9.4.43.v20210629 - 30 June 2021 + + 6379 Reduce contention in all `ByteBufferPool` implementations + + 6382 HttpClient TimeoutException message reports transient values + + 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout + + 6425 Update to asm 9.1 + + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) + + 6470 java.nio.ReadOnlyBufferException + + 6473 Improve alias checking in PathResource + +jetty-11.0.6 - 29 June 2021 + + 6375 Always check XML `Set` elements with `property` attribute + + 6382 HttpClient TimeoutException message reports transient values + + 6394 Review osgi manifests within Jetty 10 + + 6407 Malformed scheme logical expression check in WebSocket + ClientUpgradeRequest + + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress + + 6418 Bad and/or missing Require-Capability for osgi.serviceloader + + 6425 Update to asm 9.1 + + 6447 Deprecate support for UTF16 encoding in URIs + + 6451 Request#getServletPath() returns null for ROOT mapping + + 6464 Wrong files/lib definitions in certain *-capture.mod files? + +jetty-10.0.6 - 29 June 2021 + + 6375 Always check XML `Set` elements with `property` attribute + + 6382 HttpClient TimeoutException message reports transient values + + 6394 Review osgi manifests within Jetty 10 + + 6407 Malformed scheme logical expression check in WebSocket + ClientUpgradeRequest + + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress + + 6418 Bad and/or missing Require-Capability for osgi.serviceloader + + 6425 Update to asm 9.1 + + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) + + 6451 Request#getServletPath() returns null for ROOT mapping + + 6464 Wrong files/lib definitions in certain *-capture.mod files? + + 6473 Improve alias checking in PathResource + +jetty-11.0.5 - 11 June 2021 + + 4772 Jetty WebSocket API onMessage annotation does not support partial + messages. + + 6302 Treat empty path segments are ambiguous + + 6329 Regression on graceful shutdown default in Jetty 10 + + 6354 org.slf4j dependency imports osgi packages at 2.0 + + 6379 Reduce contention in all `ByteBufferPool` implementations + + 6392 Review accidental xml config changes + jetty-10.0.5 - 11 June 2021 + 4772 Jetty WebSocket API onMessage annotation does not support partial messages. @@ -1828,6 +1940,16 @@ jetty-10.0.4 - 04 June 2021 + 6347 session-store-gcloud module broken logging dependency + 6354 org.slfj osgi dependency imports packages at 2.0 +jetty-9.4.42.v20210604 - 04 June 2021 + + 5379 Better handling for wrong SNI + + 5931 SslConnection should implement getBytesIn()/getBytesOut() + + 6118 Display a warning when Hazelcast configuration does not contain Jetty + session serializer + + 6276 Support non-standard domains in SNI and X509 + + 6287 Class loading broken for WebSocketClient used inside webapp + + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests + with timeouts are sent + jetty-11.0.3 - 20 May 2021 + 3764 DeprecationWarning Decorator + 5306 Default jetty.*.acceptors should be 1 @@ -1907,6 +2029,26 @@ jetty-10.0.3 - 20 May 2021 + 6280 Copy ServletHolder class/instance properly during startWebapp + 6287 Class loading broken for WebSocketClient used inside webapp +jetty-9.4.41.v20210516 - 16 May 2021 + + 6099 Cipher preference may break SNI if certificates have different key + types + + 6186 Add Null Protection on Log / Logger + + 6205 OpenIdAuthenticator may use incorrect redirect + + 6208 HTTP/2 max local stream count exceeded + + 6227 Better resolve race between `AsyncListener.onTimeout` and + `AsyncContext.dispatch` + + 6254 Total timeout not enforced for queued requests + + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169) + + 6277 Better handle exceptions thrown from session destroy listener + (CVE-2021-34428) + + 6280 Copy ServletHolder class/instance properly during startWebapp + +jetty-9.4.40.v20210413 - 13 April 2021 + + 6082 SslConnection compacting + + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content + + 6148 Jetty start.jar always reports jetty.tag.version as `master` + + 6168 Improve handling of unconsumed content + jetty-11.0.2 - 26 March 2021 + 4275 Path Normalization/Traversal - Context Matching + 5828 Allow to create a WebSocketContainer passing HttpClient @@ -1944,6 +2086,89 @@ jetty-11.0.2 - 26 March 2021 + 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163 +jetty-10.0.2 - 26 March 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5828 Allow to create a WebSocketContainer passing HttpClient + + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError + + 5835 Review Durable Filters, Servlets and Listeners + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5996 ERROR : No module found to provide logback-impl for + logback-access{enabled} + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + + 6008 Allow absolute paths to be provided in start.ini for request log + directory. + + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong + method taken + + 6020 Review Jetty Maven Plugin scanning defaults + + 6021 Standardize Path resolution in XmlConfiguration + + 6024 Error starting jetty-10: Provider + org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not + found + + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6037 Review logging modules for j.u.l + + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 + (CVE-2021-28165) + + 6076 Embedded Jetty throws null pointer exception + + 6082 SslConnection compacting + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs (CVE-2021-28164) + + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) + +jetty-9.4.39.v20210325 - 25 March 2021 + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer + + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to + work on Android + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 - Resolves + CVE-2021-28165 + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 + + 6102 Exclude webapps directory from deployment scan - Resolves + CVE-2021-28163 + +jetty-9.4.39.v20210325 - 25 March 2021 + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer + + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to + work on Android + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 + (CVE-2021-28165) + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs (CVE-2021-28164) + + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) + +jetty-9.4.38.v20210224 - 24 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5963 Improve QuotedQualityCSV for CVE-2020-27223 + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + +jetty-9.4.38.v20210224 - 24 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5963 Improve QuotedQualityCSV (CVE-2020-27223) + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + jetty-11.0.1 - 19 February 2021 + 1673 jetty-demo/etc/keystore should not be distributed + 4275 Path Normalization/Traversal - Context Matching @@ -2000,34 +2225,217 @@ jetty-11.0.1 - 19 February 2021 + 5979 Configurable gzip Etag extension + 5992 Jetty 11 build still depends on apache-jstl -jetty-11.0.0 - 02 December 2020 - + 1923 GCThreadLeakPreventer won't work with Java 9 - + 4711 Reset trailers on recycled response - + 5086 Review Scanner locking - + 5272 The UserStore and PropertyUserStore classes are hard to re-use for - caching eg JDBC data - + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and - sends RST_STREAM - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5488 jetty-dir.css not found when using JPMS - + 5493 StatisticsHandler broken for async applications - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5539 StatisticsServlet output is not valid - + 5555 NPE for servlet with no mapping - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - + 5633 Allow to configure HttpClient request authority - + 5679 Distro argument --list-all-modules does not work - + 5680 No way to see which modules are enabled for the distro - + 5691 HttpInput may skip setting fill interest +jetty-10.0.1 - 19 February 2021 + + 1673 jetty-demo/etc/keystore should not be distributed + + 4275 Path Normalization/Traversal - Context Matching + + 4515 Validation extension should not downcast CoreSession + + 5492 Add ability to manage start modules by java feature + + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate + + 5605 Blocked IO Thread not woken + + 5689 Jetty ssl keystorePath doesn't work with absolute path + + 5706 The WebSocket ServerUpgradeResponse can produce NPE in jetty 10 + + 5725 Review Preventers + + 5755 Cannot configure maxDynamicTableSize on HTTP2Client + + 5757 Review Inferred vs Assumed charsets + + 5779 Include can set pathInContext + + 5783 Fix ConnectionStatistics.*Rate() methods + + 5784 Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0 + + 5785 Reduce log level for WebSocket connections closed by clients + + 5787 Make ManagedSelector report better JMX data + + 5794 ServerConnector leaks closed sockets which can lead to file descriptor + exhaustion + + 5799 Allow specifying the duration an object can stay in a pool + + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext + + 5830 Jetty-util contains wrong Import-Package + + 5844 download flag to jetty-start causes NullPointerException + + 5845 Use UTF-8 encoding for client basic auth if requested + + 5850 NPE at Principal WebSocketSession.getUserPrincipal() + + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup + + 5855 HttpClient may not send queued requests + + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool + + 5866 Support Programmatic WebSocket upgrade in Jetty 10 + + 5868 Cleaning up request attributes after websocket upgrade in Jetty 10 + + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows + due to URI case comparison bug + + 5872 Improve JMX support for Jetty logging + + 5880 Move test-simple-webapp to demos + + 5882 Simplify ALPN modules + + 5901 Starting Jetty with JPMS produces warnings about Servlet resources not + found + + 5909 Cannot disable HTTP OPTIONS Method + + 5933 ClientCertAuthenticator is not taking account SslContext configuration + + 5937 Unnecessary blocking in ResourceService + + 5939 Use unwrapped exception as exception type for error handling + + 5950 Deadlock due to logging inside classloaders + + 5963 Improve QuotedQualityCSV (CVE-2020-27223) + + 5966 jetty-home should not have a webapps/ directory + + 5973 Proxy client TLS authentication example + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5979 Configurable gzip Etag extension -jetty-11.0.0.beta3 - 21 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible +jetty-9.4.37.v20210219 - 19 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5492 Add ability to manage start modules by java feature + + 5605 Blocked IO Thread not woken + + 5787 Make ManagedSelector report better JMX data + + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup + + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool + + 5909 Cannot disable HTTP OPTIONS Method + + 5937 Unnecessary blocking in ResourceService + + 5950 Deadlock due to logging inside classloaders + + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223 + + 5973 Proxy client TLS authentication example + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5979 Configurable gzip Etag extension + +jetty-9.4.37.v20210219 - 19 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5492 Add ability to manage start modules by java feature + + 5605 Blocked IO Thread not woken + + 5787 Make ManagedSelector report better JMX data + + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup + + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool + + 5909 Cannot disable HTTP OPTIONS Method + + 5937 Unnecessary blocking in ResourceService + + 5950 Deadlock due to logging inside classloaders + + 5963 Improve QuotedQualityCSV (CVE-2020-27223) + + 5973 Proxy client TLS authentication example + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5979 Configurable gzip Etag extension + +jetty-9.4.36.v20210114 - 14 January 2021 + + 5310 Jetty Http2 client discards the response frames when there is GOAWAY + and sends RST_STREAM + + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate + + 5633 Allow to configure HttpClient request authority + + 5689 Jetty ssl keystorePath doesn't work with absolute path + + 5755 Cannot configure maxDynamicTableSize on HTTP2Client + + 5783 Fix ConnectionStatistics.*Rate() methods + + 5785 Reduce log level for WebSocket connections closed by clients + + 5794 ServerConnector leaks closed sockets which can lead to file descriptor + exhaustion + + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext + + 5830 Jetty-util contains wrong Import-Package + + 5844 download flag to jetty-start causes NullPointerException + + 5845 Use UTF-8 encoding for client basic auth if requested + + 5855 HttpClient may not send queued requests + + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows + due to URI case comparison bug + +jetty-9.4.36.v20210114 - 14 January 2021 + + 5310 Jetty Http2 client discards the response frames when there is GOAWAY + and sends RST_STREAM + + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate + + 5633 Allow to configure HttpClient request authority + + 5689 Jetty ssl keystorePath doesn't work with absolute path + + 5755 Cannot configure maxDynamicTableSize on HTTP2Client + + 5783 Fix ConnectionStatistics.*Rate() methods + + 5785 Reduce log level for WebSocket connections closed by clients + + 5794 ServerConnector leaks closed sockets which can lead to file descriptor + exhaustion + + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext + + 5830 Jetty-util contains wrong Import-Package + + 5844 download flag to jetty-start causes NullPointerException + + 5845 Use UTF-8 encoding for client basic auth if requested + + 5855 HttpClient may not send queued requests + + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows + due to URI case comparison bug + +jetty-11.0.0 - 02 December 2020 + + 1923 GCThreadLeakPreventer won't work with Java 9 + + 4711 Reset trailers on recycled response + + 5086 Review Scanner locking + + 5272 The UserStore and PropertyUserStore classes are hard to re-use for + caching eg JDBC data + + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and + sends RST_STREAM + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5488 jetty-dir.css not found when using JPMS + + 5493 StatisticsHandler broken for async applications + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5539 StatisticsServlet output is not valid + + 5555 NPE for servlet with no mapping + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + + 5633 Allow to configure HttpClient request authority + + 5679 Distro argument --list-all-modules does not work + + 5680 No way to see which modules are enabled for the distro + + 5691 HttpInput may skip setting fill interest + +jetty-10.0.0 - 02 December 2020 + + 1923 GCThreadLeakPreventer won't work with Java 9 + + 4711 Reset trailers on recycled response + + 5272 The UserStore and PropertyUserStore classes are hard to re-use for + caching eg JDBC data + + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and + sends RST_STREAM + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5488 jetty-dir.css not found when using JPMS + + 5493 StatisticsHandler broken for async applications + + 5498 Review ServletHolder.getServlet + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5539 StatisticsServlet output is not valid + + 5555 NPE for servlet with no mapping + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + (CVE-2020-27218) + + 5633 Allow to configure HttpClient request authority + + 5679 Distro argument --list-all-modules does not work + + 5680 No way to see which modules are enabled for the distro + + 5691 HttpInput may skip setting fill interest + +jetty-9.4.35.v20201120 - 20 November 2020 + + 4711 Reset trailers on recycled response + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5539 StatisticsServlet output is not valid + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing - + Resolves CVE-2020-27218 + + 5633 Allow to configure HttpClient request authority + +jetty-9.4.35.v20201120 - 20 November 2020 + + 4711 Reset trailers on recycled response + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5539 StatisticsServlet output is not valid + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + (CVE-2020-27218) + + 5633 Allow to configure HttpClient request authority + +jetty-9.4.34.v20201102 - 02 November 2020 + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5488 jetty-dir.css not found when using JPMS + + 5498 ServletHolder lifecycle correctness + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5555 NPE for servlet with no mapping + +jetty-9.4.34.v20201102 - 02 November 2020 + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5488 jetty-dir.css not found when using JPMS + + 5498 ServletHolder lifecycle correctness + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5555 NPE for servlet with no mapping + +jetty-11.0.0.beta3 - 21 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + 5287 CompressionPools should use the new jetty-util Pool class + 5360 demo-spec module incorrectly depends on demo-jndi + 5368 WebSocket text event execute in same thread as running binary event and @@ -2048,6 +2456,63 @@ jetty-11.0.0.beta3 - 21 October 2020 + 5475 Update to spifly 1.3.2 and asm 9 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown +jetty-10.0.0.beta3 - 21 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5287 CompressionPools should use the new jetty-util Pool class + + 5360 demo-spec module incorrectly depends on demo-jndi + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5379 Better handling for wrong SNI + + 5394 Quickstart does not inject/decorate objects + + 5401 Move jetty-http-tools under the project root + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 + + 5451 Improve Working Directory creation (CVE-2020-27216) + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + +jetty-9.4.33.v20201020 - 20 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5451 Improve Working Directory creation - Resolves CVE-2020-27216 + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + +jetty-9.4.33.v20201020 - 20 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5451 Improve Working Directory creation (CVE-2020-27216) + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + jetty-11.0.0.beta2 - 02 October 2020 + 1337 MultiPart Part.write(String fileName) - Write method used unexpected path @@ -2145,268 +2610,6 @@ jetty-11.0.0.beta2 - 02 October 2020 + 5365 org.eclipse.jetty.server.Request throws NullPointerException if SessionHandler newHttpSession returns null -jetty-11.0.0.beta1 - 10 July 2020 - + 1100 JSR356 Encoder#init is not called when created on demand - + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest - + 3428 Support Decoder lists on javax.websocket endpoints - + 4776 Incorrect path matching for WebSocket using PathMappings - + 4826 Upgrade to Apache Jasper 8.5.54 - + 4855 occasional h2spec failures on jenkins - + 4877 Review PathSpec classes - + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in - SETTINGS Frame. - + 4903 Give better errors for non public Websocket Endpoints - + 4904 WebsocketClient creates more connections than needed - + 4920 Restore ability to delete sessions on stop - + 4921 Quickstart run improperly runs dynamically added context initializers - + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like - before - + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies - + 4936 Response header overflow leads to buffer corruptions - + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 - session - + 4967 Possible buffer corruption in HTTP/2 session failures - + 4971 Simplify Connection.upgradeFrom()/upgradeTo() - + 4976 HttpClient async content throws NPE in DEBUG log - + 4981 Incorrect example for TryFilesFilter API docs - + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from - 9.4.26 to 9.4.30 - + 4989 annotation get NPE when parse library contain module-info.class - (example jakarta.xml.ws-api_2.3.2.jar) - + 5000 NPE from Server.dump of FilterMapping - + 5018 WebSocketClient upgrade request timeout not configurable - -jetty-11.0.0-alpha0 - 30 May 2020 - -jetty-10.0.2 - 26 March 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5828 Allow to create a WebSocketContainer passing HttpClient - + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError - + 5835 Review Durable Filters, Servlets and Listeners - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5996 ERROR : No module found to provide logback-impl for - logback-access{enabled} - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode - + 6008 Allow absolute paths to be provided in start.ini for request log - directory. - + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong - method taken - + 6020 Review Jetty Maven Plugin scanning defaults - + 6021 Standardize Path resolution in XmlConfiguration - + 6024 Error starting jetty-10: Provider - org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not - found - + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6037 Review logging modules for j.u.l - + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - (CVE-2021-28165) - + 6076 Embedded Jetty throws null pointer exception - + 6082 SslConnection compacting - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs (CVE-2021-28164) - + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) - -jetty-10.0.1 - 19 February 2021 - + 1673 jetty-demo/etc/keystore should not be distributed - + 4275 Path Normalization/Traversal - Context Matching - + 4515 Validation extension should not downcast CoreSession - + 5492 Add ability to manage start modules by java feature - + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate - + 5605 Blocked IO Thread not woken - + 5689 Jetty ssl keystorePath doesn't work with absolute path - + 5706 The WebSocket ServerUpgradeResponse can produce NPE in jetty 10 - + 5725 Review Preventers - + 5755 Cannot configure maxDynamicTableSize on HTTP2Client - + 5757 Review Inferred vs Assumed charsets - + 5779 Include can set pathInContext - + 5783 Fix ConnectionStatistics.*Rate() methods - + 5784 Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0 - + 5785 Reduce log level for WebSocket connections closed by clients - + 5787 Make ManagedSelector report better JMX data - + 5794 ServerConnector leaks closed sockets which can lead to file descriptor - exhaustion - + 5799 Allow specifying the duration an object can stay in a pool - + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext - + 5830 Jetty-util contains wrong Import-Package - + 5844 download flag to jetty-start causes NullPointerException - + 5845 Use UTF-8 encoding for client basic auth if requested - + 5850 NPE at Principal WebSocketSession.getUserPrincipal() - + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup - + 5855 HttpClient may not send queued requests - + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool - + 5866 Support Programmatic WebSocket upgrade in Jetty 10 - + 5868 Cleaning up request attributes after websocket upgrade in Jetty 10 - + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows - due to URI case comparison bug - + 5872 Improve JMX support for Jetty logging - + 5880 Move test-simple-webapp to demos - + 5882 Simplify ALPN modules - + 5901 Starting Jetty with JPMS produces warnings about Servlet resources not - found - + 5909 Cannot disable HTTP OPTIONS Method - + 5933 ClientCertAuthenticator is not taking account SslContext configuration - + 5937 Unnecessary blocking in ResourceService - + 5939 Use unwrapped exception as exception type for error handling - + 5950 Deadlock due to logging inside classloaders - + 5963 Improve QuotedQualityCSV (CVE-2020-27223) - + 5966 jetty-home should not have a webapps/ directory - + 5973 Proxy client TLS authentication example - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5979 Configurable gzip Etag extension - -jetty-10.0.0 - 02 December 2020 - + 1923 GCThreadLeakPreventer won't work with Java 9 - + 4711 Reset trailers on recycled response - + 5272 The UserStore and PropertyUserStore classes are hard to re-use for - caching eg JDBC data - + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and - sends RST_STREAM - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5488 jetty-dir.css not found when using JPMS - + 5493 StatisticsHandler broken for async applications - + 5498 Review ServletHolder.getServlet - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5539 StatisticsServlet output is not valid - + 5555 NPE for servlet with no mapping - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - (CVE-2020-27218) - + 5633 Allow to configure HttpClient request authority - + 5679 Distro argument --list-all-modules does not work - + 5680 No way to see which modules are enabled for the distro - + 5691 HttpInput may skip setting fill interest - -jetty-10.0.0.beta3 - 21 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5287 CompressionPools should use the new jetty-util Pool class - + 5360 demo-spec module incorrectly depends on demo-jndi - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5379 Better handling for wrong SNI - + 5394 Quickstart does not inject/decorate objects - + 5401 Move jetty-http-tools under the project root - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in - ForwardedRequestCustomizer - + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 - + 5451 Improve Working Directory creation (CVE-2020-27216) - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown - -jetty-9.4.39.v20210325 - 25 March 2021 - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer - + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to - work on Android - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - Resolves - CVE-2021-28165 - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 - + 6102 Exclude webapps directory from deployment scan - Resolves - CVE-2021-28163 - -jetty-9.4.38.v20210224 - 24 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5963 Improve QuotedQualityCSV for CVE-2020-27223 - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode - -jetty-9.4.37.v20210219 - 19 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5492 Add ability to manage start modules by java feature - + 5605 Blocked IO Thread not woken - + 5787 Make ManagedSelector report better JMX data - + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup - + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool - + 5909 Cannot disable HTTP OPTIONS Method - + 5937 Unnecessary blocking in ResourceService - + 5950 Deadlock due to logging inside classloaders - + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223 - + 5973 Proxy client TLS authentication example - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5979 Configurable gzip Etag extension - -jetty-9.4.36.v20210114 - 14 January 2021 - + 5310 Jetty Http2 client discards the response frames when there is GOAWAY - and sends RST_STREAM - + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate - + 5633 Allow to configure HttpClient request authority - + 5689 Jetty ssl keystorePath doesn't work with absolute path - + 5755 Cannot configure maxDynamicTableSize on HTTP2Client - + 5783 Fix ConnectionStatistics.*Rate() methods - + 5785 Reduce log level for WebSocket connections closed by clients - + 5794 ServerConnector leaks closed sockets which can lead to file descriptor - exhaustion - + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext - + 5830 Jetty-util contains wrong Import-Package - + 5844 download flag to jetty-start causes NullPointerException - + 5845 Use UTF-8 encoding for client basic auth if requested - + 5855 HttpClient may not send queued requests - + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows - due to URI case comparison bug - -jetty-9.4.35.v20201120 - 20 November 2020 - + 4711 Reset trailers on recycled response - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5539 StatisticsServlet output is not valid - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - - Resolves CVE-2020-27218 - + 5633 Allow to configure HttpClient request authority - -jetty-9.4.34.v20201102 - 02 November 2020 - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5488 jetty-dir.css not found when using JPMS - + 5498 ServletHolder lifecycle correctness - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5555 NPE for servlet with no mapping - -jetty-9.4.33.v20201020 - 20 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in - ForwardedRequestCustomizer - + 5451 Improve Working Directory creation - Resolves CVE-2020-27216 - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown - jetty-10.0.0.beta2 - 02 October 2020 + 1337 MultiPart Part.write(String fileName) - Write method used unexpected path @@ -2465,214 +2668,47 @@ jetty-10.0.0.beta2 - 02 October 2020 + 5147 Set MaxUsageCount with existing connection pool changing the behavior + 5150 Zero connection timeout is not supported in HTTP client with non-blocking connect - + 5152 HttpClient should handle unsolicited responses - + 5162 DecoratingListener raises a NullPointerException - + 5165 Wrong messagesIn count for HttpClient - + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client - Upgrade - + 5171 GzipHandler Vary head should be configurable - + 5174 Remove jetty-distribution in favor of jetty-home - + 5178 Update to asm 8.0.1 - + 5185 Introduce DoSFilter Listener for Alert messages - + 5193 WebSocket unimplemented BINARY message handling can result in TEXT - message delivery to fail - + 5198 Update GzipHandler - + 5201 QueuedThreadPool setDetailedDump gives less detail - + 5204 SNI does not work with PKIX - + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE - + 5217 Review RoundRobinConnectionPool - + 5224 HttpServletRequest.getServerName can include port when using - ForwardedRequestCustomizer - + 5233 Bad/Unsupported HTTP version should return 505 not 400 - + 5246 GzipHandler's DeflaterPool should be dumpable - + 5247 Improve ForwardRequestCustomizer authority priority - + 5254 Short list of Jetty modules - + 5256 Cleanup Jetty 10 Start - + 5263 Introduce jetty-home contamination warning - + 5264 Create demo module - + 5268 WARN Ignoring eviction setting: 0 - + 5280 Remove unused methods on SessionHandler - + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415 - Unsupported Media Type - + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty - 10, but a valid value on Jetty 9 - + 5316 Review element in Jetty XML - + 5317 Remove jetty-all from Jetty 10 - + 5321 javadoc:aggregate-jar broken in Jetty 10 - + 5324 Jetty XML should support nested elements - + 5327 NPE from jetty test webapp - + 5357 Update http://eclipse.org to https://eclipse.org in source - + 5360 demo-spec module incorrectly depends on demo-jndi - + 5362 Default ProxyServlet cannot proxy to https urls - + 5365 org.eclipse.jetty.server.Request throws NullPointerException if - SessionHandler newHttpSession returns null - -jetty-10.0.0.beta1 - 10 July 2020 - + 1100 JSR356 Encoder#init is not called when created on demand - + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest - + 3428 Support Decoder lists on javax.websocket endpoints - + 4741 getHttpServletMapping for async dispatch - + 4776 Incorrect path matching for WebSocket using PathMappings - + 4826 Upgrade to Apache Jasper 8.5.54 - + 4855 occasional h2spec failures on jenkins - + 4877 Review PathSpec classes - + 4885 setCookie() must not change the headers in a response during an include - + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in - SETTINGS Frame. - + 4903 Give better errors for non public Websocket Endpoints - + 4904 WebsocketClient creates more connections than needed - + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro - + 4920 Restore ability to delete sessions on stop - + 4921 Quickstart run improperly runs dynamically added context initializers - + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like - before - + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies - + 4936 Response header overflow leads to buffer corruptions - + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 - session - + 4967 Possible buffer corruption in HTTP/2 session failures - + 4971 Simplify Connection.upgradeFrom()/upgradeTo() - + 4976 HttpClient async content throws NPE in DEBUG log - + 4981 Incorrect example for TryFilesFilter API docs - + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from - 9.4.26 to 9.4.30 - + 4989 annotation get NPE when parse library contain module-info.class - (example jakarta.xml.ws-api_2.3.2.jar) - + 5000 NPE from Server.dump of FilterMapping - + 5018 WebSocketClient upgrade request timeout not configurable - -jetty-9.4.43.v20210629 - 30 June 2021 - + 6379 Reduce contention in all `ByteBufferPool` implementations - + 6382 HttpClient TimeoutException message reports transient values - + 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout - + 6425 Update to asm 9.1 - + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) - + 6470 java.nio.ReadOnlyBufferException - + 6473 Improve alias checking in PathResource - -jetty-9.4.42.v20210604 - 04 June 2021 - + 5379 Better handling for wrong SNI - + 5931 SslConnection should implement getBytesIn()/getBytesOut() - + 6118 Display a warning when Hazelcast configuration does not contain Jetty - session serializer - + 6276 Support non-standard domains in SNI and X509 - + 6287 Class loading broken for WebSocketClient used inside webapp - + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests - with timeouts are sent - -jetty-9.4.41.v20210516 - 16 May 2021 - + 6099 Cipher preference may break SNI if certificates have different key - types - + 6186 Add Null Protection on Log / Logger - + 6205 OpenIdAuthenticator may use incorrect redirect - + 6208 HTTP/2 max local stream count exceeded - + 6227 Better resolve race between `AsyncListener.onTimeout` and - `AsyncContext.dispatch` - + 6254 Total timeout not enforced for queued requests - + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169) - + 6277 Better handle exceptions thrown from session destroy listener - (CVE-2021-34428) - + 6280 Copy ServletHolder class/instance properly during startWebapp - -jetty-9.4.40.v20210413 - 13 April 2021 - + 6082 SslConnection compacting - + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content - + 6148 Jetty start.jar always reports jetty.tag.version as `master` - + 6168 Improve handling of unconsumed content - -jetty-9.4.39.v20210325 - 25 March 2021 - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer - + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to - work on Android - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - (CVE-2021-28165) - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs (CVE-2021-28164) - + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) - -jetty-9.4.38.v20210224 - 24 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5963 Improve QuotedQualityCSV (CVE-2020-27223) - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode - -jetty-9.4.37.v20210219 - 19 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5492 Add ability to manage start modules by java feature - + 5605 Blocked IO Thread not woken - + 5787 Make ManagedSelector report better JMX data - + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup - + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool - + 5909 Cannot disable HTTP OPTIONS Method - + 5937 Unnecessary blocking in ResourceService - + 5950 Deadlock due to logging inside classloaders - + 5963 Improve QuotedQualityCSV (CVE-2020-27223) - + 5973 Proxy client TLS authentication example - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5979 Configurable gzip Etag extension - -jetty-9.4.36.v20210114 - 14 January 2021 - + 5310 Jetty Http2 client discards the response frames when there is GOAWAY - and sends RST_STREAM - + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate - + 5633 Allow to configure HttpClient request authority - + 5689 Jetty ssl keystorePath doesn't work with absolute path - + 5755 Cannot configure maxDynamicTableSize on HTTP2Client - + 5783 Fix ConnectionStatistics.*Rate() methods - + 5785 Reduce log level for WebSocket connections closed by clients - + 5794 ServerConnector leaks closed sockets which can lead to file descriptor - exhaustion - + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext - + 5830 Jetty-util contains wrong Import-Package - + 5844 download flag to jetty-start causes NullPointerException - + 5845 Use UTF-8 encoding for client basic auth if requested - + 5855 HttpClient may not send queued requests - + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows - due to URI case comparison bug - -jetty-9.4.35.v20201120 - 20 November 2020 - + 4711 Reset trailers on recycled response - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5539 StatisticsServlet output is not valid - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - (CVE-2020-27218) - + 5633 Allow to configure HttpClient request authority - -jetty-9.4.34.v20201102 - 02 November 2020 - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5488 jetty-dir.css not found when using JPMS - + 5498 ServletHolder lifecycle correctness - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5555 NPE for servlet with no mapping - -jetty-9.4.33.v20201020 - 20 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in + + 5152 HttpClient should handle unsolicited responses + + 5162 DecoratingListener raises a NullPointerException + + 5165 Wrong messagesIn count for HttpClient + + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client + Upgrade + + 5171 GzipHandler Vary head should be configurable + + 5174 Remove jetty-distribution in favor of jetty-home + + 5178 Update to asm 8.0.1 + + 5185 Introduce DoSFilter Listener for Alert messages + + 5193 WebSocket unimplemented BINARY message handling can result in TEXT + message delivery to fail + + 5198 Update GzipHandler + + 5201 QueuedThreadPool setDetailedDump gives less detail + + 5204 SNI does not work with PKIX + + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE + + 5217 Review RoundRobinConnectionPool + + 5224 HttpServletRequest.getServerName can include port when using ForwardedRequestCustomizer - + 5451 Improve Working Directory creation (CVE-2020-27216) - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + + 5233 Bad/Unsupported HTTP version should return 505 not 400 + + 5246 GzipHandler's DeflaterPool should be dumpable + + 5247 Improve ForwardRequestCustomizer authority priority + + 5254 Short list of Jetty modules + + 5256 Cleanup Jetty 10 Start + + 5263 Introduce jetty-home contamination warning + + 5264 Create demo module + + 5268 WARN Ignoring eviction setting: 0 + + 5280 Remove unused methods on SessionHandler + + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415 + Unsupported Media Type + + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty + 10, but a valid value on Jetty 9 + + 5316 Review element in Jetty XML + + 5317 Remove jetty-all from Jetty 10 + + 5321 javadoc:aggregate-jar broken in Jetty 10 + + 5324 Jetty XML should support nested elements + + 5327 NPE from jetty test webapp + + 5357 Update http://eclipse.org to https://eclipse.org in source + + 5360 demo-spec module incorrectly depends on demo-jndi + + 5362 Default ProxyServlet cannot proxy to https urls + + 5365 org.eclipse.jetty.server.Request throws NullPointerException if + SessionHandler newHttpSession returns null jetty-9.4.32.v20200930 - 30 September 2020 + 2796 HTTP/2 max local stream count exceeded when request fails @@ -2749,6 +2785,71 @@ jetty-9.4.31.v20200723 - 23 July 2020 be empty string, but is `"/"` + 5064 NotSerializableException for OpenIdConfiguration +jetty-11.0.0.beta1 - 10 July 2020 + + 1100 JSR356 Encoder#init is not called when created on demand + + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest + + 3428 Support Decoder lists on javax.websocket endpoints + + 4776 Incorrect path matching for WebSocket using PathMappings + + 4826 Upgrade to Apache Jasper 8.5.54 + + 4855 occasional h2spec failures on jenkins + + 4877 Review PathSpec classes + + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in + SETTINGS Frame. + + 4903 Give better errors for non public Websocket Endpoints + + 4904 WebsocketClient creates more connections than needed + + 4920 Restore ability to delete sessions on stop + + 4921 Quickstart run improperly runs dynamically added context initializers + + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like + before + + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + + 4936 Response header overflow leads to buffer corruptions + + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 + session + + 4967 Possible buffer corruption in HTTP/2 session failures + + 4971 Simplify Connection.upgradeFrom()/upgradeTo() + + 4976 HttpClient async content throws NPE in DEBUG log + + 4981 Incorrect example for TryFilesFilter API docs + + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from + 9.4.26 to 9.4.30 + + 4989 annotation get NPE when parse library contain module-info.class + (example jakarta.xml.ws-api_2.3.2.jar) + + 5000 NPE from Server.dump of FilterMapping + + 5018 WebSocketClient upgrade request timeout not configurable + +jetty-10.0.0.beta1 - 10 July 2020 + + 1100 JSR356 Encoder#init is not called when created on demand + + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest + + 3428 Support Decoder lists on javax.websocket endpoints + + 4741 getHttpServletMapping for async dispatch + + 4776 Incorrect path matching for WebSocket using PathMappings + + 4826 Upgrade to Apache Jasper 8.5.54 + + 4855 occasional h2spec failures on jenkins + + 4877 Review PathSpec classes + + 4885 setCookie() must not change the headers in a response during an include + + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in + SETTINGS Frame. + + 4903 Give better errors for non public Websocket Endpoints + + 4904 WebsocketClient creates more connections than needed + + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro + + 4920 Restore ability to delete sessions on stop + + 4921 Quickstart run improperly runs dynamically added context initializers + + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like + before + + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + + 4936 Response header overflow leads to buffer corruptions + + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 + session + + 4967 Possible buffer corruption in HTTP/2 session failures + + 4971 Simplify Connection.upgradeFrom()/upgradeTo() + + 4976 HttpClient async content throws NPE in DEBUG log + + 4981 Incorrect example for TryFilesFilter API docs + + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from + 9.4.26 to 9.4.30 + + 4989 annotation get NPE when parse library contain module-info.class + (example jakarta.xml.ws-api_2.3.2.jar) + + 5000 NPE from Server.dump of FilterMapping + + 5018 WebSocketClient upgrade request timeout not configurable + jetty-9.4.30.v20200611 - 11 June 2020 + 4776 Incorrect path matching for WebSocket using PathMappings + 4826 Upgrade to Apache Jasper 8.5.54 @@ -2769,6 +2870,8 @@ jetty-9.4.30.v20200611 - 11 June 2020 + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + 4936 Response header overflow leads to buffer corruptions (CVE-2019-17638) +jetty-11.0.0-alpha0 - 30 May 2020 + jetty-9.4.29.v20200521 - 21 May 2020 + 2188 Lock contention creating HTTP/2 streams + 4235 communicate the reason of failure to the OpenID error page @@ -2948,6 +3051,14 @@ jetty-9.4.23.v20191118 - 18 November 2019 + 4325 Deprecate SniX509ExtendedKeyManager constructor without SslContextFactory$Server +jetty-9.3.28.v20191105 - 05 November 2019 + + 3989 Inform custom ManagedSelector of dead selector via optional + onFailedSelect() + + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + +jetty-9.2.29.v20191105 - 05 November 2019 + + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + jetty-9.4.22.v20191022 - 22 October 2019 + 2429 HttpClient backpressure improved + 3558 Error notifications can be received after a successful websocket @@ -3144,6 +3255,18 @@ jetty-9.4.17.v20190418 - 18 April 2019 + 3555 DefaultHandler Reveals Base Resource Path of each Context (CVE-2019-10247) +jetty-9.3.27.v20190418 - 18 April 2019 + + 3549 Directory Listing on Windows reveals Resource Base path + (CVE-2019-10246) + + 3555 DefaultHandler Reveals Base Resource Path of each Context + (CVE-2019-10247) + +jetty-9.2.28.v20190418 - 18 April 2019 + + 3549 Directory Listing on Windows reveals Resource Base path + (CVE-2019-10246) + + 3555 DefaultHandler Reveals Base Resource Path of each Context + (CVE-2019-10247) + jetty-9.4.16.v20190411 - 11 April 2019 + 1861 Limit total bytes pooled by ByteBufferPools + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException` @@ -3174,6 +3297,18 @@ jetty-9.4.16.v20190411 - 11 April 2019 + 3540 Use configured Provider in SslContextFactory consistently + 3545 NullPointerException on ServletOutputStream.print(""); +jetty-9.3.26.v20190403 - 03 April 2019 + + 2954 Improve cause reporting for HttpClient failures + + 3274 OSGi versions of java.base classes in + org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ + + 3302 Support host:port in X-Forwarded-For header in + ForwardedRequestCustomizer + + 3319 Allow reverse sort for directory listed files (CVE-2019-10241) + +jetty-9.2.27.v20190403 - 03 April 2019 + + 3319 Refactored Directory Listing to modernize and avoid XSS + (CVE-2019-10241) + jetty-9.4.15.v20190215 - 15 February 2019 + 113 Add support for NCSA Extended Log File Format + 150 extraClasspath() method on WebAppContext dont support dir path @@ -3217,38 +3352,6 @@ jetty-9.4.15.v20190215 - 15 February 2019 + 3350 Do not expect to be able to connect to https URLs with the HttpClient created from a parameterless constructor -jetty-9.3.28.v20191105 - 05 November 2019 - + 3989 Inform custom ManagedSelector of dead selector via optional - onFailedSelect() - + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop - -jetty-9.3.27.v20190418 - 18 April 2019 - + 3549 Directory Listing on Windows reveals Resource Base path - (CVE-2019-10246) - + 3555 DefaultHandler Reveals Base Resource Path of each Context - (CVE-2019-10247) - -jetty-9.3.26.v20190403 - 03 April 2019 - + 2954 Improve cause reporting for HttpClient failures - + 3274 OSGi versions of java.base classes in - org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ - + 3302 Support host:port in X-Forwarded-For header in - ForwardedRequestCustomizer - + 3319 Allow reverse sort for directory listed files (CVE-2019-10241) - -jetty-9.2.29.v20191105 - 05 November 2019 - + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop - -jetty-9.2.28.v20190418 - 18 April 2019 - + 3549 Directory Listing on Windows reveals Resource Base path - (CVE-2019-10246) - + 3555 DefaultHandler Reveals Base Resource Path of each Context - (CVE-2019-10247) - -jetty-9.2.27.v20190403 - 03 April 2019 - + 3319 Refactored Directory Listing to modernize and avoid XSS - (CVE-2019-10241) - jetty-9.4.14.v20181114 - 14 November 2018 + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls + 3104 Align jetty-schemas version within apache-jsp module as well @@ -3589,6 +3692,16 @@ jetty-9.4.9.v20180320 - 20 March 2018 jetty-9.2.24.v20180105 - 05 January 2018 + 2065 Backport #347 to Jetty 9.2.x. HttpClient Idle timeout connection reuse +jetty-9.2.23.v20171218 - 18 December 2017 + + 1556 Remove a timing channel in Password matching + + 1685 Update ALPN support for Java 8u141 + + 1702 Update ALPN support for Java 8u144 + + 1914 HttpClient fails to parse Content-Type response header with RFC 2045 + charset="utf-8" syntax + + 2065 Backport #347 to Jetty 9.2.x + + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with + CONNECT + jetty-9.4.8.v20171121 - 21 November 2017 + 212 HttpClient should support pluggable AuthenticationStore + 215 Add Conscrypt for native ALPN/TLS/SSL @@ -3664,6 +3777,44 @@ jetty-9.4.8.v20171121 - 21 November 2017 + 1981 Loading resource content failed + 1984 Remove jetty-client dependency in jetty-rewrite +jetty-9.3.22.v20171030 - 30 October 2017 + + 1213 Upgrade to ASM Version 6.0_ALPHA for JDK9 + + 1692 Annotation scanning should ignore `module-info.class` files + + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks + + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning + + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements + + 1901 Reimplement PathWatcher as scanner + + 1912 AbstractConnector EndPoint leak for failed SSL connections + + 1914 jetty client fails to parse response with RFC2045 conformant + Content-Type: charset="utf-8" + + 1928 Backport #1705 to jetty-9.3.x. Fixed leak on Rejected execution + +jetty-9.3.21.v20170918 - 18 September 2017 + + 487 JDK 9 build compatibility + + 1116 Support empty HTTP header values + + 1357 RolloverFileOutputStream: No rollout performed at midnight + + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled + + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception + + 1513 RolloverFileOutputStream: can't handle multiple instances + + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior + + 1556 Remove a timing channel in Password matching + + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones + + 1655 Improve extensibility of ServerConnector + + 1661 AbstractProxyServlet onProxyResponseFailure Error + + 1664 IPAccessHandler CIDR IP range check is incorrect + + 1685 Update ALPN support for Java 8u141 + + 1687 HTTP2: Correcting missing callback notification when channel not found + + 1702 Update ALPN support for Java 8u144 + + 1703 Improve HttpInput failure logging + + 1719 HTTP/2: Improve handling of queued requests + + 1741 Java 9 javadoc failure in build + + 1749 Dump HttpDestination exchange queue + + 1750 PoolingHttpDestination creates ConnectionPool twice + + 1759 HTTP/2: producer can block in onReset + + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint + + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with + CONNECT + jetty-9.4.7.v20170914 - 14 September 2017 + 215 Consider native ALPN/SSL provider + 487 JDK 9 build compatibility @@ -3757,27 +3908,18 @@ jetty-9.4.7.v20170914 - 14 September 2017 + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with CONNECT -jetty-9.2.23.v20171218 - 18 December 2017 - + 1556 Remove a timing channel in Password matching - + 1685 Update ALPN support for Java 8u141 - + 1702 Update ALPN support for Java 8u144 - + 1914 HttpClient fails to parse Content-Type response header with RFC 2045 - charset="utf-8" syntax - + 2065 Backport #347 to Jetty 9.2.x - + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with - CONNECT - -jetty-9.3.22.v20171030 - 30 October 2017 - + 1213 Upgrade to ASM Version 6.0_ALPHA for JDK9 - + 1692 Annotation scanning should ignore `module-info.class` files - + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks - + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning - + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements - + 1901 Reimplement PathWatcher as scanner - + 1912 AbstractConnector EndPoint leak for failed SSL connections - + 1914 jetty client fails to parse response with RFC2045 conformant - Content-Type: charset="utf-8" - + 1928 Backport #1705 to jetty-9.3.x. Fixed leak on Rejected execution +jetty-9.2.22.v20170606 - 06 June 2017 + + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar + + 1108 Please improve logging in SslContextFactory when there are no approved + cipher suites + + 1357 RolloverFileOutputStream: No rollout performed at midnight + + 1469 IllegalStateException in RolloverFileOutputStream + + 1507 Negative delay Timer.schedule exception due to mismatched local and + _logTimeZone values + + 1532 RolloverFileOutputStream can't handle multiple instances + + 1523 Update ALPN support for Java 8u131 + + 1556 A timing channel in Password.java + + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+ jetty-9.4.6.v20170531 - 31 May 2017 + 523 TLS close behaviour breaking session resumption @@ -3807,31 +3949,13 @@ jetty-9.4.6.v20170531 - 31 May 2017 + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy + 1579 NPE in Quoted Quality CSV -jetty-9.3.21.v20170918 - 18 September 2017 - + 487 JDK 9 build compatibility - + 1116 Support empty HTTP header values - + 1357 RolloverFileOutputStream: No rollout performed at midnight - + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled - + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception - + 1513 RolloverFileOutputStream: can't handle multiple instances - + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior - + 1556 Remove a timing channel in Password matching - + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones - + 1655 Improve extensibility of ServerConnector - + 1661 AbstractProxyServlet onProxyResponseFailure Error - + 1664 IPAccessHandler CIDR IP range check is incorrect - + 1685 Update ALPN support for Java 8u141 - + 1687 HTTP2: Correcting missing callback notification when channel not found - + 1702 Update ALPN support for Java 8u144 - + 1703 Improve HttpInput failure logging - + 1719 HTTP/2: Improve handling of queued requests - + 1741 Java 9 javadoc failure in build - + 1749 Dump HttpDestination exchange queue - + 1750 PoolingHttpDestination creates ConnectionPool twice - + 1759 HTTP/2: producer can block in onReset - + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint - + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with - CONNECT +jetty-9.3.20.v20170531 - 31 May 2017 + + 523 TLS close behaviour breaking session resumption + + 1108 Improve logging in SslContextFactory when there are no approved cipher + suites + + 1527 Jetty BOM should not depend on jetty-parent + + 1556 A timing channel in Password.java + + 1567 XmlConfiguration will start the same object multiple times jetty-9.4.5.v20170502 - 02 May 2017 + 304 Review dead code - StringUtil.sidBytesToString @@ -3865,27 +3989,6 @@ jetty-9.4.5.v20170502 - 02 May 2017 + 1521 Prevent copy of jetty jars to lib/gcloud + 1523 Update ALPN support for Java 8u131 -jetty-9.3.20.v20170531 - 31 May 2017 - + 523 TLS close behaviour breaking session resumption - + 1108 Improve logging in SslContextFactory when there are no approved cipher - suites - + 1527 Jetty BOM should not depend on jetty-parent - + 1556 A timing channel in Password.java - + 1567 XmlConfiguration will start the same object multiple times - -jetty-9.2.22.v20170606 - 06 June 2017 - + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar - + 1108 Please improve logging in SslContextFactory when there are no approved - cipher suites - + 1357 RolloverFileOutputStream: No rollout performed at midnight - + 1469 IllegalStateException in RolloverFileOutputStream - + 1507 Negative delay Timer.schedule exception due to mismatched local and - _logTimeZone values - + 1532 RolloverFileOutputStream can't handle multiple instances - + 1523 Update ALPN support for Java 8u131 - + 1556 A timing channel in Password.java - + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+ - jetty-9.3.19.v20170502 - 02 May 2017 + 877 Programmatic servlet mappings cannot override mappings from webdefault.xml using quickstart @@ -4421,6 +4524,19 @@ jetty-9.3.12.v20160915 - 15 September 2016 + 913 Unprotected debug in WebAppClassLoader + 922 Implements methods Connection.getBytes[In|Out]() +jetty-9.2.19.v20160908 - 08 September 2016 + + 817 NPE in jndi Resource + + 830 Test webapp not properly copied to demo-base + + 832 ServerWithJNDI example uses wrong webapp + + 851 MBeanContainer no longer unregisters MBeans when "stopped" + + 868 ClassLoader leak with Jetty and Karaf - static instances of + java.lang.Throwable + + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class + + 882 Add IPv6 support to IPAddressMap in jetty-util + + 894 When adding servless class, preserve Class instead of going through + String + + 899 PathFinderTest fails in jetty-9.2.x + jetty-9.4.0.M1 - 15 August 2016 + 185 Implement RFC 7239 (Forwarded header) + 213 jetty.osgi.boot requires Server services registered before @@ -4577,19 +4693,6 @@ jetty-9.3.11.v20160721 - 21 July 2016 + 755 NPE in HttpChannelOverHTTP2.requestContent() + 756 Filter problematic headers from CGI and FastCGIProxy -jetty-9.2.19.v20160908 - 08 September 2016 - + 817 NPE in jndi Resource - + 830 Test webapp not properly copied to demo-base - + 832 ServerWithJNDI example uses wrong webapp - + 851 MBeanContainer no longer unregisters MBeans when "stopped" - + 868 ClassLoader leak with Jetty and Karaf - static instances of - java.lang.Throwable - + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class - + 882 Add IPv6 support to IPAddressMap in jetty-util - + 894 When adding servless class, preserve Class instead of going through - String - + 899 PathFinderTest fails in jetty-9.2.x - jetty-9.2.18.v20160721 - 21 July 2016 + 425 Incorrect @ServerEndpoint Encoder/Decoder lifecycle + 649 LDAPLoginModule should disallow blank username and password @@ -5175,6 +5278,11 @@ jetty-9.3.1.v20150714 - 14 July 2015 + 472422 Custom status codes result in a NumberFormatException while using http2. +jetty-9.2.12.v20150709 - 09 July 2015 + + 469414 Proxied redirects expose upstream server name + + 469936 Remove usages of SpinLock + + 470184 Send the proxy-to-server request more lazily + jetty-9.3.0.v20150612 - 12 June 2015 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload data @@ -5358,11 +5466,6 @@ jetty-9.3.0.v20150612 - 12 June 2015 --add-to-start + 469991 Fix logging levels in websocket client UpgradeConnection -jetty-9.2.12.v20150709 - 09 July 2015 - + 469414 Proxied redirects expose upstream server name - + 469936 Remove usages of SpinLock - + 470184 Send the proxy-to-server request more lazily - jetty-9.2.11.v20150529 - 29 May 2015 + 461499 ConnectionPool may leak connections + 463579 Add support for 308 status code @@ -6196,6 +6299,30 @@ jetty-9.2.0.M1 - 08 May 2014 + 434077 AnnotatedServerEndpointTest emits strange exception + 434247 Redirect loop in FastCGI proxying for HTTPS sites +jetty-9.1.5.v20140505 - 05 May 2014 + + 431459 Jetty WebSocket compression extensions fails to handle big messages + properly + + 431519 Fixed NetworkTrafficListener + + 432145 Pending request is not failed when HttpClient is stopped + + 432270 Slow requests with response content delimited by EOF fail + + 432473 web.xml declaration order of filters not preserved on calls to init() + + 432483 make osgi.serviceloader support for + javax.servlet.ServletContainerInitializer optional (cherry picked from + commit 31043d25708edbea9ef31948093f4eaf2247919b) + + 432528 IllegalStateException when using DeferredContentProvider + + 432777 Async Write Loses Data with HTTPS Server + + 432901 ensure a single onError callback only in pending and unready states + + 432993 Improve handling of ProxyTo and Prefix parameters in + ProxyServlet.Transparent. + + 433365 No such servlet: + __org.eclipse.jetty.servlet.JspPropertyGroupServlet__ (cherry picked from + commit e2ed934978b958d6fccb28a8a5d04768f7c0432d) + + 433370 PATCH method does not work with ProxyServlet + + 433483 sync log initialize + + 433692 improved buffer resizing + + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly + + 434027 ReadListener.onError() not invoked in case of read failures + jetty-8.1.15.v20140411 - 11 April 2014 + 397167 Remote Access documentation is wrong + 419799 complete after exceptions thrown from async error pages @@ -6242,30 +6369,6 @@ jetty-9.2.0.M0 - 09 April 2014 + 432145 Pending request is not failed when HttpClient is stopped + 432270 Slow requests with response content delimited by EOF fail -jetty-9.1.5.v20140505 - 05 May 2014 - + 431459 Jetty WebSocket compression extensions fails to handle big messages - properly - + 431519 Fixed NetworkTrafficListener - + 432145 Pending request is not failed when HttpClient is stopped - + 432270 Slow requests with response content delimited by EOF fail - + 432473 web.xml declaration order of filters not preserved on calls to init() - + 432483 make osgi.serviceloader support for - javax.servlet.ServletContainerInitializer optional (cherry picked from - commit 31043d25708edbea9ef31948093f4eaf2247919b) - + 432528 IllegalStateException when using DeferredContentProvider - + 432777 Async Write Loses Data with HTTPS Server - + 432901 ensure a single onError callback only in pending and unready states - + 432993 Improve handling of ProxyTo and Prefix parameters in - ProxyServlet.Transparent. - + 433365 No such servlet: - __org.eclipse.jetty.servlet.JspPropertyGroupServlet__ (cherry picked from - commit e2ed934978b958d6fccb28a8a5d04768f7c0432d) - + 433370 PATCH method does not work with ProxyServlet - + 433483 sync log initialize - + 433692 improved buffer resizing - + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly - + 434027 ReadListener.onError() not invoked in case of read failures - jetty-9.1.4.v20140401 - 01 April 2014 + 414206 Rewrite rules re-encode requestURI + 414885 Don't expose JDT classes by default @@ -6919,64 +7022,133 @@ jetty-9.0.5.v20130815 - 15 August 2013 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network bytes + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411844 ArrayIndexOutOfBoundsException on wild URL + + 411844 ArrayIndexOutOfBoundsException on wild URL + + 411909 GzipFilter flushbuffer() results in erroneous finish() call + + 412234 fix bug where NetworkTrafficSelectChannelEndpoint counted bytes wrong + on incomplete writes + + 412318 HttpChannel fix multiple calls to _transport.completed() if handle() + is called multiple times while the channel is COMPLETED + + 412418 HttpTransportOverSPDY fix race condition while sending push streams + that could cause push data not to be sent. Fixes intermittent test issues in + ReferrerPushStrategyTest + + 412442 Avoid connection timeout after FIN-FIN close + + 412466 Improved search for unset JETTY_HOME + + 412608 EOF Chunk not sent on inputstream static content + + 412629 PropertyFileLoginModule doesn't cache user configuration file even + for refreshInterval=0 + + 412637 ShutdownMonitorThread already started + + 412712 HttpClient does not send the terminal chunk after partial writes + + 412713 add dumpOnStart configuration to jetty-maven-plugin + + 412750 HttpClient close expired connections fix + + 412814 HttpClient calling CompleteListener.onComplete() twice + + 412846 jetty Http Client Connection through Proxy is failing with Timeout + + 412938 Request.setCharacterEncoding now throws UnsupportedEncodingException + instead of UnsupportedCharsetException + + 413034 Multiple webapps redeploy returns NamingException with AppDynamics + javaagent + + 413066 accept lower case method: head + + 413108 HttpClient hardcodes dispatchIO=false when using SSL + + 413113 Inconsistent Request.getURI() when adding parameters via + Request.param(). + + 413154 ContextHandlerCollection defers virtual host handling to + ContextHandler + + 413155 HttpTransportOverSPDY remove constructor argument for version and get + version from stream.getSession instead + + 413371 Default JSON.Converters for List and Set + + 413372 JSON Enum uses name rather than toString() + + 413393 better logging of bad URLs in Resources + + 413486 SessionCookieConfig setters should throw IllegalStateException if + called after context started + + 413568 Made AJP worker name generic + + 413684 Trailing slash shows JSP source + + 413901 isAsyncStarted remains true while original request is dispatched + + 414085 Add jetty-continuations to plugin dependencies + + 414101 Do not escape special characters in cookies + + 414235 RequestLogHandler configured on a context fails to handle forwarded + requests + + 414393 StringIndexOutofBoundsException with > 8k multipart content without + CR or LF + + 414449 Added HttpParser strict mode for case sensitivity + + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking + for hidden dirnames + + 414625 final static version fields + + 414640 HTTP header value encoding + + 414652 WebSocket's sendMessage() may hang on congested connections + + 414727 Ensure asynchronously flushed resources are closed + + 414763 Added org.eclipse.jetty.util.log.stderr.ESCAPE option + + 414833 HttpSessionListener.destroy must be invoked in reverse order + + 414840 Request.login() throws NPE if username is null + + 414951 QueuedThreadPool fix constructor that missed to pass the idleTimeout + + 414972 HttpClient may read bytes with pre-tunnelled connection + +jetty-8.1.12.v20130726 - 26 July 2013 + + 396706 CGI support parameters + + 397193 MongoSessionManager refresh updates last access time + + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 + + 408529 Etags set in 304 response + + 408600 set correct jetty.url in all pom files + + 408642 setContentType from addHeader + + 408662 In pax-web servlet services requests even if init() has not finished + running + + 408806 getParameter returns null on Multipart request if called before + request.getPart()/getParts() + + 408909 GzipFilter setting of headers when reset and/or not compressed + + 409028 Jetty HttpClient does not work with proxy CONNECT method + + 409133 Empty causes StackOverflowError + + 409436 NPE on context restart using dynamic servlet registration + + 409449 Ensure servlets, filters and listeners added via dynamic + registration, annotations or descriptors are cleaned on context restarts + + 409556 FileInputStream not closed in DirectNIOBuffer + + 410405 Avoid NPE for requestDispatcher(../) + + 410630 MongoSessionManager conflicting session update op + + 410750 NoSQLSessions: implement session context data persistence across + server restarts + + 410893 async support defaults to false for spec created servlets and filters + + 411135 HttpClient may send proxied https requests to the proxy instead of + the target server. + + 411216 RequestLogHandler handles async completion + + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued + parameters 411459 MultiPartFilter.Wrapper getParameter should use charset + encoding of part + + 411755 MultiPartInputStreamParser fails on base64 encoded content + + 411909 GzipFilter flushbuffer() results in erroneous finish() call + + 412712 HttpClient does not send the terminal chunk after partial writes + + 412750 HttpClient close expired connections fix + + 413371 Default JSON.Converters for List and Set + + 413372 JSON Enum uses name rather than toString() + + 413684 Trailing slash shows JSP source + + 413812 Make RateTracker serializable + +jetty-7.6.12.v20130726 - 26 July 2013 + + 396706 CGI support parameters + + 397193 MongoSessionManager refresh updates last access time + + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 + + 408529 Etags set in 304 response + + 408600 set correct jetty.url in all pom files + + 408642 setContentType from addHeader + + 408662 In pax-web servlet services requests even if init() has not finished + running + + 408909 GzipFilter setting of headers when reset and/or not compressed + + 409028 Jetty HttpClient does not work with proxy CONNECT method + + 409133 Empty causes StackOverflowError + + 409556 FileInputStream not closed in DirectNIOBuffer + + 410630 MongoSessionManager conflicting session update op + + 410750 NoSQLSessions: implement session context data persistence across + server restarts + + 411135 HttpClient may send proxied https requests to the proxy instead of + the target server. + + 411216 RequestLogHandler handles async completion + + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued + parameters 411459 MultiPartFilter.Wrapper getParameter should use charset + encoding of part + + 411755 MultiPartInputStreamParser fails on base64 encoded content + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412234 fix bug where NetworkTrafficSelectChannelEndpoint counted bytes wrong - on incomplete writes - + 412318 HttpChannel fix multiple calls to _transport.completed() if handle() - is called multiple times while the channel is COMPLETED - + 412418 HttpTransportOverSPDY fix race condition while sending push streams - that could cause push data not to be sent. Fixes intermittent test issues in - ReferrerPushStrategyTest - + 412442 Avoid connection timeout after FIN-FIN close - + 412466 Improved search for unset JETTY_HOME - + 412608 EOF Chunk not sent on inputstream static content - + 412629 PropertyFileLoginModule doesn't cache user configuration file even - for refreshInterval=0 - + 412637 ShutdownMonitorThread already started + 412712 HttpClient does not send the terminal chunk after partial writes - + 412713 add dumpOnStart configuration to jetty-maven-plugin + 412750 HttpClient close expired connections fix - + 412814 HttpClient calling CompleteListener.onComplete() twice - + 412846 jetty Http Client Connection through Proxy is failing with Timeout - + 412938 Request.setCharacterEncoding now throws UnsupportedEncodingException - instead of UnsupportedCharsetException - + 413034 Multiple webapps redeploy returns NamingException with AppDynamics - javaagent - + 413066 accept lower case method: head - + 413108 HttpClient hardcodes dispatchIO=false when using SSL - + 413113 Inconsistent Request.getURI() when adding parameters via - Request.param(). - + 413154 ContextHandlerCollection defers virtual host handling to - ContextHandler - + 413155 HttpTransportOverSPDY remove constructor argument for version and get - version from stream.getSession instead + 413371 Default JSON.Converters for List and Set + 413372 JSON Enum uses name rather than toString() - + 413393 better logging of bad URLs in Resources - + 413486 SessionCookieConfig setters should throw IllegalStateException if - called after context started - + 413568 Made AJP worker name generic + 413684 Trailing slash shows JSP source - + 413901 isAsyncStarted remains true while original request is dispatched - + 414085 Add jetty-continuations to plugin dependencies - + 414101 Do not escape special characters in cookies - + 414235 RequestLogHandler configured on a context fails to handle forwarded - requests - + 414393 StringIndexOutofBoundsException with > 8k multipart content without - CR or LF - + 414449 Added HttpParser strict mode for case sensitivity - + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking - for hidden dirnames - + 414625 final static version fields - + 414640 HTTP header value encoding - + 414652 WebSocket's sendMessage() may hang on congested connections - + 414727 Ensure asynchronously flushed resources are closed - + 414763 Added org.eclipse.jetty.util.log.stderr.ESCAPE option - + 414833 HttpSessionListener.destroy must be invoked in reverse order - + 414840 Request.login() throws NPE if username is null - + 414951 QueuedThreadPool fix constructor that missed to pass the idleTimeout - + 414972 HttpClient may read bytes with pre-tunnelled connection + + 413812 Make RateTracker serializable jetty-9.0.4.v20130625 - 25 June 2013 + 396706 CGI support parameters @@ -7112,6 +7284,59 @@ jetty-9.0.4.v20130625 - 25 June 2013 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network bytes +jetty-8.1.11.v20130520 - 20 May 2013 + + 402844 STOP.PORT & STOP.KEY behaviour has changed + + 403281 jetty.sh waits for started or failure before returning + + 403513 jetty:run goal cannot be executed twice during the maven build + + 403570 Asynchronous Request Logging + + 404010 fix cast exception in mongodb session manager + + 404128 Add Vary headers rather than set them + + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if + listFiles() returns null + + 404325 data constraint redirection does send default port + + 404517 Close connection if request received after half close + + 404789 Support IPv6 addresses in DoSFilter white list + + 404958 Fixed Resource.newSystemResource striped / handling + + 405281 allow filemappedbuffers to not be used + + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + + 406437 Digest Auth supports out of order nc + + 406618 Jetty startup in OSGi Equinox fails when using option + jetty.home.bundle=org.eclipse.jetty.osgi.boot + + 406923 CR line termination + + 407136 @PreDestroy called after Servlet.destroy() + + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + + 407931 Add toggle for failing on servlet availability + + 407976 JDBCSessionIdManager potentially leaves server in bad state after + startup + + 408077 HashSessionManager leaves file handles open after being stopped + + 408446 Multipart parsing issue with boundry and charset in ContentType + header + +jetty-7.6.11.v20130520 - 20 May 2013 + + 402844 STOP.PORT & STOP.KEY behaviour has changed + + 403281 jetty.sh waits for started or failure before returning + + 403513 jetty:run goal cannot be executed twice during the maven build + + 403570 Asynchronous Request Logging + + 404010 fix cast exception in mongodb session manager + + 404128 Add Vary headers rather than set them + + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if + listFiles() returns null + + 404325 data constraint redirection does send default port + + 404517 Close connection if request received after half close + + 404789 Support IPv6 addresses in DoSFilter white list + + 404958 Fixed Resource.newSystemResource striped / handling + + 405281 allow filemappedbuffers to not be used + + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + + 406437 Digest Auth supports out of order nc + + 406923 CR line termination + + 407136 @PreDestroy called after Servlet.destroy() + + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + + 407976 JDBCSessionIdManager potentially leaves server in bad state after + startup + + 408077 HashSessionManager leaves file handles open after being stopped + + 408446 Multipart parsing issue with boundry and charset in ContentType + header + jetty-9.0.3.v20130506 - 06 May 2013 + 404010 fix cast exception in mongodb session manager + 404911 WebSocketCloseTest fails spuriously @@ -7201,179 +7426,41 @@ jetty-9.0.1.v20130408 - 08 April 2013 + 403281 jetty.sh waits for started or failure before returning + 403360 Named connectors + 403370 move frameBytes.fail() call in StandardSession.flush() outside the - synchronized block to avoid deadlock - + 403373 WebSocket change timeout log level from warn -> info - + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on - write and Timeout - + 403451 Review synchronization in SslConnection - + 403510 HttpSession maxInactiveInterval is not serialized in HashSession - + 403513 jetty:run goal cannot be executed twice during the maven build - + 403570 Asynchronous Request Logging - + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector - and async request log - + 403817 Use of WebSocket Session.close() results in invalid status code - + 404029 port jetty-monitor to jetty-9 and activate it - + 404036 JDBCSessionIdManager.doStart() method should not call - cleanExpiredSessions() because Listeners can't be notified - + 404067 If cannot connect to db fail startup of JDBCSessionIdManager - + 404128 Add Vary headers rather than set them - + 404176 Jetty's AnnotationConfiguration class does not scan non-jar resources - on the container classpath - + 404204 Exception from inputstream cause hang or timeout - + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if - listFiles() returns null - + 404323 Improved parameterization of https and SPDY - + 404325 data constraint redirection does send default port - + 404326 set status when Request.setHandled(true) is called - + 404511 Replaced all StringMap usage with Tries - + 404517 Close connection if request received after half close - + 404610 Reintroduce ability to disallow TLS renegotiation - + 404757 SPDY can only be built with the latest JDK version - + 404789 Support IPv6 addresses in DoSFilter white list - + 404881 Allow regexs for SslContextFactory.setIncludeCipherSuites() and - .setExcludeCipherSuites() - + 404889 SelectorManager accepts attachments with sockets - + 404906 servlets with load-on-startup = 0 are not fired up on jetty 9 startup - + 404958 Fixed Resource.newSystemResource striped / handling - + 405044 Query parameters lost for non GET or POST - -jetty-9.0.0.v20130308 - 08 March 2013 - + 399070 add updated version of npn-boot jar to start.ini - + 399799 do not hold lock while calling invalidation listeners - + 399967 Destroyables destroyed on undeploy and shutdown hook - + 400312 ServletContextListener.contextInitialized() is not called when added - in ServletContainerInitializer.onStartup - + 401495 removed unused getOutputStream - + 401531 StringIndexOutOfBoundsException for "/*" of - fix for multiple mappings to *.jsp - + 401641 Fixed MBean setter for String[] - + 401642 Less verbose INFOs - + 401643 Improved Authentication exception messages and provided quiet servlet - exception - + 401644 Dump does not login user already logged in - + 401651 Abort request if maxRequestsQueuedPerDestination is reached - + 401777 InputStreamResponseListener CJK byte (>=128) cause EOF - + 401904 fixed getRemoteAddr to return IP instead of hostname - + 401908 Enhance DosFilter to allow dynamic configuration of attributes - + 401966 Ensure OSGI WebApp as Service (WebAppContext) can be deployed only - through ServiceWebAppProvider - + 402008 Websocket blocking write hangs when remote client dies (or is killed) - without going thru Close handshake - + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty - server is stopped - + 402075 Massive old gen growth when hit by lots of non persistent - connections. - + 402090 httpsender PendingState cause uncertain data send to server - + 402106 fixed URI resize in HttpParser - + 402148 Update Javadoc for WebSocketServlet for new API - + 402154 WebSocket / Session.setIdleTimeout(ms) should support in-place idle - timeout changes - + 402185 updated javascript mime-type - + 402277 spdy proxy: fix race condition in nested push streams initiated by - upstream server. Fix several other small proxy issues - + 402316 HttpReceiver and null pointer exception - + 402341 Host with default port causes redirects loop - + 402726 WebAppContext references old WebSocket packages in system and server - classes - + 402757 WebSocket client module can't be used with WebSocket server module in - the same WAR - -jetty-8.1.12.v20130726 - 26 July 2013 - + 396706 CGI support parameters - + 397193 MongoSessionManager refresh updates last access time - + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 - + 408529 Etags set in 304 response - + 408600 set correct jetty.url in all pom files - + 408642 setContentType from addHeader - + 408662 In pax-web servlet services requests even if init() has not finished - running - + 408806 getParameter returns null on Multipart request if called before - request.getPart()/getParts() - + 408909 GzipFilter setting of headers when reset and/or not compressed - + 409028 Jetty HttpClient does not work with proxy CONNECT method - + 409133 Empty causes StackOverflowError - + 409436 NPE on context restart using dynamic servlet registration - + 409449 Ensure servlets, filters and listeners added via dynamic - registration, annotations or descriptors are cleaned on context restarts - + 409556 FileInputStream not closed in DirectNIOBuffer - + 410405 Avoid NPE for requestDispatcher(../) - + 410630 MongoSessionManager conflicting session update op - + 410750 NoSQLSessions: implement session context data persistence across - server restarts - + 410893 async support defaults to false for spec created servlets and filters - + 411135 HttpClient may send proxied https requests to the proxy instead of - the target server. - + 411216 RequestLogHandler handles async completion - + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued - parameters 411459 MultiPartFilter.Wrapper getParameter should use charset - encoding of part - + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412712 HttpClient does not send the terminal chunk after partial writes - + 412750 HttpClient close expired connections fix - + 413371 Default JSON.Converters for List and Set - + 413372 JSON Enum uses name rather than toString() - + 413684 Trailing slash shows JSP source - + 413812 Make RateTracker serializable - -jetty-7.6.12.v20130726 - 26 July 2013 - + 396706 CGI support parameters - + 397193 MongoSessionManager refresh updates last access time - + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 - + 408529 Etags set in 304 response - + 408600 set correct jetty.url in all pom files - + 408642 setContentType from addHeader - + 408662 In pax-web servlet services requests even if init() has not finished - running - + 408909 GzipFilter setting of headers when reset and/or not compressed - + 409028 Jetty HttpClient does not work with proxy CONNECT method - + 409133 Empty causes StackOverflowError - + 409556 FileInputStream not closed in DirectNIOBuffer - + 410630 MongoSessionManager conflicting session update op - + 410750 NoSQLSessions: implement session context data persistence across - server restarts - + 411135 HttpClient may send proxied https requests to the proxy instead of - the target server. - + 411216 RequestLogHandler handles async completion - + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued - parameters 411459 MultiPartFilter.Wrapper getParameter should use charset - encoding of part - + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412712 HttpClient does not send the terminal chunk after partial writes - + 412750 HttpClient close expired connections fix - + 413371 Default JSON.Converters for List and Set - + 413372 JSON Enum uses name rather than toString() - + 413684 Trailing slash shows JSP source - + 413812 Make RateTracker serializable - -jetty-8.1.11.v20130520 - 20 May 2013 - + 402844 STOP.PORT & STOP.KEY behaviour has changed - + 403281 jetty.sh waits for started or failure before returning + synchronized block to avoid deadlock + + 403373 WebSocket change timeout log level from warn -> info + + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on + write and Timeout + + 403451 Review synchronization in SslConnection + + 403510 HttpSession maxInactiveInterval is not serialized in HashSession + 403513 jetty:run goal cannot be executed twice during the maven build + 403570 Asynchronous Request Logging - + 404010 fix cast exception in mongodb session manager + + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector + and async request log + + 403817 Use of WebSocket Session.close() results in invalid status code + + 404029 port jetty-monitor to jetty-9 and activate it + + 404036 JDBCSessionIdManager.doStart() method should not call + cleanExpiredSessions() because Listeners can't be notified + + 404067 If cannot connect to db fail startup of JDBCSessionIdManager + 404128 Add Vary headers rather than set them + + 404176 Jetty's AnnotationConfiguration class does not scan non-jar resources + on the container classpath + + 404204 Exception from inputstream cause hang or timeout + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if listFiles() returns null + + 404323 Improved parameterization of https and SPDY + 404325 data constraint redirection does send default port + + 404326 set status when Request.setHandled(true) is called + + 404511 Replaced all StringMap usage with Tries + 404517 Close connection if request received after half close + + 404610 Reintroduce ability to disallow TLS renegotiation + + 404757 SPDY can only be built with the latest JDK version + 404789 Support IPv6 addresses in DoSFilter white list + + 404881 Allow regexs for SslContextFactory.setIncludeCipherSuites() and + .setExcludeCipherSuites() + + 404889 SelectorManager accepts attachments with sockets + + 404906 servlets with load-on-startup = 0 are not fired up on jetty 9 startup + 404958 Fixed Resource.newSystemResource striped / handling - + 405281 allow filemappedbuffers to not be used - + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest - + 406437 Digest Auth supports out of order nc - + 406618 Jetty startup in OSGi Equinox fails when using option - jetty.home.bundle=org.eclipse.jetty.osgi.boot - + 406923 CR line termination - + 407136 @PreDestroy called after Servlet.destroy() - + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager - + 407931 Add toggle for failing on servlet availability - + 407976 JDBCSessionIdManager potentially leaves server in bad state after - startup - + 408077 HashSessionManager leaves file handles open after being stopped - + 408446 Multipart parsing issue with boundry and charset in ContentType - header + + 405044 Query parameters lost for non GET or POST jetty-8.1.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on @@ -7411,31 +7498,6 @@ jetty-8.1.10.v20130312 - 12 March 2013 + 402833 Test harness for global error page and hide exception message from reason string -jetty-7.6.11.v20130520 - 20 May 2013 - + 402844 STOP.PORT & STOP.KEY behaviour has changed - + 403281 jetty.sh waits for started or failure before returning - + 403513 jetty:run goal cannot be executed twice during the maven build - + 403570 Asynchronous Request Logging - + 404010 fix cast exception in mongodb session manager - + 404128 Add Vary headers rather than set them - + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if - listFiles() returns null - + 404325 data constraint redirection does send default port - + 404517 Close connection if request received after half close - + 404789 Support IPv6 addresses in DoSFilter white list - + 404958 Fixed Resource.newSystemResource striped / handling - + 405281 allow filemappedbuffers to not be used - + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest - + 406437 Digest Auth supports out of order nc - + 406923 CR line termination - + 407136 @PreDestroy called after Servlet.destroy() - + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager - + 407976 JDBCSessionIdManager potentially leaves server in bad state after - startup - + 408077 HashSessionManager leaves file handles open after being stopped - + 408446 Multipart parsing issue with boundry and charset in ContentType - header - jetty-7.6.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on https://api-3t.paypal.com/nvp. @@ -7468,6 +7530,47 @@ jetty-7.6.10.v20130312 - 12 March 2013 + 402833 Test harness for global error page and hide exception message from reason string +jetty-9.0.0.v20130308 - 08 March 2013 + + 399070 add updated version of npn-boot jar to start.ini + + 399799 do not hold lock while calling invalidation listeners + + 399967 Destroyables destroyed on undeploy and shutdown hook + + 400312 ServletContextListener.contextInitialized() is not called when added + in ServletContainerInitializer.onStartup + + 401495 removed unused getOutputStream + + 401531 StringIndexOutOfBoundsException for "/*" of + fix for multiple mappings to *.jsp + + 401641 Fixed MBean setter for String[] + + 401642 Less verbose INFOs + + 401643 Improved Authentication exception messages and provided quiet servlet + exception + + 401644 Dump does not login user already logged in + + 401651 Abort request if maxRequestsQueuedPerDestination is reached + + 401777 InputStreamResponseListener CJK byte (>=128) cause EOF + + 401904 fixed getRemoteAddr to return IP instead of hostname + + 401908 Enhance DosFilter to allow dynamic configuration of attributes + + 401966 Ensure OSGI WebApp as Service (WebAppContext) can be deployed only + through ServiceWebAppProvider + + 402008 Websocket blocking write hangs when remote client dies (or is killed) + without going thru Close handshake + + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty + server is stopped + + 402075 Massive old gen growth when hit by lots of non persistent + connections. + + 402090 httpsender PendingState cause uncertain data send to server + + 402106 fixed URI resize in HttpParser + + 402148 Update Javadoc for WebSocketServlet for new API + + 402154 WebSocket / Session.setIdleTimeout(ms) should support in-place idle + timeout changes + + 402185 updated javascript mime-type + + 402277 spdy proxy: fix race condition in nested push streams initiated by + upstream server. Fix several other small proxy issues + + 402316 HttpReceiver and null pointer exception + + 402341 Host with default port causes redirects loop + + 402726 WebAppContext references old WebSocket packages in system and server + classes + + 402757 WebSocket client module can't be used with WebSocket server module in + the same WAR + jetty-9.0.0.RC2 - 24 February 2013 + Fix etc/jetty.xml TimerScheduler typo that is preventing normal startup + Fix etc/jetty-https.xml ExcludeCipherSuites typo that prevents SSL startup @@ -7505,166 +7608,70 @@ jetty-9.0.0.RC1 - 22 February 2013 + 400848 Redirect fails with non-encoded location URIs + 400849 Conversation hangs if non-first request fails when queued + 400859 limit max size of writes from cached content - + 400864 Added LowResourcesMonitor - + 401177 Make org.eclipse.jetty.websocket.api.WebSocketAdapter threadsafe - + 401183 Handle push streams in new method StreamFrameListener.onPush() - instead of SessionFrameListener.syn() - + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib - + 401317 Make Safari 5.x websocket support minVersion level error more clear - + 401382 Prevent parseAvailable from parsing next chunk when previous has not - been consumed. Handle no content-type in chunked request. - + 401414 Hostname verification fails - + 401427 WebSocket messages sent from onConnect fail to be read by jetty - websocket-client - + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser - + 401485 zip file closed exception - -jetty-9.0.0.RC0 - 01 February 2013 - + 362226 HttpConnection "wait" call causes thread resource exhaustion - + 370384 jetty-aggregate not used in jetty-distribution - + 381351 defaults for keymanager and trustmanager come from their factories - and not hardcoded - + 381521 Only set Vary header when content could be compressed - + 381689 Allow jetty-runner to specify listen host along with listen port - + 382237 support non java JSON classes - + 385306 added getURI method - + 391248 fixing localhost checking in statistics servlet - + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet - + 391345 fix missing br tag in statistics servlet - + 393933 remove deprecated classes/methods and consolidate some static methods - to SslContextFactory - + 393968 fix typo in javadoc - + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp - + 395232 UpgradeRequest object passed to createWebSocket() has null Session - + 395444 Disabling Websocket Compress Extensions (not working with Chrome / - deflate problem) - + 396428 Test for WebSocket masking on client fragments per RFC 6455 Sec 5.1 - + 396574 add JETTY_HOME as a location for pid to be found - + 396606 make spdy proxy capable of receiving SPDY and talk HTTP to the - upstream server - + 397168 backed of test timing - + 397769 TimerScheduler does not relinquish cancelled tasks - + 398872 SslConnection should not be notified of idle timeouts. First - solution. Merge branch 'ssl_idle_timeout_ignored'. - + 399132 check parent dir of session store against file to be removed - + 399173 UpgradeRequest.getParameterMap() should never return null - + 399242 Reduce/eliminate false sharing in BlockingArrayQueue - + 399319 Request.getURI() may return negative ports - + 399324 HttpClient does not handle correctly UnresolvedAddressException - + 399343 OnWebSocketConnect should use api.Session parameter instead - + 399344 Add missing @OnWebSocketError annotation - + 399397 websocket-client needs better upgrade failure checks - + 399421 Add websocket.api.Session.disconnect() for harsh low level connection - disconnect - + 399515 Websocket-client connect issues should report to websocket onError - handlers - + 399516 Websocket UpgradeException should contain HTTP Request/Response - information - + 399566 Running org.eclipse.jetty.server.session.MaxInactiveMigrationTest - produces stack trace - + 399568 OSGi tests can't find websocket classes - + 399576 Server dumpStdErr throws exception if server is stopping - + 399669 Remove WebSocketConnection in favor of websocket.api.Session - + 399689 Websocket RFC6455 extension handshake fails if server doesn't have - extension - + 399703 made encoding error handling consistent - + 399721 Change to - -jetty-9.0.0.M5 - 19 January 2013 - + 367638 throw exception for excess form keys - + 381521 Only set Vary header when content could be compressed - + 391623 Making --stop with STOP.WAIT perform graceful shutdown - + 393158 java.lang.IllegalStateException when sending an empty InputStream - + 393220 remove dead code from ServletHandler and log ServletExceptions in - warn instead of debug - + 393733 WebSocketClient interface should support multiple connections - + 395885 ResourceCache should honor useFileMappedBuffer if set - + 396253 FilterRegistration wrong order - + 396459 Log specific message for empty request body for multipart mime - requests - + 396500 HttpClient Exchange takes forever to complete when less content sent - than Content-Length - + 396886 MultiPartFilter strips bad escaping on filename="..." - + 397110 Accept %uXXXX encodings in URIs - + 397111 Tolerate empty or excessive whitespace preceeding MultiParts - + 397112 Requests with byte-range throws NPE if requested file has no mimetype - (eg no file extension) - + 397114 run-forked with waitForChild=false can lock up - + 397130 maxFormContentSize set in jetty.xml is ignored - + 397190 improve ValidUrlRule to iterate on codepoints - + 397321 Wrong condition in default start.config for annotations - + 397535 Support pluggable alias checking to support symbolic links - + 397769 TimerScheduler does not relinquish cancelled tasks - + 398105 Clean up WebSocketPolicy - + 398285 ProxyServlet mixes cookies from different clients - + 398337 UTF-16 percent encoding in UTF-16 form content - + 398582 Move lib/jta jar into lib/jndi - + JETTY-1533 handle URL with no path - -jetty-9.0.0.M4 - 21 December 2012 - + 392417 Prevent Cookie parsing interpreting unicode chars - + 393220 remove dead code from ServletHandler and log ServletExceptions in - warn instead of debug - + 393770 Error in ContextHandler.setEventListeners(EventListener[]) - + 394210 spdy api rename stream.syn() to stream.push() - + 394211 spdy: Expose RemoteServerAddress and LocalServerAddress in - StandardSession - + 394294 Start web-bundles started before jetty - + 394370 Add integration test for client resetting SPDY push SYN's - + 394514 Preserve URI parameters in sendRedirect - + 394552 HEAD requests don't work for jetty-client - + 394719 remove regex from classpath matching - + 394829 Session can not be restored after SessionManager.setIdleSavePeriod - has saved the session - + 394839 Allow multipart mime with no boundary - + 394854 optimised promise implementation - + 394870 Make enablement of remote access to test webapp configurable in - override-web.xml - + 395168 fix unavailable attributes when return type has annotation on super - class - + 395215 Multipart mime with just LF and no CRLF: add test for legacy filter - + 395220 New InputStream extension to allow a mix of EOL styles between - headers and content - + 395312 log.warn if a SPDY stream gets committed twice - + 395313 HttpTransportOverSPDY.send() does not rethrow exceptions, but call - Callback.failed() only - + 395314 Add missing flush() call after StandardSession.complete() has been - called. Some test cleanup. - + 395344 Move JSR-356 (Java WebSocket API) work off to Jetty 9.1.x - + 395380 add ValidUrlRule to jetty-rewrite - + 395394 allow logging from boot classloader - + 395574 port jetty-runner and StatisticsServlet to jetty-9 - + 395605 class cast exception in XMLConfiguration fixed - + 395649 add jetty-setuid back into jetty 9 and distribution - + 395794 slightly modified fix for empty file extenstion to mime type mapping - Added a default, so it will also work with unknown file extensions - + 396036 SPDY send controlFrames even if Stream is reset to avoid breaking the - compression context - + 396193 spdy remove timeout parameters from api and move them to the Info* - classes - + 396459 Log specific message for empty request body for multipart mime - requests - + 396460 Make ServerConnector configurable with jetty-maven-plugin - + 396472 org.eclipse.jetty.websocket needs to be removed from serverclasses as - it should only be a systemclass - + 396473 JettyWebXMlConfiguration does not reset serverclasses - + 396474 add websocket server classes to jetty-maven-plugin classpath - + 396475 Remove unneeded websocket-server dependency from test-jetty-webapp - + 396518 Websocket AB Tests should test for which side disconnected and - closed.wasClean - + 396687 missing jetty-io dependency in jetty-servlets - + JETTY-796 jetty ant plugin improvements + + 400864 Added LowResourcesMonitor + + 401177 Make org.eclipse.jetty.websocket.api.WebSocketAdapter threadsafe + + 401183 Handle push streams in new method StreamFrameListener.onPush() + instead of SessionFrameListener.syn() + + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib + + 401317 Make Safari 5.x websocket support minVersion level error more clear + + 401382 Prevent parseAvailable from parsing next chunk when previous has not + been consumed. Handle no content-type in chunked request. + + 401414 Hostname verification fails + + 401427 WebSocket messages sent from onConnect fail to be read by jetty + websocket-client + + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser + + 401485 zip file closed exception -jetty-9.0.0.M3 - 20 November 2012 - + 391623 Add option to --stop to wait for target jetty to stop - + 392237 Port test-integration to jetty-9 - + 392492 expect headers only examined for requests>=HTTP/1.1 - + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2 - + 393075 1xx, 204, 304 responses ignore headers that suggest content - + 393832 start connectors last - + 393947 additional tests - + 394143 add jetty-all aggregate via release profile - + 394144 add jetty-jaspi +jetty-9.0.0.RC0 - 01 February 2013 + + 362226 HttpConnection "wait" call causes thread resource exhaustion + + 370384 jetty-aggregate not used in jetty-distribution + + 381351 defaults for keymanager and trustmanager come from their factories + and not hardcoded + + 381521 Only set Vary header when content could be compressed + + 381689 Allow jetty-runner to specify listen host along with listen port + + 382237 support non java JSON classes + + 385306 added getURI method + + 391248 fixing localhost checking in statistics servlet + + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet + + 391345 fix missing br tag in statistics servlet + + 393933 remove deprecated classes/methods and consolidate some static methods + to SslContextFactory + + 393968 fix typo in javadoc + + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp + + 395232 UpgradeRequest object passed to createWebSocket() has null Session + + 395444 Disabling Websocket Compress Extensions (not working with Chrome / + deflate problem) + + 396428 Test for WebSocket masking on client fragments per RFC 6455 Sec 5.1 + + 396574 add JETTY_HOME as a location for pid to be found + + 396606 make spdy proxy capable of receiving SPDY and talk HTTP to the + upstream server + + 397168 backed of test timing + + 397769 TimerScheduler does not relinquish cancelled tasks + + 398872 SslConnection should not be notified of idle timeouts. First + solution. Merge branch 'ssl_idle_timeout_ignored'. + + 399132 check parent dir of session store against file to be removed + + 399173 UpgradeRequest.getParameterMap() should never return null + + 399242 Reduce/eliminate false sharing in BlockingArrayQueue + + 399319 Request.getURI() may return negative ports + + 399324 HttpClient does not handle correctly UnresolvedAddressException + + 399343 OnWebSocketConnect should use api.Session parameter instead + + 399344 Add missing @OnWebSocketError annotation + + 399397 websocket-client needs better upgrade failure checks + + 399421 Add websocket.api.Session.disconnect() for harsh low level connection + disconnect + + 399515 Websocket-client connect issues should report to websocket onError + handlers + + 399516 Websocket UpgradeException should contain HTTP Request/Response + information + + 399566 Running org.eclipse.jetty.server.session.MaxInactiveMigrationTest + produces stack trace + + 399568 OSGi tests can't find websocket classes + + 399576 Server dumpStdErr throws exception if server is stopping + + 399669 Remove WebSocketConnection in favor of websocket.api.Session + + 399689 Websocket RFC6455 extension handshake fails if server doesn't have + extension + + 399703 made encoding error handling consistent + + 399721 Change to jetty-8.1.9.v20130131 - 31 January 2013 + 362226 HttpConnection "wait" call causes thread resource exhaustion @@ -7771,6 +7778,102 @@ jetty-7.6.9.v20130131 - 31 January 2013 + JETTY-846 Support maven-war-plugin configuration for jetty-maven-plugin; fix NPE +jetty-9.0.0.M5 - 19 January 2013 + + 367638 throw exception for excess form keys + + 381521 Only set Vary header when content could be compressed + + 391623 Making --stop with STOP.WAIT perform graceful shutdown + + 393158 java.lang.IllegalStateException when sending an empty InputStream + + 393220 remove dead code from ServletHandler and log ServletExceptions in + warn instead of debug + + 393733 WebSocketClient interface should support multiple connections + + 395885 ResourceCache should honor useFileMappedBuffer if set + + 396253 FilterRegistration wrong order + + 396459 Log specific message for empty request body for multipart mime + requests + + 396500 HttpClient Exchange takes forever to complete when less content sent + than Content-Length + + 396886 MultiPartFilter strips bad escaping on filename="..." + + 397110 Accept %uXXXX encodings in URIs + + 397111 Tolerate empty or excessive whitespace preceeding MultiParts + + 397112 Requests with byte-range throws NPE if requested file has no mimetype + (eg no file extension) + + 397114 run-forked with waitForChild=false can lock up + + 397130 maxFormContentSize set in jetty.xml is ignored + + 397190 improve ValidUrlRule to iterate on codepoints + + 397321 Wrong condition in default start.config for annotations + + 397535 Support pluggable alias checking to support symbolic links + + 397769 TimerScheduler does not relinquish cancelled tasks + + 398105 Clean up WebSocketPolicy + + 398285 ProxyServlet mixes cookies from different clients + + 398337 UTF-16 percent encoding in UTF-16 form content + + 398582 Move lib/jta jar into lib/jndi + + JETTY-1533 handle URL with no path + +jetty-9.0.0.M4 - 21 December 2012 + + 392417 Prevent Cookie parsing interpreting unicode chars + + 393220 remove dead code from ServletHandler and log ServletExceptions in + warn instead of debug + + 393770 Error in ContextHandler.setEventListeners(EventListener[]) + + 394210 spdy api rename stream.syn() to stream.push() + + 394211 spdy: Expose RemoteServerAddress and LocalServerAddress in + StandardSession + + 394294 Start web-bundles started before jetty + + 394370 Add integration test for client resetting SPDY push SYN's + + 394514 Preserve URI parameters in sendRedirect + + 394552 HEAD requests don't work for jetty-client + + 394719 remove regex from classpath matching + + 394829 Session can not be restored after SessionManager.setIdleSavePeriod + has saved the session + + 394839 Allow multipart mime with no boundary + + 394854 optimised promise implementation + + 394870 Make enablement of remote access to test webapp configurable in + override-web.xml + + 395168 fix unavailable attributes when return type has annotation on super + class + + 395215 Multipart mime with just LF and no CRLF: add test for legacy filter + + 395220 New InputStream extension to allow a mix of EOL styles between + headers and content + + 395312 log.warn if a SPDY stream gets committed twice + + 395313 HttpTransportOverSPDY.send() does not rethrow exceptions, but call + Callback.failed() only + + 395314 Add missing flush() call after StandardSession.complete() has been + called. Some test cleanup. + + 395344 Move JSR-356 (Java WebSocket API) work off to Jetty 9.1.x + + 395380 add ValidUrlRule to jetty-rewrite + + 395394 allow logging from boot classloader + + 395574 port jetty-runner and StatisticsServlet to jetty-9 + + 395605 class cast exception in XMLConfiguration fixed + + 395649 add jetty-setuid back into jetty 9 and distribution + + 395794 slightly modified fix for empty file extenstion to mime type mapping + Added a default, so it will also work with unknown file extensions + + 396036 SPDY send controlFrames even if Stream is reset to avoid breaking the + compression context + + 396193 spdy remove timeout parameters from api and move them to the Info* + classes + + 396459 Log specific message for empty request body for multipart mime + requests + + 396460 Make ServerConnector configurable with jetty-maven-plugin + + 396472 org.eclipse.jetty.websocket needs to be removed from serverclasses as + it should only be a systemclass + + 396473 JettyWebXMlConfiguration does not reset serverclasses + + 396474 add websocket server classes to jetty-maven-plugin classpath + + 396475 Remove unneeded websocket-server dependency from test-jetty-webapp + + 396518 Websocket AB Tests should test for which side disconnected and + closed.wasClean + + 396687 missing jetty-io dependency in jetty-servlets + + JETTY-796 jetty ant plugin improvements + +jetty-9.0.0.M3 - 20 November 2012 + + 391623 Add option to --stop to wait for target jetty to stop + + 392237 Port test-integration to jetty-9 + + 392492 expect headers only examined for requests>=HTTP/1.1 + + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2 + + 393075 1xx, 204, 304 responses ignore headers that suggest content + + 393832 start connectors last + + 393947 additional tests + + 394143 add jetty-all aggregate via release profile + + 394144 add jetty-jaspi + jetty-9.0.0.M2 - 06 November 2012 + 371170 MongoSessionManager LastAccessTimeTest fails + 391877 org.eclipse.jetty.webapp.FragmentDescriptor incorrectly reporting @@ -8013,7 +8116,7 @@ jetty-7.6.6.v20120903 - 03 September 2012 + 385925 make SslContextFactory.setProtocols and SslContextFactory.setCipherSuites preserve the order of the given parameters -jetty-8.1.5.v20120716 - 16 June 2012 +jetty-7.6.5.v20120716 - 16 July 2012 + 376717 Balancer Servlet with round robin support, contribution, added missing license + 379250 Server is added to shutdown hook twice @@ -8031,20 +8134,15 @@ jetty-8.1.5.v20120716 - 16 June 2012 + 383251 500 for SocketExceptions + 383881 WebSocketHandler sets request as handled + 384254 revert change to writable when not dispatched - + 384280 Implement preliminary ServletRegistrations + 384847 CrossOriginFilter is not working + 384896 JDBCSessionManager fails to load existing sessions on oracle when contextPath is / + 384980 Jetty client unable to recover from Time outs when connection count per address hits max. - + 385138 add getter for session path and max cookie age that seemed to - disappear in a merge long ago - + JETTY-1523 It is imposible to map servlet to "/" using - WebApplicationInitializer + JETTY-1525 Show handle status in response debug message + JETTY-1530 refine search control on ldap login module -jetty-7.6.5.v20120716 - 16 July 2012 +jetty-8.1.5.v20120716 - 16 June 2012 + 376717 Balancer Servlet with round robin support, contribution, added missing license + 379250 Server is added to shutdown hook twice @@ -8062,11 +8160,16 @@ jetty-7.6.5.v20120716 - 16 July 2012 + 383251 500 for SocketExceptions + 383881 WebSocketHandler sets request as handled + 384254 revert change to writable when not dispatched + + 384280 Implement preliminary ServletRegistrations + 384847 CrossOriginFilter is not working + 384896 JDBCSessionManager fails to load existing sessions on oracle when contextPath is / + 384980 Jetty client unable to recover from Time outs when connection count per address hits max. + + 385138 add getter for session path and max cookie age that seemed to + disappear in a merge long ago + + JETTY-1523 It is imposible to map servlet to "/" using + WebApplicationInitializer + JETTY-1525 Show handle status in response debug message + JETTY-1530 refine search control on ldap login module @@ -8323,6 +8426,22 @@ jetty-7.6.0.RC5 - 20 January 2012 + JETTY-1475 made output state fields volatile to provide memory barrier for non dispatched thread IO +jetty-7.6.0.RC5 - 20 January 2012 + + 359329 Prevent reinvocation of LoginModule.login with jaspi for already + authed user + + 368632 Remove superfluous removal of org.apache.catalina.jsp_file + + 368633 fixed configure.dtd resource mappings + + 368635 moved lifecycle state reporting from toString to dump + + 368773 process data constraints without realm + + 368787 always set token view to new header buffers in httpparser + + 368821 improved test harness + + 368920 JettyAwareLogger always formats the arguments + + 368948 POM for jetty-jndi references unknown version for javax.activation + + 368992 avoid non-blocking flush when writing to avoid setting !_writable + without _writeblocked + + JETTY-1475 made output state fields volatile to provide memory barrier for + non dispatched thread IO + jetty-8.1.0.RC4 - 13 January 2012 + 365048 jetty Http client does not send proxy authentication when requesting a Https-resource through a web-proxy. @@ -8367,12 +8486,71 @@ jetty-7.6.0.RC4 - 13 January 2012 + 368291 Change warning to info for NoSuchFieldException on BeanELResolver.properties +jetty-7.6.0.RC4 - 13 January 2012 + + 365048 jetty Http client does not send proxy authentication when requesting + a Https-resource through a web-proxy. + + 366774 removed XSS vulnerbility + + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum + + 367716 simplified idleTimeout logic + + 368035 WebSocketClientFactory does not invoke super.doStop() + + 368060 do not encode sendRedirect URLs + + 368114 Protect against non-Strings in System properties for Log + + 368189 WebSocketClientFactory should not manage external thread pool + + 368215 Remove debug from jaspi + + 368240 Improve AggregateLifeCycle handling of shared lifecycles + + 368291 Change warning to info for NoSuchFieldException on + BeanELResolver.properties + +jetty-7.6.0.RC3 - 05 January 2012 + + 367433 added tests to investigate + + 367435 improved D00 test harness + + 367485 HttpExchange canceled before response do not release connection + + 367502 WebSocket connections should be closed when application context is + stopped. + + 367591 corrected configuration.xml version to 7.6 + + 367635 Added support for start.d directory + + 367638 limit number of form parameters to avoid DOS + + JETTY-1467 close half closed when idle + +jetty-7.6.0.RC3 - 05 January 2012 + + 367433 added tests to investigate + + 367435 improved D00 test harness + + 367485 HttpExchange canceled before response do not release connection + + 367502 WebSocket connections should be closed when application context is + stopped. + + 367591 corrected configuration.xml version to 7.6 + + 367635 Added support for start.d directory + + 367638 limit number of form parameters to avoid DOS + + JETTY-1467 close half closed when idle + jetty-8.1.0.RC2 - 22 December 2011 + 359329 jetty-jaspi must exports its packages. jetty-plus must import javax.security + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to cope - + 364921 Made test less time sensitive + + 364921 Made test less time sensitive + + 364936 use Resource for opening URL streams + + 365267 NullPointerException in bad Address + + 365375 ResourceHandler should be a HandlerWrapper + + 365750 Support WebSocket over SSL, aka wss:// + + 365932 Produce jetty-websocket aggregate jar for android use + + 365947 Set headers for Auth failure and retry in http-spi + + 366316 Superfluous printStackTrace on 404 + + 366342 Dont persist DosFilter trackers in http session + + 366730 pass the time idle to onIdleExpire + + 367048 test harness for guard on suspended requests + + 367175 SSL 100% CPU spin in case of blocked write and RST + + 367219 WebSocketClient.open() fails when URI uses default ports + + 367383 jsp-config element must be returned for + ServletContext.getJspConfigDescriptor + + JETTY-1460 suppress PrintWriter exceptions + + JETTY-1463 websocket D0 parser should return progress even if no fill done + + JETTY-1465 NPE in ContextHandler.toString + +jetty-7.6.0.RC2 - 22 December 2011 + + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to + cope + + 364921 Made test less time sensitive for ssl + 364936 use Resource for opening URL streams + 365267 NullPointerException in bad Address + 365375 ResourceHandler should be a HandlerWrapper @@ -8385,23 +8563,10 @@ jetty-8.1.0.RC2 - 22 December 2011 + 367048 test harness for guard on suspended requests + 367175 SSL 100% CPU spin in case of blocked write and RST + 367219 WebSocketClient.open() fails when URI uses default ports - + 367383 jsp-config element must be returned for - ServletContext.getJspConfigDescriptor + JETTY-1460 suppress PrintWriter exceptions + JETTY-1463 websocket D0 parser should return progress even if no fill done + JETTY-1465 NPE in ContextHandler.toString -jetty-7.6.0.RC3 - 05 January 2012 - + 367433 added tests to investigate - + 367435 improved D00 test harness - + 367485 HttpExchange canceled before response do not release connection - + 367502 WebSocket connections should be closed when application context is - stopped. - + 367591 corrected configuration.xml version to 7.6 - + 367635 Added support for start.d directory - + 367638 limit number of form parameters to avoid DOS - + JETTY-1467 close half closed when idle - jetty-7.6.0.RC2 - 22 December 2011 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to cope @@ -8427,7 +8592,7 @@ jetty-8.1.0.RC1 - 06 December 2011 3.0 + 365370 ServletHandler can fall through to nested handler -jetty-8.1.0.RC0 - 30 November 2011 +jetty-7.6.0.RC1 - 04 December 2011 + 352565 cookie httponly flag ignored + 353285 ServletSecurity annotation ignored + 357163 jetty 8 ought to proxy jetty8 javadocs @@ -8439,70 +8604,9 @@ jetty-8.1.0.RC0 - 30 November 2011 + 363878 Add ecj compiler to jetty-8 for jsp + 364283 can't parse the servlet multipart-config for the web.xml + 364430 Support web.xml enabled state for servlets + + 365370 ServletHandler can fall through to nested handler -jetty-7.6.0.RC5 - 20 January 2012 - + 359329 Prevent reinvocation of LoginModule.login with jaspi for already - authed user - + 368632 Remove superfluous removal of org.apache.catalina.jsp_file - + 368633 fixed configure.dtd resource mappings - + 368635 moved lifecycle state reporting from toString to dump - + 368773 process data constraints without realm - + 368787 always set token view to new header buffers in httpparser - + 368821 improved test harness - + 368920 JettyAwareLogger always formats the arguments - + 368948 POM for jetty-jndi references unknown version for javax.activation - + 368992 avoid non-blocking flush when writing to avoid setting !_writable - without _writeblocked - + JETTY-1475 made output state fields volatile to provide memory barrier for - non dispatched thread IO - -jetty-7.6.0.RC4 - 13 January 2012 - + 365048 jetty Http client does not send proxy authentication when requesting - a Https-resource through a web-proxy. - + 366774 removed XSS vulnerbility - + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum - + 367716 simplified idleTimeout logic - + 368035 WebSocketClientFactory does not invoke super.doStop() - + 368060 do not encode sendRedirect URLs - + 368114 Protect against non-Strings in System properties for Log - + 368189 WebSocketClientFactory should not manage external thread pool - + 368215 Remove debug from jaspi - + 368240 Improve AggregateLifeCycle handling of shared lifecycles - + 368291 Change warning to info for NoSuchFieldException on - BeanELResolver.properties - -jetty-7.6.0.RC3 - 05 January 2012 - + 367433 added tests to investigate - + 367435 improved D00 test harness - + 367485 HttpExchange canceled before response do not release connection - + 367502 WebSocket connections should be closed when application context is - stopped. - + 367591 corrected configuration.xml version to 7.6 - + 367635 Added support for start.d directory - + 367638 limit number of form parameters to avoid DOS - + JETTY-1467 close half closed when idle - -jetty-7.6.0.RC2 - 22 December 2011 - + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to - cope - + 364921 Made test less time sensitive for ssl - + 364936 use Resource for opening URL streams - + 365267 NullPointerException in bad Address - + 365375 ResourceHandler should be a HandlerWrapper - + 365750 Support WebSocket over SSL, aka wss:// - + 365932 Produce jetty-websocket aggregate jar for android use - + 365947 Set headers for Auth failure and retry in http-spi - + 366316 Superfluous printStackTrace on 404 - + 366342 Dont persist DosFilter trackers in http session - + 366730 pass the time idle to onIdleExpire - + 367048 test harness for guard on suspended requests - + 367175 SSL 100% CPU spin in case of blocked write and RST - + 367219 WebSocketClient.open() fails when URI uses default ports - + JETTY-1460 suppress PrintWriter exceptions - + JETTY-1463 websocket D0 parser should return progress even if no fill done - + JETTY-1465 NPE in ContextHandler.toString - -jetty-7.6.0.RC1 - 04 December 2011 +jetty-8.1.0.RC0 - 30 November 2011 + 352565 cookie httponly flag ignored + 353285 ServletSecurity annotation ignored + 357163 jetty 8 ought to proxy jetty8 javadocs @@ -8514,7 +8618,6 @@ jetty-7.6.0.RC1 - 04 December 2011 + 363878 Add ecj compiler to jetty-8 for jsp + 364283 can't parse the servlet multipart-config for the web.xml + 364430 Support web.xml enabled state for servlets - + 365370 ServletHandler can fall through to nested handler jetty-7.6.0.RC0 - 29 November 2011 + 349110 fixed bypass chunk handling @@ -8581,6 +8684,10 @@ jetty-8.0.3.v20111011 - 11 October 2011 + 348978 migrate jetty-http-spi + 358649 StdErrLog system properties for package/class logging LEVEL +jetty-7.5.3.v20111011 - 11 October 2011 + + 348978 migrate jetty-http-spi + + 358649 StdErrLog system properties for package/class logging LEVEL + jetty-8.0.2.v20111006 - 06 October 2011 + 336443 add missing comma in DigestAuthenticator string + 342161 ScannerTest fails intermittently on Mac OS X @@ -8633,10 +8740,6 @@ jetty-8.0.2.v20111006 - 06 October 2011 + JETTY-1434 Add a jsp that exercises jstl + JETTY-1439 space in directory installation path causes classloader problem -jetty-7.5.3.v20111011 - 11 October 2011 - + 348978 migrate jetty-http-spi - + 358649 StdErrLog system properties for package/class logging LEVEL - jetty-7.5.2.v20111006 - 06 October 2011 + 336443 check nonce count is increasing + 342161 ScannerTest fails intermittently on Mac OS X @@ -8758,13 +8861,6 @@ jetty-8.0.0.RC0 - 16 August 2011 + Enable annotations by default + Merge from jetty-7.4.3 -jetty-8.0.0.M3 - 27 May 2011 - + 324505 Implement API login - + 335500 request.getParts() throws a NullPointerException - + 343472 isUserInRole does not prevent subsequent login call - + 346180 jsp-2.2 support - + Updated to jetty-7.4.2.v20110526 - jetty-7.5.0.RC0 - 15 August 2011 + 298502 Handle 200 Connect responses with no content-length + 347484 / - > ${/} in some paths in grant codebases @@ -8840,7 +8936,14 @@ jetty-7.4.3.v20110701 - 01 July 2011 HTttpExchange.setRequestContentSource(InputStream) + JETTY-1390 RewriteHandler handles encoded URIs -jetty-7.4.2.v20110526 +jetty-8.0.0.M3 - 27 May 2011 + + 324505 Implement API login + + 335500 request.getParts() throws a NullPointerException + + 343472 isUserInRole does not prevent subsequent login call + + 346180 jsp-2.2 support + + Updated to jetty-7.4.2.v20110526 + +jetty-7.4.2.v20110526 - 26 May 2011 + 334443 Improve the ability to specify extra class paths using the Jetty Maven Plugin + 336220 tmp directory is not set if you reload a webapp with @@ -8865,7 +8968,7 @@ jetty-7.4.2.v20110526 + JETTY-1146 Encode jsessionid in sendRedirect + JETTY-1342 Recreate selector if wakeup throws JVM bug -jetty-7.4.1.v20110513 +jetty-7.4.1.v20110513 - 13 May 2011 + 288563 remove unsupported and deprecated --secure option + 332907 Add context property to ObjectName of JMX MBeans + 336056 Ability to override the computation of the ContextHandler to deploy @@ -8901,13 +9004,13 @@ jetty-7.4.1.v20110513 + JETTY-1343 IllegalArgumentException for bad % encodings + JETTY-1347 Updated ServletHander javadoc -jetty-7.4.0.v20110414 +jetty-7.4.0.v20110414 - 14 April 2011 + 342504 Scanner Listener + 342700 refine websocket API for anticipated changes + JETTY-1362 Set root cause of UnavailableException + Various test harness cleanups to avoid random failures -jetty-7.4.0.RC0 +jetty-7.4.0.RC0 - 07 April 2011 + 324110 Added test harnesses for merging of QueryStrings + 337685 Update websocket API in preparation for draft -07 + 338627 HashSessionManager.getIdleSavePeriod returns milliseconds instead of @@ -8947,26 +9050,6 @@ jetty-7.4.0.RC0 + Added extra session removal test + Ensure generated fragment names are unique -jetty-8.0.0.M2 - 16 November 2010 - + 320073 Reconsile configuration mechanism - + 321068 JSF2 fails to initialize - + 324493 Registration init parameter handling null check, setInitParameters - additive - + 324505 Request.login method must throw ServletException if it cant login - + 324872 allow disabling listener restriction from using *Registration - interfaces - + 327416 Change meaning of @HandlesTypes in line with latest interpretation by - JSR315 - + 327489 Change meaning of @MultipartConfig to match servlet spec 3.0 - maintenance release 3.0a - + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii - + 330188 Reject web-fragment.xml with same as another already loaded - one - + 330208 Support new wording on servlet-mapping and filter-mapping merging - from servlet3.0a - + 330292 request.getParts() returns only one part when the name is the same - + Update to jetty-7.2.1.v20101111 - jetty-7.3.1.v20110307 - 07 March 2011 + 316382 Support a more strict SSL option with certificates + 333481 Handle UCS-4 codepoints in decode and encode @@ -9068,6 +9151,26 @@ jetty-7.2.2.v20101205 - 05 December 2010 + JETTY-1307 Check that JarFileResource directories end with / + JETTY-1308 327109 (re)fixed AJP handling of empty packets +jetty-8.0.0.M2 - 16 November 2010 + + 320073 Reconsile configuration mechanism + + 321068 JSF2 fails to initialize + + 324493 Registration init parameter handling null check, setInitParameters + additive + + 324505 Request.login method must throw ServletException if it cant login + + 324872 allow disabling listener restriction from using *Registration + interfaces + + 327416 Change meaning of @HandlesTypes in line with latest interpretation by + JSR315 + + 327489 Change meaning of @MultipartConfig to match servlet spec 3.0 + maintenance release 3.0a + + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii + + 330188 Reject web-fragment.xml with same as another already loaded + one + + 330208 Support new wording on servlet-mapping and filter-mapping merging + from servlet3.0a + + 330292 request.getParts() returns only one part when the name is the same + + Update to jetty-7.2.1.v20101111 + jetty-7.2.1.v20101111 - 11 November 2010 + 324679 Fixed dedection of write before static content + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii @@ -9197,7 +9300,20 @@ jetty-7.2.0.RC0 - 01 October 2010 + Fix jetty-plus.xml for new configuration names + Improved debug dump -jetty-7.1.6.v20100715 +jetty-6.1.25 - 26 July 2010 + + 320264 Removed duplicate mime.property entries + + JETTY-1212 Long content lengths + + JETTY-1214 Avoid ISE when scavenging invalid session + + JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and + resourceBase is not set + + JETTY-1226 javax.activation needs to be listed in the system classes + + JETTY-1237 Remember local/remote details of endpoint + + JETTY-1251 protected against closed selector + + COMETD-112 if two threads create the same channel, then create events may + occur after subscribe events + + Jetty-6 is now in maintenance mode. + +jetty-7.1.6.v20100715 - 15 July 2010 + 319519 Warn about duplicate configuration files + 319655 Reset HEAD status + JETTY-1247 synchronize recylcing of SSL NIO buffers @@ -9214,7 +9330,7 @@ jetty-8.0.0.M1 - 12 July 2010 + Ensure empty implies exclusion of all fragments + Ensure servlet-api jar class inheritance hierarchy is scanned -jetty-7.1.5.v20100705 +jetty-7.1.5.v20100705 - 05 July 2010 + 288194 Add blacklist/whitelist to ProxyServlet and ProxyHandler + 296570 EOFException for HttpExchange when HttpClient.stop called + 311550 The WebAppProvider should allow setTempDirectory @@ -9240,20 +9356,7 @@ jetty-7.1.5.v20100705 + JETTY-1237 Save local/remote address to be available after close + Update ecj to 3.6 Helios release drop -jetty-6.1.25 - 26 July 2010 - + 320264 Removed duplicate mime.property entries - + JETTY-1212 Long content lengths - + JETTY-1214 Avoid ISE when scavenging invalid session - + JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and - resourceBase is not set - + JETTY-1226 javax.activation needs to be listed in the system classes - + JETTY-1237 Remember local/remote details of endpoint - + JETTY-1251 protected against closed selector - + COMETD-112 if two threads create the same channel, then create events may - occur after subscribe events - + Jetty-6 is now in maintenance mode. - -jetty-7.1.4.v20100610 +jetty-7.1.4.v20100610 - 10 June 2010 + 292326 Stop continuations if server is stopped + 292814 Make QoSFilter and DoSFilter JMX manageable + 293222 Improve request log to handle/show asynchronous latency @@ -9283,7 +9386,7 @@ jetty-7.1.4.v20100610 + JETTY-547 Delay close after shutdown until request read + JETTY-1231 Support context request log handler -jetty-7.1.3.v20100526 +jetty-7.1.3.v20100526 - 26 May 2010 + 296567 HttpClient RedirectListener handles new HttpDestination + 297598 JDBCLoginService uses hardcoded credential class + 305898 Websocket handles query string in URI @@ -9293,7 +9396,7 @@ jetty-7.1.3.v20100526 + 314177 JSTL support is broken + 314459 support maven3 for builds -jetty-7.1.2.v20100523 +jetty-7.1.2.v20100523 - 23 May 2010 + 308866 Update test suite to JUnit4 - Module jetty-util + 312948 Recycle SSL crypto buffers + 313196 randomly allocate ports for session test @@ -9302,7 +9405,7 @@ jetty-7.1.2.v20100523 + 314009 updated README.txt + Update links to jetty website and wiki on test webapp -jetty-7.1.1.v20100517 +jetty-7.1.1.v20100517 - 17 May 2010 + 302344 Make the list of available contexts if root context is not configured optional + 304803 Remove TypeUtil Integer and Long caches @@ -9384,19 +9487,6 @@ jetty-7.1.0.RC0 - 27 April 2010 + Merged 7.0.2.v20100331 + Temporarily remove jetty-osgi module to clarify jsp version compatibility -jetty-7.0.2.v20100331 - 31 March 2010 - + 297552 Don't call Continuation timeouts from acceptor tick - + 298236 Additional unit tests for jetty-client - + 306782 httpbis interpretation of 100 continues. Body never skipped - + 306783 NPE in StdErrLog when Throwable is null - + 306840 Suppress content-length in requests with no content - + 306880 Support for UPGRADE in HttpClient - + 306884 Suspend with timeout <=0 never expires - + 307589 updated servlet 3.0 continuations for final API - + Allow Configuration array to be set on Server instance for all web apps - + Ensure webapps with no WEB-INF don't scan WEB-INF/lib - + Take excess logging statements out of startup - jetty-6.1.24 - 21 April 2010 + 308925 Protect the test webapp from remote access + JETTY-903 Stop both caches @@ -9465,7 +9555,20 @@ jetty-6.1.23 - 02 April 2010 + Remove references to old content in HttpClient client tests for www.sun.com + Updated JSP to 2.1.v20091210 -jetty-7.0.2.RC0 +jetty-7.0.2.v20100331 - 31 March 2010 + + 297552 Don't call Continuation timeouts from acceptor tick + + 298236 Additional unit tests for jetty-client + + 306782 httpbis interpretation of 100 continues. Body never skipped + + 306783 NPE in StdErrLog when Throwable is null + + 306840 Suppress content-length in requests with no content + + 306880 Support for UPGRADE in HttpClient + + 306884 Suspend with timeout <=0 never expires + + 307589 updated servlet 3.0 continuations for final API + + Allow Configuration array to be set on Server instance for all web apps + + Ensure webapps with no WEB-INF don't scan WEB-INF/lib + + Take excess logging statements out of startup + +jetty-7.0.2.RC0 - 09 March 2010 + 290765 Reset input for HttpExchange retry + 292799 WebAppDeployer - start a started context? + 292800 ContextDeployer - recursive setting is undone by FilenameFilter @@ -9709,6 +9812,29 @@ jetty-7.0.0.RC5 - 27 August 2009 + JETTY-1086 Added UncheckedPrintWriter to avoid ignored EOFs + JETTY-1087 Chunked SSL non blocking input +jetty-7.0.0.RC4 - 18 August 2009 + + 279820 Fixed HotSwapHandler + + 285891 SessionAuthentication is serializable + + 286185 Implement ability for JSON implementation to automatically register + convertors + + 286535 ContentExchange status code + + JETTY-1057 XSS error page + + JETTY-1079 ResourceCollection.toString + + JETTY-1080 Ignore files that would be extracted outside the destination + directory when unpacking WARs + + Added discoverable start options + +jetty-7.0.0.RC3 - 07 August 2009 + + 277403 remove system properties + + 282447 concurrent destinations in HttpClient + + 283172 fix Windows build, broken on directory creation with the + DefaultServlet + + 283375 additional error-checking on SSL connector passwords to prevent NPE + + 283513 Check endp.isOpen when blocking read + + 285697 extract parameters if dispatch has query + + JETTY-1074 JMX thread manipulation + + Improved deferred authentication handling + jetty-6.1.19 - 01 July 2009 + JETTY-799 shell script for jetty on cygwin + JETTY-863 Non blocking stats handler @@ -9738,29 +9864,6 @@ jetty-6.1.19 - 01 July 2009 + JETTY-1058 Handle trailing / with aliases on + JETTY-1062 Don't filter cometd message without data -jetty-7.0.0.RC4 - 18 August 2009 - + 279820 Fixed HotSwapHandler - + 285891 SessionAuthentication is serializable - + 286185 Implement ability for JSON implementation to automatically register - convertors - + 286535 ContentExchange status code - + JETTY-1057 XSS error page - + JETTY-1079 ResourceCollection.toString - + JETTY-1080 Ignore files that would be extracted outside the destination - directory when unpacking WARs - + Added discoverable start options - -jetty-7.0.0.RC3 - 07 August 2009 - + 277403 remove system properties - + 282447 concurrent destinations in HttpClient - + 283172 fix Windows build, broken on directory creation with the - DefaultServlet - + 283375 additional error-checking on SSL connector passwords to prevent NPE - + 283513 Check endp.isOpen when blocking read - + 285697 extract parameters if dispatch has query - + JETTY-1074 JMX thread manipulation - + Improved deferred authentication handling - jetty-7.0.0.RC2 - 29 June 2009 + 283375 improved extensibility of SSL connectors + 283818 fixed merge of forward parameters @@ -9775,6 +9878,23 @@ jetty-7.0.0.RC2 - 29 June 2009 + Disassociate method on IdentityService + Improved handling of overlays and resourceCollections +jetty-7.0.0.M3 - 20 June 2009 + + 274251 Allow dispatch to welcome files that are servlets (configurable) + + 276545 Quoted cookie paths + + 277403 Cleanup system property usage + + 277798 Denial of Service Filter + + 279725 Support 100 and 102 expectations + + 280707 client.HttpConnection does not catch and handle non-IOExceptions + + 281470 Handle the case where request.PathInfo() should be "/*" + + Added ContinuationThrowable + + added WebAppContext.setConfigurationDiscovered for servlet 3.0 features + + fixed race with expired async listeners + + Numerous cleanups from static code analysis + + Portable continuations for jetty6 and servlet3 + + Refactored AbstractBuffers to HttpBuffers for performance + + refactored configuration mechanism + + Refactored continuations to only support response wrapping + jetty-7.0.0.RC1 - 15 June 2009 + 283344 Startup on windows is broken + JETTY-1066 283357 400 response for bad URIs @@ -9801,23 +9921,6 @@ jetty-7.0.0.M4 - 01 June 2009 + JETTY-1055 Cookie quoting + JETTY-1057 Error page stack trace XSS -jetty-7.0.0.M3 - 20 June 2009 - + 274251 Allow dispatch to welcome files that are servlets (configurable) - + 276545 Quoted cookie paths - + 277403 Cleanup system property usage - + 277798 Denial of Service Filter - + 279725 Support 100 and 102 expectations - + 280707 client.HttpConnection does not catch and handle non-IOExceptions - + 281470 Handle the case where request.PathInfo() should be "/*" - + Added ContinuationThrowable - + added WebAppContext.setConfigurationDiscovered for servlet 3.0 features - + fixed race with expired async listeners - + Numerous cleanups from static code analysis - + Portable continuations for jetty6 and servlet3 - + Refactored AbstractBuffers to HttpBuffers for performance - + refactored configuration mechanism - + Refactored continuations to only support response wrapping - jetty-7.0.0.M2 - 18 May 2009 + 273767 Update to use geronimo annotations spec 1.1.1 + 275396 Added ScopedHandler to set servlet scope before security handler @@ -9835,6 +9938,11 @@ jetty-7.0.0.M2 - 18 May 2009 + JETTY-1020 ZipException in org.mortbay.jetty.webapp.TagLibConfiguration prevents all contexts from being loaded +jetty-5.1.15 - 18 May 2009 + + JETTY-418 synchronized load class + + JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment + + Fixes for CERT438616-CERT237888-CERT21284 + jetty-6.1.18 - 16 May 2009 + JETTY-937 Improved work around sun JVM selector bugs + JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment @@ -9849,11 +9957,6 @@ jetty-6.1.18 - 16 May 2009 prevents all contexts from being loaded + JETTY-1022 Removed several 1.5isms -jetty-5.1.15 - 18 May 2009 - + JETTY-418 synchronized load class - + JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment - + Fixes for CERT438616-CERT237888-CERT21284 - jetty-6.1.17 - 30 April 2009 + JETTY-936 Make optional dispatching to welcome files as servlets + JETTY-937 Work around sun JVM selector bugs @@ -10003,7 +10106,7 @@ jetty-7.0.0.M0 - 27 March 2009 + moved to org.eclipse packages + simplified HandlerContainer API -jetty-6.1.15 - 04 March 2009 +jetty-6.1.15 - 02 March 2009 + JETTY-923 BayeuxClient uses message pools to reduce memory footprint + JETTY-924 Improved BayeuxClient disconnect handling + JETTY-925 Lazy bayeux messages @@ -10661,13 +10764,18 @@ jetty-6.1.6rc0 - 03 October 2007 + Use terracotta repo for build; make jetty a terracotta module + UTF-8 for bayeux client +jetty-5.1.14 - 09 August 2007 + + JETTY-155 force close with content length + + JETTY-369 failed state in Container + + patched with correct version + jetty-6.1.5 - 19 July 2007 + JETTY-392 updated LikeJettyXml example + Fixed GzipFilter for dispatchers + Fixed reset of reason + Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007 -jetty-6.1.5rc0 - 15 July 0200 +jetty-6.1.5rc0 - 15 July 2007 + JETTY-253 Improved graceful shutdown + JETTY-373 Stop all dependent lifecycles + JETTY-374 HttpTesters handles large requests/responses @@ -10925,8 +11033,15 @@ jetty-6.1.1rc0 - 10 January 2007 + start webapps on deployment with jboss, use isDistributed() method from WebAppContext -jetty-6.1.0 - 09 January 2007 +jetty-6.1.0 - 05 January 2007 + Fixed unpacking WAR + + JETTY-206 fixed AJP getServerPort and getRemotePort + + Added extras/win32service + + Added WebAppContext.setCopyWebDir to avoid JVM jar caching issues. + + GERONIMO-2677 refactor of session id handling for clustering + + Improved config of java5 threadpool + + Protect context deployer from Errors + + ServletTester sets content length jetty-6.1.0 - 05 January 2007 + JETTY-206 fixed AJP getServerPort and getRemotePort @@ -11057,14 +11172,6 @@ jetty-6.0.2 - 22 November 2006 + updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006 + Upgraded session ID generation to use SecureRandom -jetty-5.1.14 - 09 August 2007 - + JETTY-155 force close with content length - + JETTY-369 failed state in Container - + patched with correct version - -jetty-5.1.13 - + Sourceforge 1648335: problem setting version for AJP13 - jetty-5.1.12 - 22 November 2006 + JETTY-154 Cookies ignore single quotes + Added support for TLS_DHE_RSA_WITH_AES_256_CBC_SHA @@ -11213,6 +11320,40 @@ jetty-6.0.0rc2 - 25 August 2006 + use mvn -Dslf4j=false jetty:run to disable use of slf4j logging with jdk1.4/jsp2.0 +jetty-6.0.0ALPHA2 - 20 August 2006 + + Continuations - way cool way to suspend a request and retry later. + + Dispatchers + + Security + +jetty-6.0.0ALPHA1 - 20 August 2006 + + Filters + + web.xml handling + +jetty-6.0.0ALPHA0 - 20 August 2006 + + file may be sent as sent is a single operation. + + Improved "dependancy injection" and "inversion of control" design of + components + + Improved "interceptor" design of handlers + + Missing Request Dispatchers + + Missing Security + + Missing war support + + Missing web.xml based configuration + + Optional use of NIO Buffering so that efficient direct buffers and memory + mapped files can be used. + + Optional use of NIO gather writes, so that for example a HTTP header and a + memory mapped + + Optional use of NIO non-blocking scheduling so that threads are not + allocated per connection. + + Smart split buffer design allows large buffers to only be allocated to + active connections. The resulting memory savings allow very large buffers to + be used, which increases the chance of efficient asynchronous flushing and + of avoiding chunking. + + Totally rearchitected and rebuilt, so 10 years of cruft could be removed! + +jetty-6.0.0ALPHA3 - 20 August 2006 + + Added demo for Continuations + + Jasper and associated libraries. + jetty-6.0.0rc1 - 16 August 2006 + JETTY-85 JETTY-86 (TrustManager and SecureRandom are now configurable; better handling of null/default values) @@ -11284,7 +11425,7 @@ jetty-6.0.0rc0 - 07 July 2006 + Updated javax code from http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/javax@417727 -jetty-6.0.0beta17 - 01 June 2006 +jetty-6.0.0beta17 - 02 June 2006 + Added clover reports and enough tests to get >50% coverage + Added config to disable file memory mapped buffers for windows + Added Request.isHandled() @@ -11300,7 +11441,7 @@ jetty-6.0.0beta17 - 01 June 2006 + Recovered repository from Codehaus crash + Refactored Synchronization of SelectChannelConnector -jetty-6.0.0beta16 - 12 May 2006 +jetty-6.0.0beta16 - 15 May 2006 + remove a couple of System.err.printlns + replace backwards compativle API in UrlEncoded @@ -11355,6 +11496,15 @@ jetty-6.0.0beta14 - 09 April 2006 + stop JDBCUserRealm coercing all credentials to String + Use start.config to select which JSP impl at runtime based on jdk version +jetty-5.1.11RC0 - 05 April 2006 + + Added provider support to SslListener + + Fixed AJP handling of ;jsessionid. + + force close with shutdownOutput for win32 + + improved contentType param handling + + logging improvements for servlet and runtime exceptions + + NPE protection if desirable client certificates + + stop JDBCUserRealm forcing all credentials to be String + jetty-6.0.0beta12 - 16 March 2006 + Added JSP2.0 demos to test webapp + Added provider support to SslListener @@ -11378,7 +11528,13 @@ jetty-6.0.0beta11 - 14 March 2006 + refactored session ID management + refactored writers and improved UTF-8 generation. -jetty-6.0.0beta10 - 25 February 2006 +jetty-6.0.0beta0 - 27 February 2006 + + Dispatcher parameters + + Fixed blocking read + + Maven 2 build + + UTF-8 encoding for URLs + +jetty-6.0.0beta10 - 24 February 2006 + added getLocalPort() to connector + Added support for java:comp/env + Added support for pluggable transaction manager @@ -11392,7 +11548,7 @@ jetty-6.0.0beta10 - 25 February 2006 + Forward masks include attributes and vice versa + Updates javax to MR2 release -jetty-6.0.0beta9 - 09 February 2006 +jetty-6.0.0beta9 - 14 February 2006 + Added CGI servlet. + Added request log. + Added TLD tag listener handling. @@ -11406,7 +11562,7 @@ jetty-6.0.0beta9 - 09 February 2006 + PathMap for direct context mapping. + Refactored chat demo and upgraded prototype.js -jetty-6.0.0beta8 - 24 January 2006 +jetty-6.0.0beta8 - 25 January 2006 + conveniance addHandler removeHandler methods + fixed bug in overloaded write method on HttpConnection (reported against Tapestry4.0) @@ -11422,8 +11578,9 @@ jetty-6.0.0beta8 - 24 January 2006 + patch to remove spurious ; in HttpFields + reinstated rfc2616 test harness + Removed queue from thread pool. + + convenience addHandler removeHandler methods -jetty-6.0.0Beta7 +jetty-6.0.0beta7 - 10 January 2006 + Faster header name lookup + Fixed infinite loop with chunk handling + maven-jetty6-plugin added tmpDirectory property @@ -11433,28 +11590,61 @@ jetty-6.0.0Beta7 + reduced info verbosity + removed singleton Container -jetty-6.0.0Beta6 +jetty-5.1.10 - 05 January 2006 + + Fixed path aliasing with // on windows. + + Fix for AJP13 with encoded path + + Fix for AJP13 with multiple headers + + Put POST content default back to iso_8859_1. GET is UTF-8 still + + Remove null dispatch attributes from getAttributeNames + +jetty-4.2.25 - 04 January 2006 + + Fixed aliasing of // for win32 + +jetty-6.0.0beta6 - 09 December 2005 + Fixed issue with blocking reads + Fixed issue with unknown headers + optimizations -jetty-6.0.0Beta5 +jetty-5.1.9 - 07 December 2005 + + Fixed wantClientAuth(false) overriding netClientAuth(true) + +jetty-5.1.8 - 07 December 2005 + + Fixed space in URL issued created in 5.1.6 + +jetty-5.1.7 - 07 December 2005 + +jetty-5.1.7rc0 - 06 December 2005 + + better support for URI character encodings + + char encoding for MultiPartRequest + + fixed merging of POST params in dispatch query string. + + improved server stats + + JSP file servlet mappings copy JspServlet init params. + + Prefix servlet context logs with org.mortbay.jetty.context + + protect from NPE in dispatcher getValues + + Updated to 2.6.2 xerces + + use commons logging jar instead of api jar. + +jetty-6.0.0beta5 - 05 December 2005 + Added management module for mbeans + Fixed writer char[] creations + Moved to SVN -jetty-6.0.0Beta4 +jetty-6.0.0beta4 - 22 November 2005 + Fixed JSP visibility security issue (CVE-2006-2758) + Improved jetty-web.xml access to org.mortbay classes. + Jasper 5.5.12 + System property support in plugin -jetty-6.0.0Beta3 +jetty-5.1.6 - 18 November 2005 + + Fixed JSP visibility security issue (CVE-2006-2758) + + Improved jetty-web.xml access to org.mortbay classes. + +jetty-6.0.0beta3 - 17 November 2005 + Fixed classloader issue with server classes + Fixed error in block read + Named dispatch. -jetty-6.0.0Beta2 +jetty-6.0.0beta2 - 14 November 2005 + Improved buffer return + Improved reuse of HttpField values and cookies. + loosely coupled with JSP servlet @@ -11462,7 +11652,7 @@ jetty-6.0.0Beta2 + merged util jar back into jetty jar + Simpler continuation API -jetty-6.0.0Beta1 +jetty-6.0.0beta1 - 11 November 2005 + Error pages + Implemented all listeners + maven2 plugin @@ -11473,91 +11663,6 @@ jetty-6.0.0Beta1 + SSL connector + Virtual hosts -jetty-6.0.0Beta0 - + Dispatcher parameters - + Fixed blocking read - + Maven 2 build - + UTF-8 encoding for URLs - -jetty-6.0.0APLPA3 - + Added demo for Continuations - + Jasper and associated libraries. - -jetty-6.0.0ALPHA2 - + Continuations - way cool way to suspend a request and retry later. - + Dispatchers - + Security - -jetty-6.0.0ALPHA1 - + Filters - + web.xml handling - -jetty-6.0.0ALPHA0 - + file may be sent as sent is a single operation. - + Improved "dependancy injection" and "inversion of control" design of - components - + Improved "interceptor" design of handlers - + Missing Request Dispatchers - + Missing Security - + Missing war support - + Missing web.xml based configuration - + Optional use of NIO Buffering so that efficient direct buffers and memory - mapped files can be used. - + Optional use of NIO gather writes, so that for example a HTTP header and a - memory mapped - + Optional use of NIO non-blocking scheduling so that threads are not - allocated per connection. - + Smart split buffer design allows large buffers to only be allocated to - active connections. The resulting memory savings allow very large buffers to - be used, which increases the chance of efficient asynchronous flushing and - of avoiding chunking. - + Totally rearchitected and rebuilt, so 10 years of cruft could be removed! - -jetty-5.1.11RC0 - 05 April 2006 - + Added provider support to SslListener - + Fixed AJP handling of ;jsessionid. - + force close with shutdownOutput for win32 - + improved contentType param handling - + logging improvements for servlet and runtime exceptions - + NPE protection if desirable client certificates - + stop JDBCUserRealm forcing all credentials to be String - -jetty-5.1.10 - 05 January 2006 - + Fixed path aliasing with // on windows. - + Fix for AJP13 with encoded path - + Fix for AJP13 with multiple headers - + Put POST content default back to iso_8859_1. GET is UTF-8 still - + Remove null dispatch attributes from getAttributeNames - -jetty-4.2.25 - 04 January 2006 - + Fixed aliasing of // for win32 - -jetty-5.1.9 - 07 December 2005 - + Fixed wantClientAuth(false) overriding netClientAuth(true) - -jetty-6.0.0betaX - + See http://jetty.mortbay.org/jetty6 for 6.0 releases - -jetty-5.1.8 - 07 December 2005 - + Fixed space in URL issued created in 5.1.6 - -jetty-5.1.7 - 07 December 2005 - -jetty-5.1.7rc0 - 06 December 2005 - + better support for URI character encodings - + char encoding for MultiPartRequest - + fixed merging of POST params in dispatch query string. - + improved server stats - + JSP file servlet mappings copy JspServlet init params. - + Prefix servlet context logs with org.mortbay.jetty.context - + protect from NPE in dispatcher getValues - + Updated to 2.6.2 xerces - + use commons logging jar instead of api jar. - -jetty-5.1.6 - 18 November 2005 - + Fixed JSP visibility security issue (CVE-2006-2758) - + Improved jetty-web.xml access to org.mortbay classes. - jetty-5.1.5 - 10 November 2005 + Improved mapping of JSP files. + Improved shutdown hook @@ -11608,6 +11713,9 @@ jetty-5.1.4rc0 - 19 April 2005 + Stop start.jar putting current directory on classpath. + Turn off web.xml validation for JBoss. +jetty-5.1.13 - 07 April 2005 + + Sourceforge 1648335: problem setting version for AJP13 + jetty-5.1.3 - 07 April 2005 + Some minor code janitorial services @@ -11636,7 +11744,7 @@ jetty-5.1.3rc1 - 13 March 2005 + JettyPlus updated to JOTM 2.0.5, XAPool 1.4.2 + update to demo site look and feel. -jetty-4.2.24rc1 +jetty-4.2.24rc1 - 11 March 2005 + Fixed principal naming in FormAuthenticator jetty-5.1.3rc0 - 08 March 2005 @@ -11683,7 +11791,7 @@ jetty-4.2.23RC0 - 17 December 2004 jetty-5.1.1 - 01 December 2004 -jetty-5.1.1RC1 +jetty-5.1.1RC1 - 24 November 2004 + Allow double // within URIs + Applied patch for MD5 hashed credentials for MD5 + Fixed ordering of filters with multiple interleaved mappings. @@ -11743,7 +11851,7 @@ jetty-5.0.RC3 - 28 August 2004 + Less verbose warning for non validating xml parser. + Update to jasper 5.0.27 -jetty-4.2.22 +jetty-4.2.22 - 24 August 2004 + Added parameters for acceptQueueSize and lowResources level. + fixed deployment of ejb-link elements in web.xml for jboss + fixed jaas logout for jetty-jboss integration @@ -11814,6 +11922,14 @@ jetty-4.2.20RC0 - 07 April 2004 jetty-4.2.19 - 19 March 2004 + Fixed DOS attack problem +jetty-4.2.18 - 01 March 2004 + + Added log4j context repository to jettyplus + + Default servlet respectes servlet path + + Fixed j2se 1.3 problem with HttpFields + + Improved log performance + + NPE guard for no-listener junit deployment + + Suppress some more IOExceptions + jetty-5.0.beta2 - 12 February 2004 + Added experimental NIO listeners again. + Added log4j context repository to jettyplus @@ -11833,14 +11949,6 @@ jetty-5.0.beta2 - 12 February 2004 + RequestDispatcher uses request encoding for query params + Updated to Japser 5.0.16 -jetty-4.2.18 - 01 March 2004 - + Added log4j context repository to jettyplus - + Default servlet respectes servlet path - + Fixed j2se 1.3 problem with HttpFields - + Improved log performance - + NPE guard for no-listener junit deployment - + Suppress some more IOExceptions - jetty-4.2.17 - 01 February 2004 + Fixed busy loop in threadpool run + Reorganized ServletHolder init @@ -11960,15 +12068,6 @@ jetty-5.0.alpha1 - 12 August 2003 + Synced with 4.2.12 + Updated to Jasper 5.0.7 -jetty-5.0.alpha0 - 16 July 2003 - + Compiled against 2.4 servlet spec. - + Implemented Dispatcher forward attributes. - + Implemented filter-mapping element - + Implemented remote/local addr/port methods - + Implemented setCharaterEncoding - + Updated authentication so that a normal Principal is used. - + updated to jasper 5.0.3 - jetty-4.2.12 - 12 August 2003 + Added missing S to some OPTIONS strings + Added open method to threaded server. @@ -11981,6 +12080,15 @@ jetty-4.2.12 - 12 August 2003 + Removed protection of org.mortbay.http attributes + Restore max inactive interval for session manager +jetty-5.0.alpha0 - 16 July 2003 + + Compiled against 2.4 servlet spec. + + Implemented Dispatcher forward attributes. + + Implemented filter-mapping element + + Implemented remote/local addr/port methods + + Implemented setCharaterEncoding + + Updated authentication so that a normal Principal is used. + + updated to jasper 5.0.3 + jetty-4.2.11 - 12 July 2003 + Branched for Jetty 5 development. + Cookie params all in lower case. @@ -13110,6 +13218,11 @@ jetty-3.0.0.rc2 - 29 October 2000 + Prevented multiple init of ServletHolder + Replaced ISO-8859-1 literals with StringUtil static +jetty-2.4.8 - 23 October 2000 + + Fixed bug with 304 replies with bodies. + + Fixed closing socket problem + + Improved win32 make files. + jetty-3.0.0.rc1 - 22 October 2000 + Added CGI to demo + Added HashUserRealm and cleaned up security constraints @@ -13122,11 +13235,6 @@ jetty-3.0.0.rc1 - 22 October 2000 + Partial handling of 0.9 requests. + removed Thread.destroy() calls. -jetty-2.4.8 - 23 October 2000 - + Fixed bug with 304 replies with bodies. - + Fixed closing socket problem - + Improved win32 make files. - jetty-3.0.B05 - 18 October 2000 + Added default webapp servlet mapping /servlet/name/* + Cleaned up response committing and flushing @@ -13901,41 +14009,41 @@ jetty-1.3.4 - 15 March 1998 + ServletHandler now takes an optional file base directory name which is used to set the translated path for pathInfo in servlet requests. -jetty-1.3.3 +jetty-1.3.3 - 01 March 1998 + Closed exception window in HttpListener.java + Fixed TableForm.addButtonArea bug. + TableForm.extendRow() uses existing cell -jetty-1.3.2 +jetty-1.3.2 - 20 February 1998 + Added per Table cell composite factories + Fixed proxy bug with no port number -jetty-1.3.1 +jetty-1.3.1 - 12 February 1998 + Better handling of InvocationTargetException in debug + ForwardHandler only forwards as http/1.0 (from Tobias.Miller) + Improved parsing of stack traces + Minor fixes in SmtpMail + Minor release adjustments for Tracker -jetty-1.3.0 +jetty-1.3.0 - 03 February 1998 + Added DbAdaptor to JDBC wrappers + Beta release of Tracker -jetty-1.2.0 +jetty-1.2.0 - 22 January 1998 + Alternate look and feel for Jetty + Better Debug configuration + DebugServlet + Fixed install bug for nested classes + Reintroduced STF -jetty-1.1.1 +jetty-1.1.1 - 13 January 1998 + Improved documentation -jetty-1.1 +jetty-1.1 - 09 January 1998 + Improved connection caching in java.mortbay.JDBC + Moved HttpCode to com.mortbay.Util -jetty-1.0.1 +jetty-1.0.1 - 06 January 1998 + Bug fixes jetty-1.0 - 01 January 1998 @@ -13958,4 +14066,3 @@ jetty-1.0 - 01 January 1998 + Won the Australian Java Programming Contest! + HTTP Server + Issue tracking application -