From c84087db29b14a5b0abbecac11cd697e11cb00c3 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Wed, 9 Oct 2024 13:42:51 -0500 Subject: [PATCH] Fixing VERSION.txt --- VERSION.txt | 3277 ++++++++++++++++++++++++++------------------------- 1 file changed, 1669 insertions(+), 1608 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index ee7509600067..22b99b615abf 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -3,23 +3,31 @@ jetty-11.0.25-SNAPSHOT jetty-11.0.24 - 26 August 2024 + 12201 backport ThreadLimitHandler improvements from Jetty 12 +jetty-10.0.24 - 26 August 2024 + + 12201 backport ThreadLimitHandler improvements from Jetty 12 + +jetty-9.4.56.v20240826 - 26 August 2024 + + 12200 Backport ThreadLimitHandler improvements from Jetty 12 + jetty-11.0.23 - 13 August 2024 + 12041 backport tracking retainable pool from Jetty 12 + 12156 Improvements to HttpConnection when reading 0 bytes -jetty-11.0.22 - 27 June 2024 - + 11917 Update XML configure.dtd locations to new jetty.org website - -jetty-10.0.24 - 26 August 2024 - + 12201 backport ThreadLimitHandler improvements from Jetty 12 - jetty-10.0.23 - 13 August 2024 + 12041 backport tracking retainable pool from Jetty 12 + 12156 Improvements to HttpConnection when reading 0 bytes +jetty-11.0.22 - 27 June 2024 + + 11917 Update XML configure.dtd locations to new jetty.org website + jetty-10.0.22 - 27 June 2024 + 11917 Update XML configure.dtd locations to new jetty.org website +jetty-9.4.55.v20240627 - 27 June 2024 + + 10805 Jetty response with an invalid HTTP2 packet if the client set the + hpack table size as 0 + + 11917 Update XML configure.dtd locations to new jetty.org website + jetty-11.0.21 - 14 May 2024 + 10805 Jetty response with an invalid HTTP2 packet if the client set the hpack table size as 0 @@ -28,6 +36,20 @@ jetty-11.0.21 - 14 May 2024 + 11656 Upgrade jetty-quiche-native to version 0.21.0 + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak +jetty-10.0.21 - 14 May 2024 + + 10805 Jetty response with an invalid HTTP2 packet if the client set the + hpack table size as 0 + + 11527 Reduce ByteBuffer churning in HttpOutput + + 11634 Socks5Proxy does not support IP addresses with IP segments above 127 + + 11656 Upgrade jetty-quiche-native to version 0.21.0 + + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak + +jetty-9.4.54.v20240208 - 08 February 2024 + + 1256 DoSFilter leaks USER_AUTH entries + + 11259 HTTP/2 connection not closed after idle timeout when TCP congested + (CVE-2024-22201) + + 11389 Strip default ports on ws/wss scheme uris too + jetty-11.0.20 - 29 January 2024 + 11081 Dropped WebSocket messages due to race condition in WebSocket frame handling @@ -38,11 +60,15 @@ jetty-11.0.20 - 29 January 2024 + 11273 Support BSD expr in startup script + 11349 Update quiche to 0.20.0 -jetty-9.4.54.v20240208 - 08 February 2024 - + 1256 DoSFilter leaks USER_AUTH entries - + 11259 HTTP/2 connection not closed after idle timeout when TCP congested - (CVE-2024-22201) - + 11389 Strip default ports on ws/wss scheme uris too +jetty-10.0.20 - 29 January 2024 + + 11081 Dropped WebSocket messages due to race condition in WebSocket frame + handling + + 11223 WebSocketClient.connect with URI including query parameters don't work + for HTTP2 connector + + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have + a `WEB-INF/quickstart-web.xml` + + 11273 Support BSD expr in startup script + + 11349 Update quiche to 0.20.0 jetty-11.0.19 - 15 December 2023 + 9900 Improve `Request.getBeginNanoTime()` accuracy @@ -56,6 +82,18 @@ jetty-11.0.19 - 15 December 2023 restart + 11044 Update jetty-11 to apache jasper 10.0.27 +jetty-10.0.19 - 15 December 2023 + + 9900 Improve `Request.getBeginNanoTime()` accuracy + + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled + in at runtime + + 10891 Support the "Partitioned" cookie attribute + + 11014 RedirectRegexRule and RewritePatternRule should consider + relativeRedirectAllowed + + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests + + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after + restart + + 11043 Update to apache jasper 9.0.83 + jetty-11.0.18 - 26 October 2023 + 1256 DoSFilter leaks USER_AUTH entries + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server @@ -71,37 +109,6 @@ jetty-11.0.18 - 26 October 2023 javax.servlet instead of jakarta.servlet + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks -jetty-11.0.17 - 09 October 2023 - + 9777 CrossOriginFilter does not return Vary header on no-cors mode - + 9928 Backport `Request.getBeginNanoTime()` - + 10271 jetty.sh does not stop jetty anymore - + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual - start of Jetty - + 10547 Cannot customize Executor on WebSocketClient - + 10679 Review HTTP/2 rate control (CVE-2023-44487) - -jetty-10.0.20 - 29 January 2024 - + 11081 Dropped WebSocket messages due to race condition in WebSocket frame - handling - + 11223 WebSocketClient.connect with URI including query parameters don't work - for HTTP2 connector - + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have - a `WEB-INF/quickstart-web.xml` - + 11273 Support BSD expr in startup script - + 11349 Update quiche to 0.20.0 - -jetty-10.0.19 - 15 December 2023 - + 9900 Improve `Request.getBeginNanoTime()` accuracy - + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled - in at runtime - + 10891 Support the "Partitioned" cookie attribute - + 11014 RedirectRegexRule and RewritePatternRule should consider - relativeRedirectAllowed - + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests - + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after - restart - + 11043 Update to apache jasper 9.0.83 - jetty-10.0.18 - 26 October 2023 + 1256 DoSFilter leaks USER_AUTH entries + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server @@ -117,6 +124,15 @@ jetty-10.0.18 - 26 October 2023 message + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks +jetty-11.0.17 - 09 October 2023 + + 9777 CrossOriginFilter does not return Vary header on no-cors mode + + 9928 Backport `Request.getBeginNanoTime()` + + 10271 jetty.sh does not stop jetty anymore + + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual + start of Jetty + + 10547 Cannot customize Executor on WebSocketClient + + 10679 Review HTTP/2 rate control (CVE-2023-44487) + jetty-10.0.17 - 09 October 2023 + 9777 CrossOriginFilter does not return Vary header on no-cors mode + 9928 Backport `Request.getBeginNanoTime()` @@ -181,110 +197,6 @@ jetty-11.0.16 - 25 August 2023 + 10388 Jetty10 inetaccess mod started error + 10397 Iso88591StringBuilder.append seems to have a logic error -jetty-11.0.15 - 11 April 2023 - + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove - the SecurityManager from the JVM - + 6483 Jetty http client SSL connectivity over CNTLM proxy fails - + 9237 Decouple QTP `idleTimeout` from pool shrink rate - + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` - + 9400 Jetty logs warning with stacktrace when annotation parser encounters - module-info.class file inside elasticsearch-x-content jar - + 9464 Add optional configuration to log user out after OpenID idToken expires - (CVE-2023-41900) - + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 - + 9497 Maven plugin effective web xml: add support for jar projects - + 9501 jetty client with proxy - ssl traffic between both proxy and servers - + 9517 Jetty 10.0.14 uses wrong pathSpec for request - + 9556 Password Util does not ask for password - -jetty-11.0.14 - 22 February 2023 - + 7650 QueuedThreadPool: Stopped without executing or closing null - + 9059 IteratingCallback not serializing close() and failed() - + 9119 Wrong value of javax.servlet.forward.context_path attribute - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9183 ConnectHandler may close the connection instead of sending 200 OK - + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped - Response object from Handler chain - + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) - + 9337 LowResourceMonitor.getReasons should include detailed reason instead of - hard-coded message - + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) - -jetty-11.0.13 - 07 December 2022 - + 7117 Timeout with Expect 100 continue when using ProxyServlet - + 7286 WebSocket write can time out even if the frame / callback has not been - failed. - + 7993 HttpClient idleTimeout configuration being ignored/overridden - + 8330 Persistent OpenId sessions can throw IllegalStateException - + 8460 Log or throw exception if DefaultSessionIdManager is used but has not - been started. - + 8536 HotSwapHandler race condition - + 8558 Idle timeout occured sometimes on HTTP/2 client with - `InputStreamResponseListener` - + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns - + 8591 Indicate units of HttpClient properties - + 8623 Use AutoLock in InputStreamResponseListener - + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat - reasons - + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) - Server and continue to send traffic on same connection - + 8695 Update quiche to 0.16.0 - + 8712 ELContextCleaner no longer needed - + 8716 Multiple Host header values handled poorly - + 8721 jetty:effective-web-xml doesn't generate quickstart information for web - fragment jars that contain META-INF/resources - + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime - + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers - with empty values - + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE - + 8770 Review whether to send request body in redirects - + 8779 CompactPathRule drops query section on use - + 8786 KeyStoreScanner is not able to monitor a symlink file and always - resolves to the target. - + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices - + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until - stop timeout - + 8863 Provide a possibility to name virtual threads - + 8895 Generate downloadable version of javadocs documentation in website - deploy script - + 8897 Update Conditional request handling for RFC7232 - + 8905 GzipHandler fails to set Vary header on 304 responses - + 8913 Review Jetty XML syntax to allow calling JDK methods - + 8942 Use Logback 1.3.x for Jetty 10.0.x - + 9006 WebSocket Message InputStream read() returns signed byte - -jetty-11.0.12 - 14 September 2022 - + 7970 Maven Plugin - the option to set extraClasspath in the plugin - configuration isn't working - + 8007 Support Loom - + 8151 `JakartaWebSocketSession.close()` blocks long time when called from - `SendHandlerCallback` - + 8152 jetty.sh does not read JAVA_OPTIONS anymore - + 8170 WebSockets closed abruptly when using HTTP/2 - + 8196 Remove unused jetty-plus.xml file - + 8206 Stopping server from within AbstractConnector#accept fails and results - in a partially stopped QueuedThreadPool - + 8216 OpenID logout / more extensibible OpenIdConfiguration - + 8222 Jetty start.jar fails with NullPointerException when referencing a non - existent module and using JVM args - + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is - different from ContextHandler's - + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField - cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField - + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is - called resulting that access to resource is denied - + 8319 Allow configuring initial queue size per destination - + 8353 Automatic pongs should not be sent when connection is closed - + 8414 BlockingArrayQueue drops all contents on drain - + 8493 Review HTTP client feature `setRemoveIdleDestinations` - + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that - cause 404 error - + 8532 Review System.nanoTime() usages - + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded` - and `org.eclipse.jetty/infinispan-remote` - + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in - an authority-form request-target - jetty-10.0.16 - 25 August 2023 + 6140 Report total number of keys in SelectorManager + 7091 Add SOCKS5 support @@ -348,6 +260,22 @@ jetty-9.4.52.v20230823 - 23 August 2023 + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167) + 10337 SizeLimitHandler does not enforce 0 responseLimit +jetty-11.0.15 - 11 April 2023 + + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove + the SecurityManager from the JVM + + 6483 Jetty http client SSL connectivity over CNTLM proxy fails + + 9237 Decouple QTP `idleTimeout` from pool shrink rate + + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini` + + 9400 Jetty logs warning with stacktrace when annotation parser encounters + module-info.class file inside elasticsearch-x-content jar + + 9464 Add optional configuration to log user out after OpenID idToken expires + (CVE-2023-41900) + + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13 + + 9497 Maven plugin effective web xml: add support for jar projects + + 9501 jetty client with proxy - ssl traffic between both proxy and servers + + 9517 Jetty 10.0.14 uses wrong pathSpec for request + + 9556 Password Util does not ask for password + jetty-10.0.15 - 11 April 2023 + 6184 JEP-411 will deprecate/remove the SecurityManager from the JVM + 6483 Jetty http client SSL connectivity over CNTLM proxy fails @@ -363,7 +291,7 @@ jetty-10.0.15 - 11 April 2023 + 9517 Jetty 10.0.14 uses wrong pathSpec for request + 9556 Password Util does not ask for password -jetty-10.0.14 - 22 February 2023 +jetty-11.0.14 - 22 February 2023 + 7650 QueuedThreadPool: Stopped without executing or closing null + 9059 IteratingCallback not serializing close() and failed() + 9119 Wrong value of javax.servlet.forward.context_path attribute @@ -371,19 +299,10 @@ jetty-10.0.14 - 22 February 2023 + 9183 ConnectHandler may close the connection instead of sending 200 OK + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain - + 9344 Cleanup Multipart Handling (CVE-2023-26048) - + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) - + 9334 Better support for Cookie RFC 2965 compliance + + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048) + 9337 LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message - -jetty-9.4.51.v20230217 - 17 February 2023 - + 9059 IteratingCallback not serializing close() and failed() - + 9181 NPE in SessionHandler.checkRequestedSessionId() - + 9345 Backport Fix for CVE-2023-26048 - + 9352 Backport Fix for CVE-2023-26049 - -jetty-10.0.13 - 07 December 2022 + + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) + 7117 Timeout with Expect 100 continue when using ProxyServlet + 7286 WebSocket write can time out even if the frame / callback has not been failed. @@ -424,20 +343,157 @@ jetty-10.0.13 - 07 December 2022 + 8905 GzipHandler fails to set Vary header on 304 responses + 8913 Review Jetty XML syntax to allow calling JDK methods + 8942 Use Logback 1.3.x for Jetty 10.0.x - + 9006 WebSocket Message InputStream read() returns signed byte -jetty-9.4.50.v20221201 - 01 December 2022 - + 8774 Added SizeLimitHandler - + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) - Server and continue to send traffic on same connection +jetty-10.0.14 - 22 February 2023 + + 7650 QueuedThreadPool: Stopped without executing or closing null + + 9059 IteratingCallback not serializing close() and failed() + + 9119 Wrong value of javax.servlet.forward.context_path attribute + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9183 ConnectHandler may close the connection instead of sending 200 OK + + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped + Response object from Handler chain + + 9344 Cleanup Multipart Handling (CVE-2023-26048) + + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) + + 9334 Better support for Cookie RFC 2965 compliance + + 9337 LowResourceMonitor.getReasons should include detailed reason instead of + hard-coded message -jetty-10.0.12 - 14 September 2022 - + 7970 Maven Plugin - the option to set extraClasspath in the plugin - configuration isn't working - + 8007 Support Loom - + 8151 `JakartaWebSocketSession.close()` blocks long time when called from - `SendHandlerCallback` - + 8152 jetty.sh does not read JAVA_OPTIONS anymore +jetty-9.4.51.v20230217 - 17 February 2023 + + 9059 IteratingCallback not serializing close() and failed() + + 9181 NPE in SessionHandler.checkRequestedSessionId() + + 9345 Backport Fix for CVE-2023-26048 + + 9352 Backport Fix for CVE-2023-26049 + +jetty-11.0.13 - 07 December 2022 + + 7117 Timeout with Expect 100 continue when using ProxyServlet + + 7286 WebSocket write can time out even if the frame / callback has not been + failed. + + 7993 HttpClient idleTimeout configuration being ignored/overridden + + 8330 Persistent OpenId sessions can throw IllegalStateException + + 8460 Log or throw exception if DefaultSessionIdManager is used but has not + been started. + + 8536 HotSwapHandler race condition + + 8558 Idle timeout occured sometimes on HTTP/2 client with + `InputStreamResponseListener` + + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns + + 8591 Indicate units of HttpClient properties + + 8623 Use AutoLock in InputStreamResponseListener + + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat + reasons + + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) + Server and continue to send traffic on same connection + + 8695 Update quiche to 0.16.0 + + 8712 ELContextCleaner no longer needed + + 8716 Multiple Host header values handled poorly + + 8721 jetty:effective-web-xml doesn't generate quickstart information for web + fragment jars that contain META-INF/resources + + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime + + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers + with empty values + + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE + + 8770 Review whether to send request body in redirects + + 8779 CompactPathRule drops query section on use + + 8786 KeyStoreScanner is not able to monitor a symlink file and always + resolves to the target. + + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices + + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until + stop timeout + + 8863 Provide a possibility to name virtual threads + + 8895 Generate downloadable version of javadocs documentation in website + deploy script + + 8897 Update Conditional request handling for RFC7232 + + 8905 GzipHandler fails to set Vary header on 304 responses + + 8913 Review Jetty XML syntax to allow calling JDK methods + + 8942 Use Logback 1.3.x for Jetty 10.0.x + + 9006 WebSocket Message InputStream read() returns signed byte + +jetty-10.0.13 - 07 December 2022 + + 7117 Timeout with Expect 100 continue when using ProxyServlet + + 7286 WebSocket write can time out even if the frame / callback has not been + failed. + + 7993 HttpClient idleTimeout configuration being ignored/overridden + + 8330 Persistent OpenId sessions can throw IllegalStateException + + 8460 Log or throw exception if DefaultSessionIdManager is used but has not + been started. + + 8536 HotSwapHandler race condition + + 8558 Idle timeout occured sometimes on HTTP/2 client with + `InputStreamResponseListener` + + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns + + 8591 Indicate units of HttpClient properties + + 8623 Use AutoLock in InputStreamResponseListener + + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat + reasons + + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) + Server and continue to send traffic on same connection + + 8695 Update quiche to 0.16.0 + + 8712 ELContextCleaner no longer needed + + 8716 Multiple Host header values handled poorly + + 8721 jetty:effective-web-xml doesn't generate quickstart information for web + fragment jars that contain META-INF/resources + + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime + + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers + with empty values + + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE + + 8770 Review whether to send request body in redirects + + 8779 CompactPathRule drops query section on use + + 8786 KeyStoreScanner is not able to monitor a symlink file and always + resolves to the target. + + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices + + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until + stop timeout + + 8863 Provide a possibility to name virtual threads + + 8895 Generate downloadable version of javadocs documentation in website + deploy script + + 8897 Update Conditional request handling for RFC7232 + + 8905 GzipHandler fails to set Vary header on 304 responses + + 8913 Review Jetty XML syntax to allow calling JDK methods + + 8942 Use Logback 1.3.x for Jetty 10.0.x + + 9006 WebSocket Message InputStream read() returns signed byte + +jetty-9.4.50.v20221201 - 01 December 2022 + + 8774 Added SizeLimitHandler + + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty) + Server and continue to send traffic on same connection + +jetty-11.0.12 - 14 September 2022 + + 7970 Maven Plugin - the option to set extraClasspath in the plugin + configuration isn't working + + 8007 Support Loom + + 8151 `JakartaWebSocketSession.close()` blocks long time when called from + `SendHandlerCallback` + + 8152 jetty.sh does not read JAVA_OPTIONS anymore + + 8170 WebSockets closed abruptly when using HTTP/2 + + 8196 Remove unused jetty-plus.xml file + + 8206 Stopping server from within AbstractConnector#accept fails and results + in a partially stopped QueuedThreadPool + + 8216 OpenID logout / more extensibible OpenIdConfiguration + + 8222 Jetty start.jar fails with NullPointerException when referencing a non + existent module and using JVM args + + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is + different from ContextHandler's + + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField + cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField + + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is + called resulting that access to resource is denied + + 8319 Allow configuring initial queue size per destination + + 8353 Automatic pongs should not be sent when connection is closed + + 8414 BlockingArrayQueue drops all contents on drain + + 8493 Review HTTP client feature `setRemoveIdleDestinations` + + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that + cause 404 error + + 8532 Review System.nanoTime() usages + + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded` + and `org.eclipse.jetty/infinispan-remote` + + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in + an authority-form request-target + +jetty-10.0.12 - 14 September 2022 + + 7970 Maven Plugin - the option to set extraClasspath in the plugin + configuration isn't working + + 8007 Support Loom + + 8151 `JakartaWebSocketSession.close()` blocks long time when called from + `SendHandlerCallback` + + 8152 jetty.sh does not read JAVA_OPTIONS anymore + 8170 WebSockets closed abruptly when using HTTP/2 + 8196 Remove unused jetty-plus.xml file + 8206 Stopping server from within AbstractConnector#accept fails and results @@ -471,6 +527,14 @@ jetty-11.0.11 - 21 June 2022 + 8184 All suffix globs except first fail to match if path has `.` character in prefix section +jetty-10.0.11 - 21 June 2022 + + 8184 All suffix globs except first fail to match if path has `.` character + in prefix section + +jetty-9.4.48.v20220622 - 21 June 2022 + + 8184 All suffix globs except first fail to match if path has . character in + prefix + jetty-11.0.10 - 16 June 2022 + 1771 Add module for SecuredRedirect support + 4414 GZipHandler not excluding inflation for specified paths @@ -503,6 +567,66 @@ jetty-11.0.10 - 16 June 2022 properties + 8161 Improve SSLConnection buffers handling (Resolves CVE-2022-2191) +jetty-10.0.10 - 16 June 2022 + + 1771 Add module for SecuredRedirect support + + 4414 GZipHandler not excluding inflation for specified paths + + 7635 QPACK decoder should fail connection if the encoder blocks more than + SETTINGS_QPACK_BLOCKED_STREAMS + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + + 7754 jetty.sh ignores JAVA_OPTIONS environment variable + + 7801 Session cookie can be set twice after session id changed + + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no + longer possible with Jetty 10 + + 7855 Remove accidentally included package-info.class in all packages + + 7858 GZipHandler does not play nice with other handlers in HandlerCollection + + 7863 Default servlet drops first accept-encoding header if there is more + than one. + + 7880 DefaultServlet should not overwrite programmatically configured + precompressed formats with defaults + + 7891 Better Servlet PathMappings for Regex + + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec + + 7935 Review HTTP/2 error handling (CVE-2022-2048) + + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers + + 7977 UpgradeHttpServletRequest.setAttribute & + UpgradeHttpServletRequest.removeAttribute can throw NullPointerException + + 7994 Ability to construct a detached client Request + + 8014 Review HttpRequest URI construction (CVE-2022-2047) + + 8057 Support Http Response 103 (Early Hints) + + 8067 Wall time usage in DoSFilter RateTracker results in false positive + alert + + 8088 Add option to configure exitVm on ShutdownMonitor from System + properties + + 8161 Improve SSLConnection buffers handling (CVE-2022-2191) + +jetty-9.4.47.v20220610 - 10 June 2022 + + 4717 High CPU spikes with jetty winstone threads + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + + 7801 Session cookie can be set twice after session id changed + + 7855 Remove accidentally included package-info.class in all packages + + 7858 GZipHandler does not play nice with other handlers in HandlerCollection + + 7863 Default servlet drops first accept-encoding header if there is more + than one. + + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec + + 7935 Review HTTP/2 error handling (CVE-2022-2048) + + 8014 Review HttpRequest URI construction (CVE-2022-2047) + + 8067 Wall time usage in DoSFilter RateTracker results in false positive + alert + + 8088 Add option to configure exitVm on ShutdownMonitor from System + properties + +jetty-9.4.46.v20220331 - 31 March 2022 + + 5965 Option --write-module-graph produces wrong .dot file + + 6756 Deprecate `/jetty-spring/` artifact in `jetty-9.4.x` releases + + 7518 ArrayTrie getBest fails to match the empty string entry in certain + cases + + 7548 Interrupt flag is not always cleared in between requests + + 7567 Gzip compression not working for multipart/form-data when added to the + allowed list using addIncludedMimeTypes. + + 7569 Miconfigured headerCacheSize in can result in IllegalArgumentException + + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ + jetty-11.0.9 - 30 March 2022 + 5681 Unrecognized jetty-home/start.jar command line option not reported clearly @@ -537,6 +661,40 @@ jetty-11.0.9 - 30 March 2022 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching +jetty-10.0.9 - 30 March 2022 + + 5681 Unrecognized jetty-home/start.jar command line option not reported + clearly + + 5965 Option --write-module-graph produces wrong .dot file + + 6879 Remove jminix (not maintained) module as hawtio provide same features + + 7182 jetty.sh start process should remove jetty_state whenever deleting the + pid + + 7344 Incompatible with jacoco due to shutdown race condition + + 7414 QoSFilter.setMaxRequests throws NullPointerException + + 7513 Getter/setter type mismatch for mbean attribute file in class + org.eclipse.jetty.deploy.PropertiesConfigurationManager + + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very + large entry + + 7518 ArrayTrie getBest fails to match the empty string entry in certain + cases + + 7545 Named arguments do not work in jetty-openid.xml + + 7548 Interrupt flag is not always cleared in between requests + + 7567 Gzip compression not working for multipart/form-data when added to the + allowed list using addIncludedMimeTypes. + + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" + + 7575 Misleading docs for `HttpClientTransportDynamic` + + 7613 Configurations.add(Configuration) results in + UnsupportedOperationException + + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ + + 7617 Logback-access RequestLog not working + + 7625 HTTP/3 error against www.google.com + + 7677 jetty-maven-plugin - maven internal dependencies included on webapp + classloader + + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and + always uses non-direct buffers (causing GC locking) + + 7688 Read data to native memory from HttpInput + + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to + allow for regex or uri-template matching + jetty-11.0.8 - 07 February 2022 + 2504 Expose more WebSocket details in JMX and Server Dump + 4275 Path Normalization/Traversal - Context Matching @@ -602,108 +760,6 @@ jetty-11.0.8 - 07 February 2022 + 7524 Missing package in JmxConfiguration + 7529 Upgrade quiche to version 0.11.0 -jetty-10.0.11 - 21 June 2022 - + 8184 All suffix globs except first fail to match if path has `.` character - in prefix section - -jetty-9.4.48.v20220622 - 21 June 2022 - + 8184 All suffix globs except first fail to match if path has . character in - prefix - -jetty-10.0.10 - 16 June 2022 - + 1771 Add module for SecuredRedirect support - + 4414 GZipHandler not excluding inflation for specified paths - + 7635 QPACK decoder should fail connection if the encoder blocks more than - SETTINGS_QPACK_BLOCKED_STREAMS - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - + 7754 jetty.sh ignores JAVA_OPTIONS environment variable - + 7801 Session cookie can be set twice after session id changed - + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no - longer possible with Jetty 10 - + 7855 Remove accidentally included package-info.class in all packages - + 7858 GZipHandler does not play nice with other handlers in HandlerCollection - + 7863 Default servlet drops first accept-encoding header if there is more - than one. - + 7880 DefaultServlet should not overwrite programmatically configured - precompressed formats with defaults - + 7891 Better Servlet PathMappings for Regex - + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec - + 7935 Review HTTP/2 error handling (CVE-2022-2048) - + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers - + 7977 UpgradeHttpServletRequest.setAttribute & - UpgradeHttpServletRequest.removeAttribute can throw NullPointerException - + 7994 Ability to construct a detached client Request - + 8014 Review HttpRequest URI construction (CVE-2022-2047) - + 8057 Support Http Response 103 (Early Hints) - + 8067 Wall time usage in DoSFilter RateTracker results in false positive - alert - + 8088 Add option to configure exitVm on ShutdownMonitor from System - properties - + 8161 Improve SSLConnection buffers handling (CVE-2022-2191) - -jetty-9.4.47.v20220610 - 10 June 2022 - + 4717 High CPU spikes with jetty winstone threads - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - + 7801 Session cookie can be set twice after session id changed - + 7855 Remove accidentally included package-info.class in all packages - + 7858 GZipHandler does not play nice with other handlers in HandlerCollection - + 7863 Default servlet drops first accept-encoding header if there is more - than one. - + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec - + 7935 Review HTTP/2 error handling (CVE-2022-2048) - + 8014 Review HttpRequest URI construction (CVE-2022-2047) - + 8067 Wall time usage in DoSFilter RateTracker results in false positive - alert - + 8088 Add option to configure exitVm on ShutdownMonitor from System - properties - -jetty-9.4.46.v20220331 - 31 March 2022 - + 5965 Option --write-module-graph produces wrong .dot file - + 6756 Deprecate `/jetty-spring/` artifact in `jetty-9.4.x` releases - + 7518 ArrayTrie getBest fails to match the empty string entry in certain - cases - + 7548 Interrupt flag is not always cleared in between requests - + 7567 Gzip compression not working for multipart/form-data when added to the - allowed list using addIncludedMimeTypes. - + 7569 Miconfigured headerCacheSize in can result in IllegalArgumentException - + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ - -jetty-10.0.9 - 30 March 2022 - + 5681 Unrecognized jetty-home/start.jar command line option not reported - clearly - + 5965 Option --write-module-graph produces wrong .dot file - + 6879 Remove jminix (not maintained) module as hawtio provide same features - + 7182 jetty.sh start process should remove jetty_state whenever deleting the - pid - + 7344 Incompatible with jacoco due to shutdown race condition - + 7414 QoSFilter.setMaxRequests throws NullPointerException - + 7513 Getter/setter type mismatch for mbean attribute file in class - org.eclipse.jetty.deploy.PropertiesConfigurationManager - + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very - large entry - + 7518 ArrayTrie getBest fails to match the empty string entry in certain - cases - + 7545 Named arguments do not work in jetty-openid.xml - + 7548 Interrupt flag is not always cleared in between requests - + 7567 Gzip compression not working for multipart/form-data when added to the - allowed list using addIncludedMimeTypes. - + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer" - + 7575 Misleading docs for `HttpClientTransportDynamic` - + 7613 Configurations.add(Configuration) results in - UnsupportedOperationException - + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../ - + 7617 Logback-access RequestLog not working - + 7625 HTTP/3 error against www.google.com - + 7677 jetty-maven-plugin - maven internal dependencies included on webapp - classloader - + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and - always uses non-direct buffers (causing GC locking) - + 7688 Read data to native memory from HttpInput - + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to - allow for regex or uri-template matching - jetty-10.0.8 - 07 February 2022 + 2504 Expose more WebSocket details in JMX and Server Dump + 4275 Path Normalization/Traversal - Context Matching @@ -939,6 +995,15 @@ jetty-9.4.44.v20210927 - 27 September 2021 + 6870 Encode control characters in URIUtil.encodePath + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option +jetty-9.4.43.v20210629 - 30 June 2021 + + 6379 Reduce contention in all `ByteBufferPool` implementations + + 6382 HttpClient TimeoutException message reports transient values + + 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout + + 6425 Update to asm 9.1 + + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) + + 6470 java.nio.ReadOnlyBufferException + + 6473 Improve alias checking in PathResource + jetty-11.0.6 - 29 June 2021 + 6375 Always check XML `Set` elements with `property` attribute + 6382 HttpClient TimeoutException message reports transient values @@ -1012,6 +1077,16 @@ jetty-10.0.4 - 04 June 2021 + 6347 session-store-gcloud module broken logging dependency + 6354 org.slfj osgi dependency imports packages at 2.0 +jetty-9.4.42.v20210604 - 04 June 2021 + + 5379 Better handling for wrong SNI + + 5931 SslConnection should implement getBytesIn()/getBytesOut() + + 6118 Display a warning when Hazelcast configuration does not contain Jetty + session serializer + + 6276 Support non-standard domains in SNI and X509 + + 6287 Class loading broken for WebSocketClient used inside webapp + + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests + with timeouts are sent + jetty-11.0.3 - 20 May 2021 + 3764 DeprecationWarning Decorator + 5306 Default jetty.*.acceptors should be 1 @@ -1091,6 +1166,26 @@ jetty-10.0.3 - 20 May 2021 + 6280 Copy ServletHolder class/instance properly during startWebapp + 6287 Class loading broken for WebSocketClient used inside webapp +jetty-9.4.41.v20210516 - 16 May 2021 + + 6099 Cipher preference may break SNI if certificates have different key + types + + 6186 Add Null Protection on Log / Logger + + 6205 OpenIdAuthenticator may use incorrect redirect + + 6208 HTTP/2 max local stream count exceeded + + 6227 Better resolve race between `AsyncListener.onTimeout` and + `AsyncContext.dispatch` + + 6254 Total timeout not enforced for queued requests + + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169) + + 6277 Better handle exceptions thrown from session destroy listener + (CVE-2021-34428) + + 6280 Copy ServletHolder class/instance properly during startWebapp + +jetty-9.4.40.v20210413 - 13 April 2021 + + 6082 SslConnection compacting + + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content + + 6148 Jetty start.jar always reports jetty.tag.version as `master` + + 6168 Improve handling of unconsumed content + jetty-11.0.2 - 26 March 2021 + 4275 Path Normalization/Traversal - Context Matching + 5828 Allow to create a WebSocketContainer passing HttpClient @@ -1128,6 +1223,89 @@ jetty-11.0.2 - 26 March 2021 + 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163 +jetty-10.0.2 - 26 March 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5828 Allow to create a WebSocketContainer passing HttpClient + + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError + + 5835 Review Durable Filters, Servlets and Listeners + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5996 ERROR : No module found to provide logback-impl for + logback-access{enabled} + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + + 6008 Allow absolute paths to be provided in start.ini for request log + directory. + + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong + method taken + + 6020 Review Jetty Maven Plugin scanning defaults + + 6021 Standardize Path resolution in XmlConfiguration + + 6024 Error starting jetty-10: Provider + org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not + found + + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6037 Review logging modules for j.u.l + + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 + (CVE-2021-28165) + + 6076 Embedded Jetty throws null pointer exception + + 6082 SslConnection compacting + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs (CVE-2021-28164) + + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) + +jetty-9.4.39.v20210325 - 25 March 2021 + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer + + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to + work on Android + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 - Resolves + CVE-2021-28165 + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 + + 6102 Exclude webapps directory from deployment scan - Resolves + CVE-2021-28163 + +jetty-9.4.39.v20210325 - 25 March 2021 + + 6034 SslContextFactory may select a wildcard certificate during SNI + selection when a more specific SSL certificate is present + + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer + + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to + work on Android + + 6063 Allow override of hazelcast version when using module + + 6072 jetty server high CPU when client send data length > 17408 + (CVE-2021-28165) + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" + Message + + 6101 Normalize ambiguous URIs (CVE-2021-28164) + + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) + +jetty-9.4.38.v20210224 - 24 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5963 Improve QuotedQualityCSV for CVE-2020-27223 + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + +jetty-9.4.38.v20210224 - 24 February 2021 + + 4275 Path Normalization/Traversal - Context Matching + + 5963 Improve QuotedQualityCSV (CVE-2020-27223) + + 5977 Cache-Control header set by a filter is override by the value from + DefaultServlet configuration + + 5994 QueuedThreadPool "free" threads + + 5999 HttpURI ArrayIndexOutOfBounds + + 6001 Ambiguous URI legacy compliance mode + jetty-11.0.1 - 19 February 2021 + 1673 jetty-demo/etc/keystore should not be distributed + 4275 Path Normalization/Traversal - Context Matching @@ -1184,220 +1362,6 @@ jetty-11.0.1 - 19 February 2021 + 5979 Configurable gzip Etag extension + 5992 Jetty 11 build still depends on apache-jstl -jetty-11.0.0 - 02 December 2020 - + 1923 GCThreadLeakPreventer won't work with Java 9 - + 4711 Reset trailers on recycled response - + 5086 Review Scanner locking - + 5272 The UserStore and PropertyUserStore classes are hard to re-use for - caching eg JDBC data - + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and - sends RST_STREAM - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5488 jetty-dir.css not found when using JPMS - + 5493 StatisticsHandler broken for async applications - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5539 StatisticsServlet output is not valid - + 5555 NPE for servlet with no mapping - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - + 5633 Allow to configure HttpClient request authority - + 5679 Distro argument --list-all-modules does not work - + 5680 No way to see which modules are enabled for the distro - + 5691 HttpInput may skip setting fill interest - -jetty-11.0.0.beta3 - 21 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5287 CompressionPools should use the new jetty-util Pool class - + 5360 demo-spec module incorrectly depends on demo-jndi - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5379 Better handling for wrong SNI - + 5394 Quickstart does not inject/decorate objects - + 5401 Move jetty-http-tools under the project root - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in - ForwardedRequestCustomizer - + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 - + 5451 Improve Working Directory creation - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown - -jetty-11.0.0.beta2 - 02 October 2020 - + 1337 MultiPart Part.write(String fileName) - Write method used unexpected - path - + 1761 Make GzipHandler module more configurable - + 2609 Make finding orphaned expired sessions common across SessionDataStores - + 2796 HTTP/2 max local stream count exceeded when request fails - + 3766 Introduce HTTP/2 API to batch frames - + 3916 multipart/byterange output is invalid to RFC7233 - + 4430 Duplicate generation of servlets/filters/listeners from context xml - with quickstart - + 4572 Replace Jetty Logging with slf4j - + 4736 Update Import-Package version start ranges - + 4808 Review HttpClient Request header APIs - + 4809 Set a max number of requests per connection - + 4824 WebSocket server outgoing message queue memory growth - + 4888 Request getSession() method throws IllegalStateException when Session - exists - + 4919 websocket container stop ordering - + 4954 Simplify ability to get Byte Counts about requests - + 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet() - + 4988 The check for whether a mime type is gzipable modifies (lower-cases) - the content type - + 4996 Warning log printed when debug is enabled in AbstractLifecycle.java - + 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate - + 5018 WebSocketClient connect / upgrade timeout not configurable - + 5019 Automatically hot-reload SSL certificates if keystore file changed - + 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle - events - + 5025 dispatcher.include() with welcome files lead to stack overflow error - + 5029 Open redirect when sending custom Host header to URL with no trailing - forward-slash - + 5032 Introduce Listeners to aid in tracking timings within ServletContext - and WebApp - + 5043 WebSocketListener anonymous classes should be invocable - + 5044 Jetty WebSocket UpgradeRequest & UpgradeResponse types in Jetty 10 - + 5053 CWE-331 in DigestAuthentication class - + 5057 `javax.servlet.include.context_path` attribute on root context. should - be empty string, but is `"/"` - + 5064 NotSerializableException for OpenIdConfiguration - + 5079 authority header for IPv6 address not having square brackets - + 5083 Convert synchronized usages to AutoLock - + 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter - + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2 - client - + 5104 AbstractProxyServlet include incorrect protocol version in Via header - when accessed over H2 - + 5105 Graceful shutdown does not wait for resumed requests - + 5108 Improve SessionTracker scalability - + 5122 Retrieving websocket connections via jmx - + 5129 No jars added when using a folder in extraClasspath of the webapp - context xml file - + 5133 Improve ResourceFactory and Resource list handling - + 5147 Set MaxUsageCount with existing connection pool changing the behavior - + 5150 Zero connection timeout is not supported in HTTP client with - non-blocking connect - + 5152 HttpClient should handle unsolicited responses - + 5162 DecoratingListener raises a NullPointerException - + 5165 Wrong messagesIn count for HttpClient - + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client - Upgrade - + 5171 GzipHandler Vary head should be configurable - + 5174 Reorganize jetty-distribution in version 10.0.0 to encourage jetty-home - vs jetty-base split - + 5178 Update to asm 8.0.1 - + 5185 Introduce DoSFilter Listener for Alert messages - + 5193 WebSocket unimplemented BINARY message handling can result in TEXT - message delivery to fail - + 5198 Update GzipHandler - + 5201 QueuedThreadPool setDetailedDump gives less detail - + 5204 SNI does not work with PKIX - + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE - + 5217 Review RoundRobinConnectionPool - + 5224 HttpServletRequest.getServerName can include port when using - ForwardedRequestCustomizer - + 5233 Bad/Unsupported HTTP version should return 505 not 400 - + 5246 GzipHandler's DeflaterPool should be dumpable - + 5247 Improve ForwardRequestCustomizer authority priority - + 5254 Short list of Jetty modules - + 5256 Cleanup Jetty 10 Start - + 5263 Introduce jetty-home contamination warning - + 5264 Create demo module - + 5268 WARN Ignoring eviction setting: 0 - + 5280 Remove unused methods on SessionHandler - + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415 - Unsupported Media Type - + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty - 10, but a valid value on Jetty 9 - + 5316 Review element in Jetty XML - + 5317 Remove jetty-all from Jetty 10 - + 5324 Jetty XML should support nested elements - + 5327 NPE from jetty test webapp - + 5357 Update http://eclipse.org to https://eclipse.org in source - + 5360 demo-spec module incorrectly depends on demo-jndi - + 5362 Default ProxyServlet cannot proxy to https urls - + 5365 org.eclipse.jetty.server.Request throws NullPointerException if - SessionHandler newHttpSession returns null - -jetty-11.0.0.beta1 - 10 July 2020 - + 1100 JSR356 Encoder#init is not called when created on demand - + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest - + 3428 Support Decoder lists on javax.websocket endpoints - + 4776 Incorrect path matching for WebSocket using PathMappings - + 4826 Upgrade to Apache Jasper 8.5.54 - + 4855 occasional h2spec failures on jenkins - + 4877 Review PathSpec classes - + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in - SETTINGS Frame. - + 4903 Give better errors for non public Websocket Endpoints - + 4904 WebsocketClient creates more connections than needed - + 4920 Restore ability to delete sessions on stop - + 4921 Quickstart run improperly runs dynamically added context initializers - + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like - before - + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies - + 4936 Response header overflow leads to buffer corruptions - + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 - session - + 4967 Possible buffer corruption in HTTP/2 session failures - + 4971 Simplify Connection.upgradeFrom()/upgradeTo() - + 4976 HttpClient async content throws NPE in DEBUG log - + 4981 Incorrect example for TryFilesFilter API docs - + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from - 9.4.26 to 9.4.30 - + 4989 annotation get NPE when parse library contain module-info.class - (example jakarta.xml.ws-api_2.3.2.jar) - + 5000 NPE from Server.dump of FilterMapping - + 5018 WebSocketClient upgrade request timeout not configurable - -jetty-11.0.0-alpha0 - 30 May 2020 - -jetty-10.0.2 - 26 March 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5828 Allow to create a WebSocketContainer passing HttpClient - + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError - + 5835 Review Durable Filters, Servlets and Listeners - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5996 ERROR : No module found to provide logback-impl for - logback-access{enabled} - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode - + 6008 Allow absolute paths to be provided in start.ini for request log - directory. - + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong - method taken - + 6020 Review Jetty Maven Plugin scanning defaults - + 6021 Standardize Path resolution in XmlConfiguration - + 6024 Error starting jetty-10: Provider - org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not - found - + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6037 Review logging modules for j.u.l - + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - (CVE-2021-28165) - + 6076 Embedded Jetty throws null pointer exception - + 6082 SslConnection compacting - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs (CVE-2021-28164) - + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) - jetty-10.0.1 - 19 February 2021 + 1673 jetty-demo/etc/keystore should not be distributed + 4275 Path Normalization/Traversal - Context Matching @@ -1447,78 +1411,21 @@ jetty-10.0.1 - 19 February 2021 DefaultServlet configuration + 5979 Configurable gzip Etag extension -jetty-10.0.0 - 02 December 2020 - + 1923 GCThreadLeakPreventer won't work with Java 9 - + 4711 Reset trailers on recycled response - + 5272 The UserStore and PropertyUserStore classes are hard to re-use for - caching eg JDBC data - + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and - sends RST_STREAM - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5488 jetty-dir.css not found when using JPMS - + 5493 StatisticsHandler broken for async applications - + 5498 Review ServletHolder.getServlet - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5539 StatisticsServlet output is not valid - + 5555 NPE for servlet with no mapping - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - (CVE-2020-27218) - + 5633 Allow to configure HttpClient request authority - + 5679 Distro argument --list-all-modules does not work - + 5680 No way to see which modules are enabled for the distro - + 5691 HttpInput may skip setting fill interest - -jetty-10.0.0.beta3 - 21 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5287 CompressionPools should use the new jetty-util Pool class - + 5360 demo-spec module incorrectly depends on demo-jndi - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5379 Better handling for wrong SNI - + 5394 Quickstart does not inject/decorate objects - + 5401 Move jetty-http-tools under the project root - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in - ForwardedRequestCustomizer - + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 - + 5451 Improve Working Directory creation (CVE-2020-27216) - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown - -jetty-9.4.39.v20210325 - 25 March 2021 - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer - + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to - work on Android - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - Resolves - CVE-2021-28165 - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 - + 6102 Exclude webapps directory from deployment scan - Resolves - CVE-2021-28163 - -jetty-9.4.38.v20210224 - 24 February 2021 +jetty-9.4.37.v20210219 - 19 February 2021 + 4275 Path Normalization/Traversal - Context Matching - + 5963 Improve QuotedQualityCSV for CVE-2020-27223 + + 5492 Add ability to manage start modules by java feature + + 5605 Blocked IO Thread not woken + + 5787 Make ManagedSelector report better JMX data + + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup + + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool + + 5909 Cannot disable HTTP OPTIONS Method + + 5937 Unnecessary blocking in ResourceService + + 5950 Deadlock due to logging inside classloaders + + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223 + + 5973 Proxy client TLS authentication example + 5977 Cache-Control header set by a filter is override by the value from DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode + + 5979 Configurable gzip Etag extension jetty-9.4.37.v20210219 - 19 February 2021 + 4275 Path Normalization/Traversal - Context Matching @@ -1530,7 +1437,7 @@ jetty-9.4.37.v20210219 - 19 February 2021 + 5909 Cannot disable HTTP OPTIONS Method + 5937 Unnecessary blocking in ResourceService + 5950 Deadlock due to logging inside classloaders - + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223 + + 5963 Improve QuotedQualityCSV (CVE-2020-27223) + 5973 Proxy client TLS authentication example + 5977 Cache-Control header set by a filter is override by the value from DefaultServlet configuration @@ -1555,6 +1462,76 @@ jetty-9.4.36.v20210114 - 14 January 2021 + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows due to URI case comparison bug +jetty-9.4.36.v20210114 - 14 January 2021 + + 5310 Jetty Http2 client discards the response frames when there is GOAWAY + and sends RST_STREAM + + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate + + 5633 Allow to configure HttpClient request authority + + 5689 Jetty ssl keystorePath doesn't work with absolute path + + 5755 Cannot configure maxDynamicTableSize on HTTP2Client + + 5783 Fix ConnectionStatistics.*Rate() methods + + 5785 Reduce log level for WebSocket connections closed by clients + + 5794 ServerConnector leaks closed sockets which can lead to file descriptor + exhaustion + + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext + + 5830 Jetty-util contains wrong Import-Package + + 5844 download flag to jetty-start causes NullPointerException + + 5845 Use UTF-8 encoding for client basic auth if requested + + 5855 HttpClient may not send queued requests + + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows + due to URI case comparison bug + +jetty-11.0.0 - 02 December 2020 + + 1923 GCThreadLeakPreventer won't work with Java 9 + + 4711 Reset trailers on recycled response + + 5086 Review Scanner locking + + 5272 The UserStore and PropertyUserStore classes are hard to re-use for + caching eg JDBC data + + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and + sends RST_STREAM + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5488 jetty-dir.css not found when using JPMS + + 5493 StatisticsHandler broken for async applications + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5539 StatisticsServlet output is not valid + + 5555 NPE for servlet with no mapping + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + + 5633 Allow to configure HttpClient request authority + + 5679 Distro argument --list-all-modules does not work + + 5680 No way to see which modules are enabled for the distro + + 5691 HttpInput may skip setting fill interest + +jetty-10.0.0 - 02 December 2020 + + 1923 GCThreadLeakPreventer won't work with Java 9 + + 4711 Reset trailers on recycled response + + 5272 The UserStore and PropertyUserStore classes are hard to re-use for + caching eg JDBC data + + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and + sends RST_STREAM + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5488 jetty-dir.css not found when using JPMS + + 5493 StatisticsHandler broken for async applications + + 5498 Review ServletHolder.getServlet + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5539 StatisticsServlet output is not valid + + 5555 NPE for servlet with no mapping + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + (CVE-2020-27218) + + 5633 Allow to configure HttpClient request authority + + 5679 Distro argument --list-all-modules does not work + + 5680 No way to see which modules are enabled for the distro + + 5691 HttpInput may skip setting fill interest + jetty-9.4.35.v20201120 - 20 November 2020 + 4711 Reset trailers on recycled response + 5486 PropertyFileLoginModule retains PropertyUserStores @@ -1565,6 +1542,25 @@ jetty-9.4.35.v20201120 - 20 November 2020 Resolves CVE-2020-27218 + 5633 Allow to configure HttpClient request authority +jetty-9.4.35.v20201120 - 20 November 2020 + + 4711 Reset trailers on recycled response + + 5486 PropertyFileLoginModule retains PropertyUserStores + + 5539 StatisticsServlet output is not valid + + 5562 ArrayTernaryTrie consumes too much memory + + 5575 Add SEARCH as a known HttpMethod + + 5605 java.io.IOException: unconsumed input during http request parsing + (CVE-2020-27218) + + 5633 Allow to configure HttpClient request authority + +jetty-9.4.34.v20201102 - 02 November 2020 + + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty + web application causes ClassCastException + + 5488 jetty-dir.css not found when using JPMS + + 5498 ServletHolder lifecycle correctness + + 5521 ResourceCollection NPE in list() + + 5535 Support regex in SslContextFactory include/exclude of protocols + + 5555 NPE for servlet with no mapping + jetty-9.4.34.v20201102 - 02 November 2020 + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty web application causes ClassCastException @@ -1574,6 +1570,52 @@ jetty-9.4.34.v20201102 - 02 November 2020 + 5535 Support regex in SslContextFactory include/exclude of protocols + 5555 NPE for servlet with no mapping +jetty-11.0.0.beta3 - 21 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5287 CompressionPools should use the new jetty-util Pool class + + 5360 demo-spec module incorrectly depends on demo-jndi + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5379 Better handling for wrong SNI + + 5394 Quickstart does not inject/decorate objects + + 5401 Move jetty-http-tools under the project root + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 + + 5451 Improve Working Directory creation + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + +jetty-10.0.0.beta3 - 21 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5287 CompressionPools should use the new jetty-util Pool class + + 5360 demo-spec module incorrectly depends on demo-jndi + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5379 Better handling for wrong SNI + + 5394 Quickstart does not inject/decorate objects + + 5401 Move jetty-http-tools under the project root + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 + + 5451 Improve Working Directory creation (CVE-2020-27216) + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + jetty-9.4.33.v20201020 - 20 October 2020 + 5022 Cleanup ServletHandler, specifically with respect to making filter chains more extensible @@ -1591,7 +1633,24 @@ jetty-9.4.33.v20201020 - 20 October 2020 + 5475 Update to spifly 1.3.2 and asm 9 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown -jetty-10.0.0.beta2 - 02 October 2020 +jetty-9.4.33.v20201020 - 20 October 2020 + + 5022 Cleanup ServletHandler, specifically with respect to making filter + chains more extensible + + 5368 WebSocket text event execute in same thread as running binary event and + destroy Threadlocal + + 5378 Filter/Servlet/Listener Holders are not started if added during + STARTING state. + + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" + + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port + produced by ForwardedHeader + + 5443 Request without Host header fails with NullPointerException in + ForwardedRequestCustomizer + + 5451 Improve Working Directory creation (CVE-2020-27216) + + 5454 Request error context is not reset + + 5475 Update to spifly 1.3.2 and asm 9 + + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + +jetty-11.0.0.beta2 - 02 October 2020 + 1337 MultiPart Part.write(String fileName) - Write method used unexpected path + 1761 Make GzipHandler module more configurable @@ -1630,9 +1689,7 @@ jetty-10.0.0.beta2 - 02 October 2020 + 5057 `javax.servlet.include.context_path` attribute on root context. should be empty string, but is `"/"` + 5064 NotSerializableException for OpenIdConfiguration - + 5069 HttpClientTimeoutTests can occasionally fail due to unreachable network + 5079 authority header for IPv6 address not having square brackets - + 5081 Review HouseKeeper locking + 5083 Convert synchronized usages to AutoLock + 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2 @@ -1645,7 +1702,6 @@ jetty-10.0.0.beta2 - 02 October 2020 + 5129 No jars added when using a folder in extraClasspath of the webapp context xml file + 5133 Improve ResourceFactory and Resource list handling - + 5137 WebAppContext Tests need cleanup + 5147 Set MaxUsageCount with existing connection pool changing the behavior + 5150 Zero connection timeout is not supported in HTTP client with non-blocking connect @@ -1655,7 +1711,8 @@ jetty-10.0.0.beta2 - 02 October 2020 + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client Upgrade + 5171 GzipHandler Vary head should be configurable - + 5174 Remove jetty-distribution in favor of jetty-home + + 5174 Reorganize jetty-distribution in version 10.0.0 to encourage jetty-home + vs jetty-base split + 5178 Update to asm 8.0.1 + 5185 Introduce DoSFilter Listener for Alert messages + 5193 WebSocket unimplemented BINARY message handling can result in TEXT @@ -1682,7 +1739,6 @@ jetty-10.0.0.beta2 - 02 October 2020 10, but a valid value on Jetty 9 + 5316 Review element in Jetty XML + 5317 Remove jetty-all from Jetty 10 - + 5321 javadoc:aggregate-jar broken in Jetty 10 + 5324 Jetty XML should support nested elements + 5327 NPE from jetty test webapp + 5357 Update http://eclipse.org to https://eclipse.org in source @@ -1691,172 +1747,105 @@ jetty-10.0.0.beta2 - 02 October 2020 + 5365 org.eclipse.jetty.server.Request throws NullPointerException if SessionHandler newHttpSession returns null -jetty-10.0.0.beta1 - 10 July 2020 - + 1100 JSR356 Encoder#init is not called when created on demand - + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest - + 3428 Support Decoder lists on javax.websocket endpoints - + 4741 getHttpServletMapping for async dispatch - + 4776 Incorrect path matching for WebSocket using PathMappings - + 4826 Upgrade to Apache Jasper 8.5.54 - + 4855 occasional h2spec failures on jenkins - + 4877 Review PathSpec classes - + 4885 setCookie() must not change the headers in a response during an include - + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in - SETTINGS Frame. - + 4903 Give better errors for non public Websocket Endpoints - + 4904 WebsocketClient creates more connections than needed - + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro - + 4920 Restore ability to delete sessions on stop - + 4921 Quickstart run improperly runs dynamically added context initializers - + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like - before - + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies - + 4936 Response header overflow leads to buffer corruptions - + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 - session - + 4967 Possible buffer corruption in HTTP/2 session failures - + 4971 Simplify Connection.upgradeFrom()/upgradeTo() - + 4976 HttpClient async content throws NPE in DEBUG log - + 4981 Incorrect example for TryFilesFilter API docs - + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from - 9.4.26 to 9.4.30 - + 4989 annotation get NPE when parse library contain module-info.class - (example jakarta.xml.ws-api_2.3.2.jar) - + 5000 NPE from Server.dump of FilterMapping - + 5018 WebSocketClient upgrade request timeout not configurable - -jetty-9.4.43.v20210629 - 30 June 2021 - + 6379 Reduce contention in all `ByteBufferPool` implementations - + 6382 HttpClient TimeoutException message reports transient values - + 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout - + 6425 Update to asm 9.1 - + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429) - + 6470 java.nio.ReadOnlyBufferException - + 6473 Improve alias checking in PathResource - -jetty-9.4.42.v20210604 - 04 June 2021 - + 5379 Better handling for wrong SNI - + 5931 SslConnection should implement getBytesIn()/getBytesOut() - + 6118 Display a warning when Hazelcast configuration does not contain Jetty - session serializer - + 6276 Support non-standard domains in SNI and X509 - + 6287 Class loading broken for WebSocketClient used inside webapp - + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests - with timeouts are sent - -jetty-9.4.41.v20210516 - 16 May 2021 - + 6099 Cipher preference may break SNI if certificates have different key - types - + 6186 Add Null Protection on Log / Logger - + 6205 OpenIdAuthenticator may use incorrect redirect - + 6208 HTTP/2 max local stream count exceeded - + 6227 Better resolve race between `AsyncListener.onTimeout` and - `AsyncContext.dispatch` - + 6254 Total timeout not enforced for queued requests - + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169) - + 6277 Better handle exceptions thrown from session destroy listener - (CVE-2021-34428) - + 6280 Copy ServletHolder class/instance properly during startWebapp - -jetty-9.4.40.v20210413 - 13 April 2021 - + 6082 SslConnection compacting - + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content - + 6148 Jetty start.jar always reports jetty.tag.version as `master` - + 6168 Improve handling of unconsumed content - -jetty-9.4.39.v20210325 - 25 March 2021 - + 6034 SslContextFactory may select a wildcard certificate during SNI - selection when a more specific SSL certificate is present - + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer - + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to - work on Android - + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - (CVE-2021-28165) - + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" - Message - + 6101 Normalize ambiguous URIs (CVE-2021-28164) - + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163) - -jetty-9.4.38.v20210224 - 24 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5963 Improve QuotedQualityCSV (CVE-2020-27223) - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5994 QueuedThreadPool "free" threads - + 5999 HttpURI ArrayIndexOutOfBounds - + 6001 Ambiguous URI legacy compliance mode - -jetty-9.4.37.v20210219 - 19 February 2021 - + 4275 Path Normalization/Traversal - Context Matching - + 5492 Add ability to manage start modules by java feature - + 5605 Blocked IO Thread not woken - + 5787 Make ManagedSelector report better JMX data - + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup - + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool - + 5909 Cannot disable HTTP OPTIONS Method - + 5937 Unnecessary blocking in ResourceService - + 5950 Deadlock due to logging inside classloaders - + 5963 Improve QuotedQualityCSV (CVE-2020-27223) - + 5973 Proxy client TLS authentication example - + 5977 Cache-Control header set by a filter is override by the value from - DefaultServlet configuration - + 5979 Configurable gzip Etag extension - -jetty-9.4.36.v20210114 - 14 January 2021 - + 5310 Jetty Http2 client discards the response frames when there is GOAWAY - and sends RST_STREAM - + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate - + 5633 Allow to configure HttpClient request authority - + 5689 Jetty ssl keystorePath doesn't work with absolute path - + 5755 Cannot configure maxDynamicTableSize on HTTP2Client - + 5783 Fix ConnectionStatistics.*Rate() methods - + 5785 Reduce log level for WebSocket connections closed by clients - + 5794 ServerConnector leaks closed sockets which can lead to file descriptor - exhaustion - + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext - + 5830 Jetty-util contains wrong Import-Package - + 5844 download flag to jetty-start causes NullPointerException - + 5845 Use UTF-8 encoding for client basic auth if requested - + 5855 HttpClient may not send queued requests - + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows - due to URI case comparison bug - -jetty-9.4.35.v20201120 - 20 November 2020 - + 4711 Reset trailers on recycled response - + 5486 PropertyFileLoginModule retains PropertyUserStores - + 5539 StatisticsServlet output is not valid - + 5562 ArrayTernaryTrie consumes too much memory - + 5575 Add SEARCH as a known HttpMethod - + 5605 java.io.IOException: unconsumed input during http request parsing - (CVE-2020-27218) - + 5633 Allow to configure HttpClient request authority - -jetty-9.4.34.v20201102 - 02 November 2020 - + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty - web application causes ClassCastException - + 5488 jetty-dir.css not found when using JPMS - + 5498 ServletHolder lifecycle correctness - + 5521 ResourceCollection NPE in list() - + 5535 Support regex in SslContextFactory include/exclude of protocols - + 5555 NPE for servlet with no mapping - -jetty-9.4.33.v20201020 - 20 October 2020 - + 5022 Cleanup ServletHandler, specifically with respect to making filter - chains more extensible - + 5368 WebSocket text event execute in same thread as running binary event and - destroy Threadlocal - + 5378 Filter/Servlet/Listener Holders are not started if added during - STARTING state. - + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT" - + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port - produced by ForwardedHeader - + 5443 Request without Host header fails with NullPointerException in +jetty-10.0.0.beta2 - 02 October 2020 + + 1337 MultiPart Part.write(String fileName) - Write method used unexpected + path + + 1761 Make GzipHandler module more configurable + + 2609 Make finding orphaned expired sessions common across SessionDataStores + + 2796 HTTP/2 max local stream count exceeded when request fails + + 3766 Introduce HTTP/2 API to batch frames + + 3916 multipart/byterange output is invalid to RFC7233 + + 4430 Duplicate generation of servlets/filters/listeners from context xml + with quickstart + + 4572 Replace Jetty Logging with slf4j + + 4736 Update Import-Package version start ranges + + 4808 Review HttpClient Request header APIs + + 4809 Set a max number of requests per connection + + 4824 WebSocket server outgoing message queue memory growth + + 4888 Request getSession() method throws IllegalStateException when Session + exists + + 4919 websocket container stop ordering + + 4954 Simplify ability to get Byte Counts about requests + + 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet() + + 4988 The check for whether a mime type is gzipable modifies (lower-cases) + the content type + + 4996 Warning log printed when debug is enabled in AbstractLifecycle.java + + 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate + + 5018 WebSocketClient connect / upgrade timeout not configurable + + 5019 Automatically hot-reload SSL certificates if keystore file changed + + 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle + events + + 5025 dispatcher.include() with welcome files lead to stack overflow error + + 5029 Open redirect when sending custom Host header to URL with no trailing + forward-slash + + 5032 Introduce Listeners to aid in tracking timings within ServletContext + and WebApp + + 5043 WebSocketListener anonymous classes should be invocable + + 5044 Jetty WebSocket UpgradeRequest & UpgradeResponse types in Jetty 10 + + 5053 CWE-331 in DigestAuthentication class + + 5057 `javax.servlet.include.context_path` attribute on root context. should + be empty string, but is `"/"` + + 5064 NotSerializableException for OpenIdConfiguration + + 5069 HttpClientTimeoutTests can occasionally fail due to unreachable network + + 5079 authority header for IPv6 address not having square brackets + + 5081 Review HouseKeeper locking + + 5083 Convert synchronized usages to AutoLock + + 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter + + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2 + client + + 5104 AbstractProxyServlet include incorrect protocol version in Via header + when accessed over H2 + + 5105 Graceful shutdown does not wait for resumed requests + + 5108 Improve SessionTracker scalability + + 5122 Retrieving websocket connections via jmx + + 5129 No jars added when using a folder in extraClasspath of the webapp + context xml file + + 5133 Improve ResourceFactory and Resource list handling + + 5137 WebAppContext Tests need cleanup + + 5147 Set MaxUsageCount with existing connection pool changing the behavior + + 5150 Zero connection timeout is not supported in HTTP client with + non-blocking connect + + 5152 HttpClient should handle unsolicited responses + + 5162 DecoratingListener raises a NullPointerException + + 5165 Wrong messagesIn count for HttpClient + + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client + Upgrade + + 5171 GzipHandler Vary head should be configurable + + 5174 Remove jetty-distribution in favor of jetty-home + + 5178 Update to asm 8.0.1 + + 5185 Introduce DoSFilter Listener for Alert messages + + 5193 WebSocket unimplemented BINARY message handling can result in TEXT + message delivery to fail + + 5198 Update GzipHandler + + 5201 QueuedThreadPool setDetailedDump gives less detail + + 5204 SNI does not work with PKIX + + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE + + 5217 Review RoundRobinConnectionPool + + 5224 HttpServletRequest.getServerName can include port when using ForwardedRequestCustomizer - + 5451 Improve Working Directory creation (CVE-2020-27216) - + 5454 Request error context is not reset - + 5475 Update to spifly 1.3.2 and asm 9 - + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + + 5233 Bad/Unsupported HTTP version should return 505 not 400 + + 5246 GzipHandler's DeflaterPool should be dumpable + + 5247 Improve ForwardRequestCustomizer authority priority + + 5254 Short list of Jetty modules + + 5256 Cleanup Jetty 10 Start + + 5263 Introduce jetty-home contamination warning + + 5264 Create demo module + + 5268 WARN Ignoring eviction setting: 0 + + 5280 Remove unused methods on SessionHandler + + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415 + Unsupported Media Type + + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty + 10, but a valid value on Jetty 9 + + 5316 Review element in Jetty XML + + 5317 Remove jetty-all from Jetty 10 + + 5321 javadoc:aggregate-jar broken in Jetty 10 + + 5324 Jetty XML should support nested elements + + 5327 NPE from jetty test webapp + + 5357 Update http://eclipse.org to https://eclipse.org in source + + 5360 demo-spec module incorrectly depends on demo-jndi + + 5362 Default ProxyServlet cannot proxy to https urls + + 5365 org.eclipse.jetty.server.Request throws NullPointerException if + SessionHandler newHttpSession returns null jetty-9.4.32.v20200930 - 30 September 2020 + 2796 HTTP/2 max local stream count exceeded when request fails @@ -1933,6 +1922,71 @@ jetty-9.4.31.v20200723 - 23 July 2020 be empty string, but is `"/"` + 5064 NotSerializableException for OpenIdConfiguration +jetty-11.0.0.beta1 - 10 July 2020 + + 1100 JSR356 Encoder#init is not called when created on demand + + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest + + 3428 Support Decoder lists on javax.websocket endpoints + + 4776 Incorrect path matching for WebSocket using PathMappings + + 4826 Upgrade to Apache Jasper 8.5.54 + + 4855 occasional h2spec failures on jenkins + + 4877 Review PathSpec classes + + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in + SETTINGS Frame. + + 4903 Give better errors for non public Websocket Endpoints + + 4904 WebsocketClient creates more connections than needed + + 4920 Restore ability to delete sessions on stop + + 4921 Quickstart run improperly runs dynamically added context initializers + + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like + before + + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + + 4936 Response header overflow leads to buffer corruptions + + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 + session + + 4967 Possible buffer corruption in HTTP/2 session failures + + 4971 Simplify Connection.upgradeFrom()/upgradeTo() + + 4976 HttpClient async content throws NPE in DEBUG log + + 4981 Incorrect example for TryFilesFilter API docs + + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from + 9.4.26 to 9.4.30 + + 4989 annotation get NPE when parse library contain module-info.class + (example jakarta.xml.ws-api_2.3.2.jar) + + 5000 NPE from Server.dump of FilterMapping + + 5018 WebSocketClient upgrade request timeout not configurable + +jetty-10.0.0.beta1 - 10 July 2020 + + 1100 JSR356 Encoder#init is not called when created on demand + + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest + + 3428 Support Decoder lists on javax.websocket endpoints + + 4741 getHttpServletMapping for async dispatch + + 4776 Incorrect path matching for WebSocket using PathMappings + + 4826 Upgrade to Apache Jasper 8.5.54 + + 4855 occasional h2spec failures on jenkins + + 4877 Review PathSpec classes + + 4885 setCookie() must not change the headers in a response during an include + + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in + SETTINGS Frame. + + 4903 Give better errors for non public Websocket Endpoints + + 4904 WebsocketClient creates more connections than needed + + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro + + 4920 Restore ability to delete sessions on stop + + 4921 Quickstart run improperly runs dynamically added context initializers + + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like + before + + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + + 4936 Response header overflow leads to buffer corruptions + + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2 + session + + 4967 Possible buffer corruption in HTTP/2 session failures + + 4971 Simplify Connection.upgradeFrom()/upgradeTo() + + 4976 HttpClient async content throws NPE in DEBUG log + + 4981 Incorrect example for TryFilesFilter API docs + + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from + 9.4.26 to 9.4.30 + + 4989 annotation get NPE when parse library contain module-info.class + (example jakarta.xml.ws-api_2.3.2.jar) + + 5000 NPE from Server.dump of FilterMapping + + 5018 WebSocketClient upgrade request timeout not configurable + jetty-9.4.30.v20200611 - 11 June 2020 + 4776 Incorrect path matching for WebSocket using PathMappings + 4826 Upgrade to Apache Jasper 8.5.54 @@ -1953,6 +2007,8 @@ jetty-9.4.30.v20200611 - 11 June 2020 + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + 4936 Response header overflow leads to buffer corruptions (CVE-2019-17638) +jetty-11.0.0-alpha0 - 30 May 2020 + jetty-9.4.29.v20200521 - 21 May 2020 + 2188 Lock contention creating HTTP/2 streams + 4235 communicate the reason of failure to the OpenID error page @@ -2132,6 +2188,14 @@ jetty-9.4.23.v20191118 - 18 November 2019 + 4325 Deprecate SniX509ExtendedKeyManager constructor without SslContextFactory$Server +jetty-9.3.28.v20191105 - 05 November 2019 + + 3989 Inform custom ManagedSelector of dead selector via optional + onFailedSelect() + + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + +jetty-9.2.29.v20191105 - 05 November 2019 + + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + jetty-9.4.22.v20191022 - 22 October 2019 + 2429 HttpClient backpressure improved + 3558 Error notifications can be received after a successful websocket @@ -2328,6 +2392,18 @@ jetty-9.4.17.v20190418 - 18 April 2019 + 3555 DefaultHandler Reveals Base Resource Path of each Context (CVE-2019-10247) +jetty-9.3.27.v20190418 - 18 April 2019 + + 3549 Directory Listing on Windows reveals Resource Base path + (CVE-2019-10246) + + 3555 DefaultHandler Reveals Base Resource Path of each Context + (CVE-2019-10247) + +jetty-9.2.28.v20190418 - 18 April 2019 + + 3549 Directory Listing on Windows reveals Resource Base path + (CVE-2019-10246) + + 3555 DefaultHandler Reveals Base Resource Path of each Context + (CVE-2019-10247) + jetty-9.4.16.v20190411 - 11 April 2019 + 1861 Limit total bytes pooled by ByteBufferPools + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException` @@ -2358,6 +2434,18 @@ jetty-9.4.16.v20190411 - 11 April 2019 + 3540 Use configured Provider in SslContextFactory consistently + 3545 NullPointerException on ServletOutputStream.print(""); +jetty-9.3.26.v20190403 - 03 April 2019 + + 2954 Improve cause reporting for HttpClient failures + + 3274 OSGi versions of java.base classes in + org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ + + 3302 Support host:port in X-Forwarded-For header in + ForwardedRequestCustomizer + + 3319 Allow reverse sort for directory listed files (CVE-2019-10241) + +jetty-9.2.27.v20190403 - 03 April 2019 + + 3319 Refactored Directory Listing to modernize and avoid XSS + (CVE-2019-10241) + jetty-9.4.15.v20190215 - 15 February 2019 + 113 Add support for NCSA Extended Log File Format + 150 extraClasspath() method on WebAppContext dont support dir path @@ -2401,38 +2489,6 @@ jetty-9.4.15.v20190215 - 15 February 2019 + 3350 Do not expect to be able to connect to https URLs with the HttpClient created from a parameterless constructor -jetty-9.3.28.v20191105 - 05 November 2019 - + 3989 Inform custom ManagedSelector of dead selector via optional - onFailedSelect() - + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop - -jetty-9.3.27.v20190418 - 18 April 2019 - + 3549 Directory Listing on Windows reveals Resource Base path - (CVE-2019-10246) - + 3555 DefaultHandler Reveals Base Resource Path of each Context - (CVE-2019-10247) - -jetty-9.3.26.v20190403 - 03 April 2019 - + 2954 Improve cause reporting for HttpClient failures - + 3274 OSGi versions of java.base classes in - org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ - + 3302 Support host:port in X-Forwarded-For header in - ForwardedRequestCustomizer - + 3319 Allow reverse sort for directory listed files (CVE-2019-10241) - -jetty-9.2.29.v20191105 - 05 November 2019 - + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop - -jetty-9.2.28.v20190418 - 18 April 2019 - + 3549 Directory Listing on Windows reveals Resource Base path - (CVE-2019-10246) - + 3555 DefaultHandler Reveals Base Resource Path of each Context - (CVE-2019-10247) - -jetty-9.2.27.v20190403 - 03 April 2019 - + 3319 Refactored Directory Listing to modernize and avoid XSS - (CVE-2019-10241) - jetty-9.4.14.v20181114 - 14 November 2018 + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls + 3104 Align jetty-schemas version within apache-jsp module as well @@ -2773,6 +2829,16 @@ jetty-9.4.9.v20180320 - 20 March 2018 jetty-9.2.24.v20180105 - 05 January 2018 + 2065 Backport #347 to Jetty 9.2.x. HttpClient Idle timeout connection reuse +jetty-9.2.23.v20171218 - 18 December 2017 + + 1556 Remove a timing channel in Password matching + + 1685 Update ALPN support for Java 8u141 + + 1702 Update ALPN support for Java 8u144 + + 1914 HttpClient fails to parse Content-Type response header with RFC 2045 + charset="utf-8" syntax + + 2065 Backport #347 to Jetty 9.2.x + + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with + CONNECT + jetty-9.4.8.v20171121 - 21 November 2017 + 212 HttpClient should support pluggable AuthenticationStore + 215 Add Conscrypt for native ALPN/TLS/SSL @@ -2848,6 +2914,44 @@ jetty-9.4.8.v20171121 - 21 November 2017 + 1981 Loading resource content failed + 1984 Remove jetty-client dependency in jetty-rewrite +jetty-9.3.22.v20171030 - 30 October 2017 + + 1213 Upgrade to ASM Version 6.0_ALPHA for JDK9 + + 1692 Annotation scanning should ignore `module-info.class` files + + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks + + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning + + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements + + 1901 Reimplement PathWatcher as scanner + + 1912 AbstractConnector EndPoint leak for failed SSL connections + + 1914 jetty client fails to parse response with RFC2045 conformant + Content-Type: charset="utf-8" + + 1928 Backport #1705 to jetty-9.3.x. Fixed leak on Rejected execution + +jetty-9.3.21.v20170918 - 18 September 2017 + + 487 JDK 9 build compatibility + + 1116 Support empty HTTP header values + + 1357 RolloverFileOutputStream: No rollout performed at midnight + + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled + + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception + + 1513 RolloverFileOutputStream: can't handle multiple instances + + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior + + 1556 Remove a timing channel in Password matching + + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones + + 1655 Improve extensibility of ServerConnector + + 1661 AbstractProxyServlet onProxyResponseFailure Error + + 1664 IPAccessHandler CIDR IP range check is incorrect + + 1685 Update ALPN support for Java 8u141 + + 1687 HTTP2: Correcting missing callback notification when channel not found + + 1702 Update ALPN support for Java 8u144 + + 1703 Improve HttpInput failure logging + + 1719 HTTP/2: Improve handling of queued requests + + 1741 Java 9 javadoc failure in build + + 1749 Dump HttpDestination exchange queue + + 1750 PoolingHttpDestination creates ConnectionPool twice + + 1759 HTTP/2: producer can block in onReset + + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint + + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with + CONNECT + jetty-9.4.7.v20170914 - 14 September 2017 + 215 Consider native ALPN/SSL provider + 487 JDK 9 build compatibility @@ -2941,27 +3045,18 @@ jetty-9.4.7.v20170914 - 14 September 2017 + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with CONNECT -jetty-9.2.23.v20171218 - 18 December 2017 - + 1556 Remove a timing channel in Password matching - + 1685 Update ALPN support for Java 8u141 - + 1702 Update ALPN support for Java 8u144 - + 1914 HttpClient fails to parse Content-Type response header with RFC 2045 - charset="utf-8" syntax - + 2065 Backport #347 to Jetty 9.2.x - + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with - CONNECT - -jetty-9.3.22.v20171030 - 30 October 2017 - + 1213 Upgrade to ASM Version 6.0_ALPHA for JDK9 - + 1692 Annotation scanning should ignore `module-info.class` files - + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks - + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning - + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements - + 1901 Reimplement PathWatcher as scanner - + 1912 AbstractConnector EndPoint leak for failed SSL connections - + 1914 jetty client fails to parse response with RFC2045 conformant - Content-Type: charset="utf-8" - + 1928 Backport #1705 to jetty-9.3.x. Fixed leak on Rejected execution +jetty-9.2.22.v20170606 - 06 June 2017 + + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar + + 1108 Please improve logging in SslContextFactory when there are no approved + cipher suites + + 1357 RolloverFileOutputStream: No rollout performed at midnight + + 1469 IllegalStateException in RolloverFileOutputStream + + 1507 Negative delay Timer.schedule exception due to mismatched local and + _logTimeZone values + + 1532 RolloverFileOutputStream can't handle multiple instances + + 1523 Update ALPN support for Java 8u131 + + 1556 A timing channel in Password.java + + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+ jetty-9.4.6.v20170531 - 31 May 2017 + 523 TLS close behaviour breaking session resumption @@ -2991,31 +3086,13 @@ jetty-9.4.6.v20170531 - 31 May 2017 + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy + 1579 NPE in Quoted Quality CSV -jetty-9.3.21.v20170918 - 18 September 2017 - + 487 JDK 9 build compatibility - + 1116 Support empty HTTP header values - + 1357 RolloverFileOutputStream: No rollout performed at midnight - + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled - + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception - + 1513 RolloverFileOutputStream: can't handle multiple instances - + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior - + 1556 Remove a timing channel in Password matching - + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones - + 1655 Improve extensibility of ServerConnector - + 1661 AbstractProxyServlet onProxyResponseFailure Error - + 1664 IPAccessHandler CIDR IP range check is incorrect - + 1685 Update ALPN support for Java 8u141 - + 1687 HTTP2: Correcting missing callback notification when channel not found - + 1702 Update ALPN support for Java 8u144 - + 1703 Improve HttpInput failure logging - + 1719 HTTP/2: Improve handling of queued requests - + 1741 Java 9 javadoc failure in build - + 1749 Dump HttpDestination exchange queue - + 1750 PoolingHttpDestination creates ConnectionPool twice - + 1759 HTTP/2: producer can block in onReset - + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint - + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with - CONNECT +jetty-9.3.20.v20170531 - 31 May 2017 + + 523 TLS close behaviour breaking session resumption + + 1108 Improve logging in SslContextFactory when there are no approved cipher + suites + + 1527 Jetty BOM should not depend on jetty-parent + + 1556 A timing channel in Password.java + + 1567 XmlConfiguration will start the same object multiple times jetty-9.4.5.v20170502 - 02 May 2017 + 304 Review dead code - StringUtil.sidBytesToString @@ -3049,27 +3126,6 @@ jetty-9.4.5.v20170502 - 02 May 2017 + 1521 Prevent copy of jetty jars to lib/gcloud + 1523 Update ALPN support for Java 8u131 -jetty-9.3.20.v20170531 - 31 May 2017 - + 523 TLS close behaviour breaking session resumption - + 1108 Improve logging in SslContextFactory when there are no approved cipher - suites - + 1527 Jetty BOM should not depend on jetty-parent - + 1556 A timing channel in Password.java - + 1567 XmlConfiguration will start the same object multiple times - -jetty-9.2.22.v20170606 - 06 June 2017 - + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar - + 1108 Please improve logging in SslContextFactory when there are no approved - cipher suites - + 1357 RolloverFileOutputStream: No rollout performed at midnight - + 1469 IllegalStateException in RolloverFileOutputStream - + 1507 Negative delay Timer.schedule exception due to mismatched local and - _logTimeZone values - + 1532 RolloverFileOutputStream can't handle multiple instances - + 1523 Update ALPN support for Java 8u131 - + 1556 A timing channel in Password.java - + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+ - jetty-9.3.19.v20170502 - 02 May 2017 + 877 Programmatic servlet mappings cannot override mappings from webdefault.xml using quickstart @@ -3605,6 +3661,19 @@ jetty-9.3.12.v20160915 - 15 September 2016 + 913 Unprotected debug in WebAppClassLoader + 922 Implements methods Connection.getBytes[In|Out]() +jetty-9.2.19.v20160908 - 08 September 2016 + + 817 NPE in jndi Resource + + 830 Test webapp not properly copied to demo-base + + 832 ServerWithJNDI example uses wrong webapp + + 851 MBeanContainer no longer unregisters MBeans when "stopped" + + 868 ClassLoader leak with Jetty and Karaf - static instances of + java.lang.Throwable + + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class + + 882 Add IPv6 support to IPAddressMap in jetty-util + + 894 When adding servless class, preserve Class instead of going through + String + + 899 PathFinderTest fails in jetty-9.2.x + jetty-9.4.0.M1 - 15 August 2016 + 185 Implement RFC 7239 (Forwarded header) + 213 jetty.osgi.boot requires Server services registered before @@ -3761,19 +3830,6 @@ jetty-9.3.11.v20160721 - 21 July 2016 + 755 NPE in HttpChannelOverHTTP2.requestContent() + 756 Filter problematic headers from CGI and FastCGIProxy -jetty-9.2.19.v20160908 - 08 September 2016 - + 817 NPE in jndi Resource - + 830 Test webapp not properly copied to demo-base - + 832 ServerWithJNDI example uses wrong webapp - + 851 MBeanContainer no longer unregisters MBeans when "stopped" - + 868 ClassLoader leak with Jetty and Karaf - static instances of - java.lang.Throwable - + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class - + 882 Add IPv6 support to IPAddressMap in jetty-util - + 894 When adding servless class, preserve Class instead of going through - String - + 899 PathFinderTest fails in jetty-9.2.x - jetty-9.2.18.v20160721 - 21 July 2016 + 425 Incorrect @ServerEndpoint Encoder/Decoder lifecycle + 649 LDAPLoginModule should disallow blank username and password @@ -4359,6 +4415,11 @@ jetty-9.3.1.v20150714 - 14 July 2015 + 472422 Custom status codes result in a NumberFormatException while using http2. +jetty-9.2.12.v20150709 - 09 July 2015 + + 469414 Proxied redirects expose upstream server name + + 469936 Remove usages of SpinLock + + 470184 Send the proxy-to-server request more lazily + jetty-9.3.0.v20150612 - 12 June 2015 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload data @@ -4542,11 +4603,6 @@ jetty-9.3.0.v20150612 - 12 June 2015 --add-to-start + 469991 Fix logging levels in websocket client UpgradeConnection -jetty-9.2.12.v20150709 - 09 July 2015 - + 469414 Proxied redirects expose upstream server name - + 469936 Remove usages of SpinLock - + 470184 Send the proxy-to-server request more lazily - jetty-9.2.11.v20150529 - 29 May 2015 + 461499 ConnectionPool may leak connections + 463579 Add support for 308 status code @@ -5380,6 +5436,30 @@ jetty-9.2.0.M1 - 08 May 2014 + 434077 AnnotatedServerEndpointTest emits strange exception + 434247 Redirect loop in FastCGI proxying for HTTPS sites +jetty-9.1.5.v20140505 - 05 May 2014 + + 431459 Jetty WebSocket compression extensions fails to handle big messages + properly + + 431519 Fixed NetworkTrafficListener + + 432145 Pending request is not failed when HttpClient is stopped + + 432270 Slow requests with response content delimited by EOF fail + + 432473 web.xml declaration order of filters not preserved on calls to init() + + 432483 make osgi.serviceloader support for + javax.servlet.ServletContainerInitializer optional (cherry picked from + commit 31043d25708edbea9ef31948093f4eaf2247919b) + + 432528 IllegalStateException when using DeferredContentProvider + + 432777 Async Write Loses Data with HTTPS Server + + 432901 ensure a single onError callback only in pending and unready states + + 432993 Improve handling of ProxyTo and Prefix parameters in + ProxyServlet.Transparent. + + 433365 No such servlet: + __org.eclipse.jetty.servlet.JspPropertyGroupServlet__ (cherry picked from + commit e2ed934978b958d6fccb28a8a5d04768f7c0432d) + + 433370 PATCH method does not work with ProxyServlet + + 433483 sync log initialize + + 433692 improved buffer resizing + + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly + + 434027 ReadListener.onError() not invoked in case of read failures + jetty-8.1.15.v20140411 - 11 April 2014 + 397167 Remote Access documentation is wrong + 419799 complete after exceptions thrown from async error pages @@ -5426,30 +5506,6 @@ jetty-9.2.0.M0 - 09 April 2014 + 432145 Pending request is not failed when HttpClient is stopped + 432270 Slow requests with response content delimited by EOF fail -jetty-9.1.5.v20140505 - 05 May 2014 - + 431459 Jetty WebSocket compression extensions fails to handle big messages - properly - + 431519 Fixed NetworkTrafficListener - + 432145 Pending request is not failed when HttpClient is stopped - + 432270 Slow requests with response content delimited by EOF fail - + 432473 web.xml declaration order of filters not preserved on calls to init() - + 432483 make osgi.serviceloader support for - javax.servlet.ServletContainerInitializer optional (cherry picked from - commit 31043d25708edbea9ef31948093f4eaf2247919b) - + 432528 IllegalStateException when using DeferredContentProvider - + 432777 Async Write Loses Data with HTTPS Server - + 432901 ensure a single onError callback only in pending and unready states - + 432993 Improve handling of ProxyTo and Prefix parameters in - ProxyServlet.Transparent. - + 433365 No such servlet: - __org.eclipse.jetty.servlet.JspPropertyGroupServlet__ (cherry picked from - commit e2ed934978b958d6fccb28a8a5d04768f7c0432d) - + 433370 PATCH method does not work with ProxyServlet - + 433483 sync log initialize - + 433692 improved buffer resizing - + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly - + 434027 ReadListener.onError() not invoked in case of read failures - jetty-9.1.4.v20140401 - 01 April 2014 + 414206 Rewrite rules re-encode requestURI + 414885 Don't expose JDT classes by default @@ -6103,64 +6159,133 @@ jetty-9.0.5.v20130815 - 15 August 2013 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network bytes + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411844 ArrayIndexOutOfBoundsException on wild URL + + 411844 ArrayIndexOutOfBoundsException on wild URL + + 411909 GzipFilter flushbuffer() results in erroneous finish() call + + 412234 fix bug where NetworkTrafficSelectChannelEndpoint counted bytes wrong + on incomplete writes + + 412318 HttpChannel fix multiple calls to _transport.completed() if handle() + is called multiple times while the channel is COMPLETED + + 412418 HttpTransportOverSPDY fix race condition while sending push streams + that could cause push data not to be sent. Fixes intermittent test issues in + ReferrerPushStrategyTest + + 412442 Avoid connection timeout after FIN-FIN close + + 412466 Improved search for unset JETTY_HOME + + 412608 EOF Chunk not sent on inputstream static content + + 412629 PropertyFileLoginModule doesn't cache user configuration file even + for refreshInterval=0 + + 412637 ShutdownMonitorThread already started + + 412712 HttpClient does not send the terminal chunk after partial writes + + 412713 add dumpOnStart configuration to jetty-maven-plugin + + 412750 HttpClient close expired connections fix + + 412814 HttpClient calling CompleteListener.onComplete() twice + + 412846 jetty Http Client Connection through Proxy is failing with Timeout + + 412938 Request.setCharacterEncoding now throws UnsupportedEncodingException + instead of UnsupportedCharsetException + + 413034 Multiple webapps redeploy returns NamingException with AppDynamics + javaagent + + 413066 accept lower case method: head + + 413108 HttpClient hardcodes dispatchIO=false when using SSL + + 413113 Inconsistent Request.getURI() when adding parameters via + Request.param(). + + 413154 ContextHandlerCollection defers virtual host handling to + ContextHandler + + 413155 HttpTransportOverSPDY remove constructor argument for version and get + version from stream.getSession instead + + 413371 Default JSON.Converters for List and Set + + 413372 JSON Enum uses name rather than toString() + + 413393 better logging of bad URLs in Resources + + 413486 SessionCookieConfig setters should throw IllegalStateException if + called after context started + + 413568 Made AJP worker name generic + + 413684 Trailing slash shows JSP source + + 413901 isAsyncStarted remains true while original request is dispatched + + 414085 Add jetty-continuations to plugin dependencies + + 414101 Do not escape special characters in cookies + + 414235 RequestLogHandler configured on a context fails to handle forwarded + requests + + 414393 StringIndexOutofBoundsException with > 8k multipart content without + CR or LF + + 414449 Added HttpParser strict mode for case sensitivity + + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking + for hidden dirnames + + 414625 final static version fields + + 414640 HTTP header value encoding + + 414652 WebSocket's sendMessage() may hang on congested connections + + 414727 Ensure asynchronously flushed resources are closed + + 414763 Added org.eclipse.jetty.util.log.stderr.ESCAPE option + + 414833 HttpSessionListener.destroy must be invoked in reverse order + + 414840 Request.login() throws NPE if username is null + + 414951 QueuedThreadPool fix constructor that missed to pass the idleTimeout + + 414972 HttpClient may read bytes with pre-tunnelled connection + +jetty-8.1.12.v20130726 - 26 July 2013 + + 396706 CGI support parameters + + 397193 MongoSessionManager refresh updates last access time + + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 + + 408529 Etags set in 304 response + + 408600 set correct jetty.url in all pom files + + 408642 setContentType from addHeader + + 408662 In pax-web servlet services requests even if init() has not finished + running + + 408806 getParameter returns null on Multipart request if called before + request.getPart()/getParts() + + 408909 GzipFilter setting of headers when reset and/or not compressed + + 409028 Jetty HttpClient does not work with proxy CONNECT method + + 409133 Empty causes StackOverflowError + + 409436 NPE on context restart using dynamic servlet registration + + 409449 Ensure servlets, filters and listeners added via dynamic + registration, annotations or descriptors are cleaned on context restarts + + 409556 FileInputStream not closed in DirectNIOBuffer + + 410405 Avoid NPE for requestDispatcher(../) + + 410630 MongoSessionManager conflicting session update op + + 410750 NoSQLSessions: implement session context data persistence across + server restarts + + 410893 async support defaults to false for spec created servlets and filters + + 411135 HttpClient may send proxied https requests to the proxy instead of + the target server. + + 411216 RequestLogHandler handles async completion + + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued + parameters 411459 MultiPartFilter.Wrapper getParameter should use charset + encoding of part + + 411755 MultiPartInputStreamParser fails on base64 encoded content + + 411909 GzipFilter flushbuffer() results in erroneous finish() call + + 412712 HttpClient does not send the terminal chunk after partial writes + + 412750 HttpClient close expired connections fix + + 413371 Default JSON.Converters for List and Set + + 413372 JSON Enum uses name rather than toString() + + 413684 Trailing slash shows JSP source + + 413812 Make RateTracker serializable + +jetty-7.6.12.v20130726 - 26 July 2013 + + 396706 CGI support parameters + + 397193 MongoSessionManager refresh updates last access time + + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 + + 408529 Etags set in 304 response + + 408600 set correct jetty.url in all pom files + + 408642 setContentType from addHeader + + 408662 In pax-web servlet services requests even if init() has not finished + running + + 408909 GzipFilter setting of headers when reset and/or not compressed + + 409028 Jetty HttpClient does not work with proxy CONNECT method + + 409133 Empty causes StackOverflowError + + 409556 FileInputStream not closed in DirectNIOBuffer + + 410630 MongoSessionManager conflicting session update op + + 410750 NoSQLSessions: implement session context data persistence across + server restarts + + 411135 HttpClient may send proxied https requests to the proxy instead of + the target server. + + 411216 RequestLogHandler handles async completion + + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued + parameters 411459 MultiPartFilter.Wrapper getParameter should use charset + encoding of part + + 411755 MultiPartInputStreamParser fails on base64 encoded content + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412234 fix bug where NetworkTrafficSelectChannelEndpoint counted bytes wrong - on incomplete writes - + 412318 HttpChannel fix multiple calls to _transport.completed() if handle() - is called multiple times while the channel is COMPLETED - + 412418 HttpTransportOverSPDY fix race condition while sending push streams - that could cause push data not to be sent. Fixes intermittent test issues in - ReferrerPushStrategyTest - + 412442 Avoid connection timeout after FIN-FIN close - + 412466 Improved search for unset JETTY_HOME - + 412608 EOF Chunk not sent on inputstream static content - + 412629 PropertyFileLoginModule doesn't cache user configuration file even - for refreshInterval=0 - + 412637 ShutdownMonitorThread already started + 412712 HttpClient does not send the terminal chunk after partial writes - + 412713 add dumpOnStart configuration to jetty-maven-plugin + 412750 HttpClient close expired connections fix - + 412814 HttpClient calling CompleteListener.onComplete() twice - + 412846 jetty Http Client Connection through Proxy is failing with Timeout - + 412938 Request.setCharacterEncoding now throws UnsupportedEncodingException - instead of UnsupportedCharsetException - + 413034 Multiple webapps redeploy returns NamingException with AppDynamics - javaagent - + 413066 accept lower case method: head - + 413108 HttpClient hardcodes dispatchIO=false when using SSL - + 413113 Inconsistent Request.getURI() when adding parameters via - Request.param(). - + 413154 ContextHandlerCollection defers virtual host handling to - ContextHandler - + 413155 HttpTransportOverSPDY remove constructor argument for version and get - version from stream.getSession instead + 413371 Default JSON.Converters for List and Set + 413372 JSON Enum uses name rather than toString() - + 413393 better logging of bad URLs in Resources - + 413486 SessionCookieConfig setters should throw IllegalStateException if - called after context started - + 413568 Made AJP worker name generic + 413684 Trailing slash shows JSP source - + 413901 isAsyncStarted remains true while original request is dispatched - + 414085 Add jetty-continuations to plugin dependencies - + 414101 Do not escape special characters in cookies - + 414235 RequestLogHandler configured on a context fails to handle forwarded - requests - + 414393 StringIndexOutofBoundsException with > 8k multipart content without - CR or LF - + 414449 Added HttpParser strict mode for case sensitivity - + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking - for hidden dirnames - + 414625 final static version fields - + 414640 HTTP header value encoding - + 414652 WebSocket's sendMessage() may hang on congested connections - + 414727 Ensure asynchronously flushed resources are closed - + 414763 Added org.eclipse.jetty.util.log.stderr.ESCAPE option - + 414833 HttpSessionListener.destroy must be invoked in reverse order - + 414840 Request.login() throws NPE if username is null - + 414951 QueuedThreadPool fix constructor that missed to pass the idleTimeout - + 414972 HttpClient may read bytes with pre-tunnelled connection + + 413812 Make RateTracker serializable jetty-9.0.4.v20130625 - 25 June 2013 + 396706 CGI support parameters @@ -6296,6 +6421,59 @@ jetty-9.0.4.v20130625 - 25 June 2013 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network bytes +jetty-8.1.11.v20130520 - 20 May 2013 + + 402844 STOP.PORT & STOP.KEY behaviour has changed + + 403281 jetty.sh waits for started or failure before returning + + 403513 jetty:run goal cannot be executed twice during the maven build + + 403570 Asynchronous Request Logging + + 404010 fix cast exception in mongodb session manager + + 404128 Add Vary headers rather than set them + + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if + listFiles() returns null + + 404325 data constraint redirection does send default port + + 404517 Close connection if request received after half close + + 404789 Support IPv6 addresses in DoSFilter white list + + 404958 Fixed Resource.newSystemResource striped / handling + + 405281 allow filemappedbuffers to not be used + + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + + 406437 Digest Auth supports out of order nc + + 406618 Jetty startup in OSGi Equinox fails when using option + jetty.home.bundle=org.eclipse.jetty.osgi.boot + + 406923 CR line termination + + 407136 @PreDestroy called after Servlet.destroy() + + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + + 407931 Add toggle for failing on servlet availability + + 407976 JDBCSessionIdManager potentially leaves server in bad state after + startup + + 408077 HashSessionManager leaves file handles open after being stopped + + 408446 Multipart parsing issue with boundry and charset in ContentType + header + +jetty-7.6.11.v20130520 - 20 May 2013 + + 402844 STOP.PORT & STOP.KEY behaviour has changed + + 403281 jetty.sh waits for started or failure before returning + + 403513 jetty:run goal cannot be executed twice during the maven build + + 403570 Asynchronous Request Logging + + 404010 fix cast exception in mongodb session manager + + 404128 Add Vary headers rather than set them + + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if + listFiles() returns null + + 404325 data constraint redirection does send default port + + 404517 Close connection if request received after half close + + 404789 Support IPv6 addresses in DoSFilter white list + + 404958 Fixed Resource.newSystemResource striped / handling + + 405281 allow filemappedbuffers to not be used + + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + + 406437 Digest Auth supports out of order nc + + 406923 CR line termination + + 407136 @PreDestroy called after Servlet.destroy() + + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + + 407976 JDBCSessionIdManager potentially leaves server in bad state after + startup + + 408077 HashSessionManager leaves file handles open after being stopped + + 408446 Multipart parsing issue with boundry and charset in ContentType + header + jetty-9.0.3.v20130506 - 06 May 2013 + 404010 fix cast exception in mongodb session manager + 404911 WebSocketCloseTest fails spuriously @@ -6386,178 +6564,40 @@ jetty-9.0.1.v20130408 - 08 April 2013 + 403360 Named connectors + 403370 move frameBytes.fail() call in StandardSession.flush() outside the synchronized block to avoid deadlock - + 403373 WebSocket change timeout log level from warn -> info - + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on - write and Timeout - + 403451 Review synchronization in SslConnection - + 403510 HttpSession maxInactiveInterval is not serialized in HashSession - + 403513 jetty:run goal cannot be executed twice during the maven build - + 403570 Asynchronous Request Logging - + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector - and async request log - + 403817 Use of WebSocket Session.close() results in invalid status code - + 404029 port jetty-monitor to jetty-9 and activate it - + 404036 JDBCSessionIdManager.doStart() method should not call - cleanExpiredSessions() because Listeners can't be notified - + 404067 If cannot connect to db fail startup of JDBCSessionIdManager - + 404128 Add Vary headers rather than set them - + 404176 Jetty's AnnotationConfiguration class does not scan non-jar resources - on the container classpath - + 404204 Exception from inputstream cause hang or timeout - + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if - listFiles() returns null - + 404323 Improved parameterization of https and SPDY - + 404325 data constraint redirection does send default port - + 404326 set status when Request.setHandled(true) is called - + 404511 Replaced all StringMap usage with Tries - + 404517 Close connection if request received after half close - + 404610 Reintroduce ability to disallow TLS renegotiation - + 404757 SPDY can only be built with the latest JDK version - + 404789 Support IPv6 addresses in DoSFilter white list - + 404881 Allow regexs for SslContextFactory.setIncludeCipherSuites() and - .setExcludeCipherSuites() - + 404889 SelectorManager accepts attachments with sockets - + 404906 servlets with load-on-startup = 0 are not fired up on jetty 9 startup - + 404958 Fixed Resource.newSystemResource striped / handling - + 405044 Query parameters lost for non GET or POST - -jetty-9.0.0.v20130308 - 08 March 2013 - + 399070 add updated version of npn-boot jar to start.ini - + 399799 do not hold lock while calling invalidation listeners - + 399967 Destroyables destroyed on undeploy and shutdown hook - + 400312 ServletContextListener.contextInitialized() is not called when added - in ServletContainerInitializer.onStartup - + 401495 removed unused getOutputStream - + 401531 StringIndexOutOfBoundsException for "/*" of - fix for multiple mappings to *.jsp - + 401641 Fixed MBean setter for String[] - + 401642 Less verbose INFOs - + 401643 Improved Authentication exception messages and provided quiet servlet - exception - + 401644 Dump does not login user already logged in - + 401651 Abort request if maxRequestsQueuedPerDestination is reached - + 401777 InputStreamResponseListener CJK byte (>=128) cause EOF - + 401904 fixed getRemoteAddr to return IP instead of hostname - + 401908 Enhance DosFilter to allow dynamic configuration of attributes - + 401966 Ensure OSGI WebApp as Service (WebAppContext) can be deployed only - through ServiceWebAppProvider - + 402008 Websocket blocking write hangs when remote client dies (or is killed) - without going thru Close handshake - + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty - server is stopped - + 402075 Massive old gen growth when hit by lots of non persistent - connections. - + 402090 httpsender PendingState cause uncertain data send to server - + 402106 fixed URI resize in HttpParser - + 402148 Update Javadoc for WebSocketServlet for new API - + 402154 WebSocket / Session.setIdleTimeout(ms) should support in-place idle - timeout changes - + 402185 updated javascript mime-type - + 402277 spdy proxy: fix race condition in nested push streams initiated by - upstream server. Fix several other small proxy issues - + 402316 HttpReceiver and null pointer exception - + 402341 Host with default port causes redirects loop - + 402726 WebAppContext references old WebSocket packages in system and server - classes - + 402757 WebSocket client module can't be used with WebSocket server module in - the same WAR - -jetty-8.1.12.v20130726 - 26 July 2013 - + 396706 CGI support parameters - + 397193 MongoSessionManager refresh updates last access time - + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 - + 408529 Etags set in 304 response - + 408600 set correct jetty.url in all pom files - + 408642 setContentType from addHeader - + 408662 In pax-web servlet services requests even if init() has not finished - running - + 408806 getParameter returns null on Multipart request if called before - request.getPart()/getParts() - + 408909 GzipFilter setting of headers when reset and/or not compressed - + 409028 Jetty HttpClient does not work with proxy CONNECT method - + 409133 Empty causes StackOverflowError - + 409436 NPE on context restart using dynamic servlet registration - + 409449 Ensure servlets, filters and listeners added via dynamic - registration, annotations or descriptors are cleaned on context restarts - + 409556 FileInputStream not closed in DirectNIOBuffer - + 410405 Avoid NPE for requestDispatcher(../) - + 410630 MongoSessionManager conflicting session update op - + 410750 NoSQLSessions: implement session context data persistence across - server restarts - + 410893 async support defaults to false for spec created servlets and filters - + 411135 HttpClient may send proxied https requests to the proxy instead of - the target server. - + 411216 RequestLogHandler handles async completion - + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued - parameters 411459 MultiPartFilter.Wrapper getParameter should use charset - encoding of part - + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412712 HttpClient does not send the terminal chunk after partial writes - + 412750 HttpClient close expired connections fix - + 413371 Default JSON.Converters for List and Set - + 413372 JSON Enum uses name rather than toString() - + 413684 Trailing slash shows JSP source - + 413812 Make RateTracker serializable - -jetty-7.6.12.v20130726 - 26 July 2013 - + 396706 CGI support parameters - + 397193 MongoSessionManager refresh updates last access time - + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7 - + 408529 Etags set in 304 response - + 408600 set correct jetty.url in all pom files - + 408642 setContentType from addHeader - + 408662 In pax-web servlet services requests even if init() has not finished - running - + 408909 GzipFilter setting of headers when reset and/or not compressed - + 409028 Jetty HttpClient does not work with proxy CONNECT method - + 409133 Empty causes StackOverflowError - + 409556 FileInputStream not closed in DirectNIOBuffer - + 410630 MongoSessionManager conflicting session update op - + 410750 NoSQLSessions: implement session context data persistence across - server restarts - + 411135 HttpClient may send proxied https requests to the proxy instead of - the target server. - + 411216 RequestLogHandler handles async completion - + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued - parameters 411459 MultiPartFilter.Wrapper getParameter should use charset - encoding of part - + 411755 MultiPartInputStreamParser fails on base64 encoded content - + 411909 GzipFilter flushbuffer() results in erroneous finish() call - + 412712 HttpClient does not send the terminal chunk after partial writes - + 412750 HttpClient close expired connections fix - + 413371 Default JSON.Converters for List and Set - + 413372 JSON Enum uses name rather than toString() - + 413684 Trailing slash shows JSP source - + 413812 Make RateTracker serializable - -jetty-8.1.11.v20130520 - 20 May 2013 - + 402844 STOP.PORT & STOP.KEY behaviour has changed - + 403281 jetty.sh waits for started or failure before returning + + 403373 WebSocket change timeout log level from warn -> info + + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on + write and Timeout + + 403451 Review synchronization in SslConnection + + 403510 HttpSession maxInactiveInterval is not serialized in HashSession + 403513 jetty:run goal cannot be executed twice during the maven build + 403570 Asynchronous Request Logging - + 404010 fix cast exception in mongodb session manager + + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector + and async request log + + 403817 Use of WebSocket Session.close() results in invalid status code + + 404029 port jetty-monitor to jetty-9 and activate it + + 404036 JDBCSessionIdManager.doStart() method should not call + cleanExpiredSessions() because Listeners can't be notified + + 404067 If cannot connect to db fail startup of JDBCSessionIdManager + 404128 Add Vary headers rather than set them + + 404176 Jetty's AnnotationConfiguration class does not scan non-jar resources + on the container classpath + + 404204 Exception from inputstream cause hang or timeout + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if listFiles() returns null + + 404323 Improved parameterization of https and SPDY + 404325 data constraint redirection does send default port + + 404326 set status when Request.setHandled(true) is called + + 404511 Replaced all StringMap usage with Tries + 404517 Close connection if request received after half close + + 404610 Reintroduce ability to disallow TLS renegotiation + + 404757 SPDY can only be built with the latest JDK version + 404789 Support IPv6 addresses in DoSFilter white list + + 404881 Allow regexs for SslContextFactory.setIncludeCipherSuites() and + .setExcludeCipherSuites() + + 404889 SelectorManager accepts attachments with sockets + + 404906 servlets with load-on-startup = 0 are not fired up on jetty 9 startup + 404958 Fixed Resource.newSystemResource striped / handling - + 405281 allow filemappedbuffers to not be used - + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest - + 406437 Digest Auth supports out of order nc - + 406618 Jetty startup in OSGi Equinox fails when using option - jetty.home.bundle=org.eclipse.jetty.osgi.boot - + 406923 CR line termination - + 407136 @PreDestroy called after Servlet.destroy() - + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager - + 407931 Add toggle for failing on servlet availability - + 407976 JDBCSessionIdManager potentially leaves server in bad state after - startup - + 408077 HashSessionManager leaves file handles open after being stopped - + 408446 Multipart parsing issue with boundry and charset in ContentType - header + + 405044 Query parameters lost for non GET or POST jetty-8.1.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on @@ -6595,31 +6635,6 @@ jetty-8.1.10.v20130312 - 12 March 2013 + 402833 Test harness for global error page and hide exception message from reason string -jetty-7.6.11.v20130520 - 20 May 2013 - + 402844 STOP.PORT & STOP.KEY behaviour has changed - + 403281 jetty.sh waits for started or failure before returning - + 403513 jetty:run goal cannot be executed twice during the maven build - + 403570 Asynchronous Request Logging - + 404010 fix cast exception in mongodb session manager - + 404128 Add Vary headers rather than set them - + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if - listFiles() returns null - + 404325 data constraint redirection does send default port - + 404517 Close connection if request received after half close - + 404789 Support IPv6 addresses in DoSFilter white list - + 404958 Fixed Resource.newSystemResource striped / handling - + 405281 allow filemappedbuffers to not be used - + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest - + 406437 Digest Auth supports out of order nc - + 406923 CR line termination - + 407136 @PreDestroy called after Servlet.destroy() - + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager - + 407976 JDBCSessionIdManager potentially leaves server in bad state after - startup - + 408077 HashSessionManager leaves file handles open after being stopped - + 408446 Multipart parsing issue with boundry and charset in ContentType - header - jetty-7.6.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on https://api-3t.paypal.com/nvp. @@ -6652,6 +6667,47 @@ jetty-7.6.10.v20130312 - 12 March 2013 + 402833 Test harness for global error page and hide exception message from reason string +jetty-9.0.0.v20130308 - 08 March 2013 + + 399070 add updated version of npn-boot jar to start.ini + + 399799 do not hold lock while calling invalidation listeners + + 399967 Destroyables destroyed on undeploy and shutdown hook + + 400312 ServletContextListener.contextInitialized() is not called when added + in ServletContainerInitializer.onStartup + + 401495 removed unused getOutputStream + + 401531 StringIndexOutOfBoundsException for "/*" of + fix for multiple mappings to *.jsp + + 401641 Fixed MBean setter for String[] + + 401642 Less verbose INFOs + + 401643 Improved Authentication exception messages and provided quiet servlet + exception + + 401644 Dump does not login user already logged in + + 401651 Abort request if maxRequestsQueuedPerDestination is reached + + 401777 InputStreamResponseListener CJK byte (>=128) cause EOF + + 401904 fixed getRemoteAddr to return IP instead of hostname + + 401908 Enhance DosFilter to allow dynamic configuration of attributes + + 401966 Ensure OSGI WebApp as Service (WebAppContext) can be deployed only + through ServiceWebAppProvider + + 402008 Websocket blocking write hangs when remote client dies (or is killed) + without going thru Close handshake + + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty + server is stopped + + 402075 Massive old gen growth when hit by lots of non persistent + connections. + + 402090 httpsender PendingState cause uncertain data send to server + + 402106 fixed URI resize in HttpParser + + 402148 Update Javadoc for WebSocketServlet for new API + + 402154 WebSocket / Session.setIdleTimeout(ms) should support in-place idle + timeout changes + + 402185 updated javascript mime-type + + 402277 spdy proxy: fix race condition in nested push streams initiated by + upstream server. Fix several other small proxy issues + + 402316 HttpReceiver and null pointer exception + + 402341 Host with default port causes redirects loop + + 402726 WebAppContext references old WebSocket packages in system and server + classes + + 402757 WebSocket client module can't be used with WebSocket server module in + the same WAR + jetty-9.0.0.RC2 - 24 February 2013 + Fix etc/jetty.xml TimerScheduler typo that is preventing normal startup + Fix etc/jetty-https.xml ExcludeCipherSuites typo that prevents SSL startup @@ -6688,167 +6744,71 @@ jetty-9.0.0.RC1 - 22 February 2013 + 400738 ResourceHandler doesn't support range requests + 400848 Redirect fails with non-encoded location URIs + 400849 Conversation hangs if non-first request fails when queued - + 400859 limit max size of writes from cached content - + 400864 Added LowResourcesMonitor - + 401177 Make org.eclipse.jetty.websocket.api.WebSocketAdapter threadsafe - + 401183 Handle push streams in new method StreamFrameListener.onPush() - instead of SessionFrameListener.syn() - + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib - + 401317 Make Safari 5.x websocket support minVersion level error more clear - + 401382 Prevent parseAvailable from parsing next chunk when previous has not - been consumed. Handle no content-type in chunked request. - + 401414 Hostname verification fails - + 401427 WebSocket messages sent from onConnect fail to be read by jetty - websocket-client - + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser - + 401485 zip file closed exception - -jetty-9.0.0.RC0 - 01 February 2013 - + 362226 HttpConnection "wait" call causes thread resource exhaustion - + 370384 jetty-aggregate not used in jetty-distribution - + 381351 defaults for keymanager and trustmanager come from their factories - and not hardcoded - + 381521 Only set Vary header when content could be compressed - + 381689 Allow jetty-runner to specify listen host along with listen port - + 382237 support non java JSON classes - + 385306 added getURI method - + 391248 fixing localhost checking in statistics servlet - + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet - + 391345 fix missing br tag in statistics servlet - + 393933 remove deprecated classes/methods and consolidate some static methods - to SslContextFactory - + 393968 fix typo in javadoc - + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp - + 395232 UpgradeRequest object passed to createWebSocket() has null Session - + 395444 Disabling Websocket Compress Extensions (not working with Chrome / - deflate problem) - + 396428 Test for WebSocket masking on client fragments per RFC 6455 Sec 5.1 - + 396574 add JETTY_HOME as a location for pid to be found - + 396606 make spdy proxy capable of receiving SPDY and talk HTTP to the - upstream server - + 397168 backed of test timing - + 397769 TimerScheduler does not relinquish cancelled tasks - + 398872 SslConnection should not be notified of idle timeouts. First - solution. Merge branch 'ssl_idle_timeout_ignored'. - + 399132 check parent dir of session store against file to be removed - + 399173 UpgradeRequest.getParameterMap() should never return null - + 399242 Reduce/eliminate false sharing in BlockingArrayQueue - + 399319 Request.getURI() may return negative ports - + 399324 HttpClient does not handle correctly UnresolvedAddressException - + 399343 OnWebSocketConnect should use api.Session parameter instead - + 399344 Add missing @OnWebSocketError annotation - + 399397 websocket-client needs better upgrade failure checks - + 399421 Add websocket.api.Session.disconnect() for harsh low level connection - disconnect - + 399515 Websocket-client connect issues should report to websocket onError - handlers - + 399516 Websocket UpgradeException should contain HTTP Request/Response - information - + 399566 Running org.eclipse.jetty.server.session.MaxInactiveMigrationTest - produces stack trace - + 399568 OSGi tests can't find websocket classes - + 399576 Server dumpStdErr throws exception if server is stopping - + 399669 Remove WebSocketConnection in favor of websocket.api.Session - + 399689 Websocket RFC6455 extension handshake fails if server doesn't have - extension - + 399703 made encoding error handling consistent - + 399721 Change to - -jetty-9.0.0.M5 - 19 January 2013 - + 367638 throw exception for excess form keys - + 381521 Only set Vary header when content could be compressed - + 391623 Making --stop with STOP.WAIT perform graceful shutdown - + 393158 java.lang.IllegalStateException when sending an empty InputStream - + 393220 remove dead code from ServletHandler and log ServletExceptions in - warn instead of debug - + 393733 WebSocketClient interface should support multiple connections - + 395885 ResourceCache should honor useFileMappedBuffer if set - + 396253 FilterRegistration wrong order - + 396459 Log specific message for empty request body for multipart mime - requests - + 396500 HttpClient Exchange takes forever to complete when less content sent - than Content-Length - + 396886 MultiPartFilter strips bad escaping on filename="..." - + 397110 Accept %uXXXX encodings in URIs - + 397111 Tolerate empty or excessive whitespace preceeding MultiParts - + 397112 Requests with byte-range throws NPE if requested file has no mimetype - (eg no file extension) - + 397114 run-forked with waitForChild=false can lock up - + 397130 maxFormContentSize set in jetty.xml is ignored - + 397190 improve ValidUrlRule to iterate on codepoints - + 397321 Wrong condition in default start.config for annotations - + 397535 Support pluggable alias checking to support symbolic links - + 397769 TimerScheduler does not relinquish cancelled tasks - + 398105 Clean up WebSocketPolicy - + 398285 ProxyServlet mixes cookies from different clients - + 398337 UTF-16 percent encoding in UTF-16 form content - + 398582 Move lib/jta jar into lib/jndi - + JETTY-1533 handle URL with no path - -jetty-9.0.0.M4 - 21 December 2012 - + 392417 Prevent Cookie parsing interpreting unicode chars - + 393220 remove dead code from ServletHandler and log ServletExceptions in - warn instead of debug - + 393770 Error in ContextHandler.setEventListeners(EventListener[]) - + 394210 spdy api rename stream.syn() to stream.push() - + 394211 spdy: Expose RemoteServerAddress and LocalServerAddress in - StandardSession - + 394294 Start web-bundles started before jetty - + 394370 Add integration test for client resetting SPDY push SYN's - + 394514 Preserve URI parameters in sendRedirect - + 394552 HEAD requests don't work for jetty-client - + 394719 remove regex from classpath matching - + 394829 Session can not be restored after SessionManager.setIdleSavePeriod - has saved the session - + 394839 Allow multipart mime with no boundary - + 394854 optimised promise implementation - + 394870 Make enablement of remote access to test webapp configurable in - override-web.xml - + 395168 fix unavailable attributes when return type has annotation on super - class - + 395215 Multipart mime with just LF and no CRLF: add test for legacy filter - + 395220 New InputStream extension to allow a mix of EOL styles between - headers and content - + 395312 log.warn if a SPDY stream gets committed twice - + 395313 HttpTransportOverSPDY.send() does not rethrow exceptions, but call - Callback.failed() only - + 395314 Add missing flush() call after StandardSession.complete() has been - called. Some test cleanup. - + 395344 Move JSR-356 (Java WebSocket API) work off to Jetty 9.1.x - + 395380 add ValidUrlRule to jetty-rewrite - + 395394 allow logging from boot classloader - + 395574 port jetty-runner and StatisticsServlet to jetty-9 - + 395605 class cast exception in XMLConfiguration fixed - + 395649 add jetty-setuid back into jetty 9 and distribution - + 395794 slightly modified fix for empty file extenstion to mime type mapping - Added a default, so it will also work with unknown file extensions - + 396036 SPDY send controlFrames even if Stream is reset to avoid breaking the - compression context - + 396193 spdy remove timeout parameters from api and move them to the Info* - classes - + 396459 Log specific message for empty request body for multipart mime - requests - + 396460 Make ServerConnector configurable with jetty-maven-plugin - + 396472 org.eclipse.jetty.websocket needs to be removed from serverclasses as - it should only be a systemclass - + 396473 JettyWebXMlConfiguration does not reset serverclasses - + 396474 add websocket server classes to jetty-maven-plugin classpath - + 396475 Remove unneeded websocket-server dependency from test-jetty-webapp - + 396518 Websocket AB Tests should test for which side disconnected and - closed.wasClean - + 396687 missing jetty-io dependency in jetty-servlets - + JETTY-796 jetty ant plugin improvements + + 400859 limit max size of writes from cached content + + 400864 Added LowResourcesMonitor + + 401177 Make org.eclipse.jetty.websocket.api.WebSocketAdapter threadsafe + + 401183 Handle push streams in new method StreamFrameListener.onPush() + instead of SessionFrameListener.syn() + + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib + + 401317 Make Safari 5.x websocket support minVersion level error more clear + + 401382 Prevent parseAvailable from parsing next chunk when previous has not + been consumed. Handle no content-type in chunked request. + + 401414 Hostname verification fails + + 401427 WebSocket messages sent from onConnect fail to be read by jetty + websocket-client + + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser + + 401485 zip file closed exception -jetty-9.0.0.M3 - 20 November 2012 - + 391623 Add option to --stop to wait for target jetty to stop - + 392237 Port test-integration to jetty-9 - + 392492 expect headers only examined for requests>=HTTP/1.1 - + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2 - + 393075 1xx, 204, 304 responses ignore headers that suggest content - + 393832 start connectors last - + 393947 additional tests - + 394143 add jetty-all aggregate via release profile - + 394144 add jetty-jaspi +jetty-9.0.0.RC0 - 01 February 2013 + + 362226 HttpConnection "wait" call causes thread resource exhaustion + + 370384 jetty-aggregate not used in jetty-distribution + + 381351 defaults for keymanager and trustmanager come from their factories + and not hardcoded + + 381521 Only set Vary header when content could be compressed + + 381689 Allow jetty-runner to specify listen host along with listen port + + 382237 support non java JSON classes + + 385306 added getURI method + + 391248 fixing localhost checking in statistics servlet + + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet + + 391345 fix missing br tag in statistics servlet + + 393933 remove deprecated classes/methods and consolidate some static methods + to SslContextFactory + + 393968 fix typo in javadoc + + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp + + 395232 UpgradeRequest object passed to createWebSocket() has null Session + + 395444 Disabling Websocket Compress Extensions (not working with Chrome / + deflate problem) + + 396428 Test for WebSocket masking on client fragments per RFC 6455 Sec 5.1 + + 396574 add JETTY_HOME as a location for pid to be found + + 396606 make spdy proxy capable of receiving SPDY and talk HTTP to the + upstream server + + 397168 backed of test timing + + 397769 TimerScheduler does not relinquish cancelled tasks + + 398872 SslConnection should not be notified of idle timeouts. First + solution. Merge branch 'ssl_idle_timeout_ignored'. + + 399132 check parent dir of session store against file to be removed + + 399173 UpgradeRequest.getParameterMap() should never return null + + 399242 Reduce/eliminate false sharing in BlockingArrayQueue + + 399319 Request.getURI() may return negative ports + + 399324 HttpClient does not handle correctly UnresolvedAddressException + + 399343 OnWebSocketConnect should use api.Session parameter instead + + 399344 Add missing @OnWebSocketError annotation + + 399397 websocket-client needs better upgrade failure checks + + 399421 Add websocket.api.Session.disconnect() for harsh low level connection + disconnect + + 399515 Websocket-client connect issues should report to websocket onError + handlers + + 399516 Websocket UpgradeException should contain HTTP Request/Response + information + + 399566 Running org.eclipse.jetty.server.session.MaxInactiveMigrationTest + produces stack trace + + 399568 OSGi tests can't find websocket classes + + 399576 Server dumpStdErr throws exception if server is stopping + + 399669 Remove WebSocketConnection in favor of websocket.api.Session + + 399689 Websocket RFC6455 extension handshake fails if server doesn't have + extension + + 399703 made encoding error handling consistent + + 399721 Change to jetty-8.1.9.v20130131 - 31 January 2013 + 362226 HttpConnection "wait" call causes thread resource exhaustion @@ -6955,6 +6915,102 @@ jetty-7.6.9.v20130131 - 31 January 2013 + JETTY-846 Support maven-war-plugin configuration for jetty-maven-plugin; fix NPE +jetty-9.0.0.M5 - 19 January 2013 + + 367638 throw exception for excess form keys + + 381521 Only set Vary header when content could be compressed + + 391623 Making --stop with STOP.WAIT perform graceful shutdown + + 393158 java.lang.IllegalStateException when sending an empty InputStream + + 393220 remove dead code from ServletHandler and log ServletExceptions in + warn instead of debug + + 393733 WebSocketClient interface should support multiple connections + + 395885 ResourceCache should honor useFileMappedBuffer if set + + 396253 FilterRegistration wrong order + + 396459 Log specific message for empty request body for multipart mime + requests + + 396500 HttpClient Exchange takes forever to complete when less content sent + than Content-Length + + 396886 MultiPartFilter strips bad escaping on filename="..." + + 397110 Accept %uXXXX encodings in URIs + + 397111 Tolerate empty or excessive whitespace preceeding MultiParts + + 397112 Requests with byte-range throws NPE if requested file has no mimetype + (eg no file extension) + + 397114 run-forked with waitForChild=false can lock up + + 397130 maxFormContentSize set in jetty.xml is ignored + + 397190 improve ValidUrlRule to iterate on codepoints + + 397321 Wrong condition in default start.config for annotations + + 397535 Support pluggable alias checking to support symbolic links + + 397769 TimerScheduler does not relinquish cancelled tasks + + 398105 Clean up WebSocketPolicy + + 398285 ProxyServlet mixes cookies from different clients + + 398337 UTF-16 percent encoding in UTF-16 form content + + 398582 Move lib/jta jar into lib/jndi + + JETTY-1533 handle URL with no path + +jetty-9.0.0.M4 - 21 December 2012 + + 392417 Prevent Cookie parsing interpreting unicode chars + + 393220 remove dead code from ServletHandler and log ServletExceptions in + warn instead of debug + + 393770 Error in ContextHandler.setEventListeners(EventListener[]) + + 394210 spdy api rename stream.syn() to stream.push() + + 394211 spdy: Expose RemoteServerAddress and LocalServerAddress in + StandardSession + + 394294 Start web-bundles started before jetty + + 394370 Add integration test for client resetting SPDY push SYN's + + 394514 Preserve URI parameters in sendRedirect + + 394552 HEAD requests don't work for jetty-client + + 394719 remove regex from classpath matching + + 394829 Session can not be restored after SessionManager.setIdleSavePeriod + has saved the session + + 394839 Allow multipart mime with no boundary + + 394854 optimised promise implementation + + 394870 Make enablement of remote access to test webapp configurable in + override-web.xml + + 395168 fix unavailable attributes when return type has annotation on super + class + + 395215 Multipart mime with just LF and no CRLF: add test for legacy filter + + 395220 New InputStream extension to allow a mix of EOL styles between + headers and content + + 395312 log.warn if a SPDY stream gets committed twice + + 395313 HttpTransportOverSPDY.send() does not rethrow exceptions, but call + Callback.failed() only + + 395314 Add missing flush() call after StandardSession.complete() has been + called. Some test cleanup. + + 395344 Move JSR-356 (Java WebSocket API) work off to Jetty 9.1.x + + 395380 add ValidUrlRule to jetty-rewrite + + 395394 allow logging from boot classloader + + 395574 port jetty-runner and StatisticsServlet to jetty-9 + + 395605 class cast exception in XMLConfiguration fixed + + 395649 add jetty-setuid back into jetty 9 and distribution + + 395794 slightly modified fix for empty file extenstion to mime type mapping + Added a default, so it will also work with unknown file extensions + + 396036 SPDY send controlFrames even if Stream is reset to avoid breaking the + compression context + + 396193 spdy remove timeout parameters from api and move them to the Info* + classes + + 396459 Log specific message for empty request body for multipart mime + requests + + 396460 Make ServerConnector configurable with jetty-maven-plugin + + 396472 org.eclipse.jetty.websocket needs to be removed from serverclasses as + it should only be a systemclass + + 396473 JettyWebXMlConfiguration does not reset serverclasses + + 396474 add websocket server classes to jetty-maven-plugin classpath + + 396475 Remove unneeded websocket-server dependency from test-jetty-webapp + + 396518 Websocket AB Tests should test for which side disconnected and + closed.wasClean + + 396687 missing jetty-io dependency in jetty-servlets + + JETTY-796 jetty ant plugin improvements + +jetty-9.0.0.M3 - 20 November 2012 + + 391623 Add option to --stop to wait for target jetty to stop + + 392237 Port test-integration to jetty-9 + + 392492 expect headers only examined for requests>=HTTP/1.1 + + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2 + + 393075 1xx, 204, 304 responses ignore headers that suggest content + + 393832 start connectors last + + 393947 additional tests + + 394143 add jetty-all aggregate via release profile + + 394144 add jetty-jaspi + jetty-9.0.0.M2 - 06 November 2012 + 371170 MongoSessionManager LastAccessTimeTest fails + 391877 org.eclipse.jetty.webapp.FragmentDescriptor incorrectly reporting @@ -7197,7 +7253,7 @@ jetty-7.6.6.v20120903 - 03 September 2012 + 385925 make SslContextFactory.setProtocols and SslContextFactory.setCipherSuites preserve the order of the given parameters -jetty-8.1.5.v20120716 - 16 June 2012 +jetty-7.6.5.v20120716 - 16 July 2012 + 376717 Balancer Servlet with round robin support, contribution, added missing license + 379250 Server is added to shutdown hook twice @@ -7215,20 +7271,15 @@ jetty-8.1.5.v20120716 - 16 June 2012 + 383251 500 for SocketExceptions + 383881 WebSocketHandler sets request as handled + 384254 revert change to writable when not dispatched - + 384280 Implement preliminary ServletRegistrations + 384847 CrossOriginFilter is not working + 384896 JDBCSessionManager fails to load existing sessions on oracle when contextPath is / + 384980 Jetty client unable to recover from Time outs when connection count per address hits max. - + 385138 add getter for session path and max cookie age that seemed to - disappear in a merge long ago - + JETTY-1523 It is imposible to map servlet to "/" using - WebApplicationInitializer + JETTY-1525 Show handle status in response debug message + JETTY-1530 refine search control on ldap login module -jetty-7.6.5.v20120716 - 16 July 2012 +jetty-8.1.5.v20120716 - 16 June 2012 + 376717 Balancer Servlet with round robin support, contribution, added missing license + 379250 Server is added to shutdown hook twice @@ -7246,11 +7297,16 @@ jetty-7.6.5.v20120716 - 16 July 2012 + 383251 500 for SocketExceptions + 383881 WebSocketHandler sets request as handled + 384254 revert change to writable when not dispatched + + 384280 Implement preliminary ServletRegistrations + 384847 CrossOriginFilter is not working + 384896 JDBCSessionManager fails to load existing sessions on oracle when contextPath is / + 384980 Jetty client unable to recover from Time outs when connection count per address hits max. + + 385138 add getter for session path and max cookie age that seemed to + disappear in a merge long ago + + JETTY-1523 It is imposible to map servlet to "/" using + WebApplicationInitializer + JETTY-1525 Show handle status in response debug message + JETTY-1530 refine search control on ldap login module @@ -7507,6 +7563,22 @@ jetty-7.6.0.RC5 - 20 January 2012 + JETTY-1475 made output state fields volatile to provide memory barrier for non dispatched thread IO +jetty-7.6.0.RC5 - 20 January 2012 + + 359329 Prevent reinvocation of LoginModule.login with jaspi for already + authed user + + 368632 Remove superfluous removal of org.apache.catalina.jsp_file + + 368633 fixed configure.dtd resource mappings + + 368635 moved lifecycle state reporting from toString to dump + + 368773 process data constraints without realm + + 368787 always set token view to new header buffers in httpparser + + 368821 improved test harness + + 368920 JettyAwareLogger always formats the arguments + + 368948 POM for jetty-jndi references unknown version for javax.activation + + 368992 avoid non-blocking flush when writing to avoid setting !_writable + without _writeblocked + + JETTY-1475 made output state fields volatile to provide memory barrier for + non dispatched thread IO + jetty-8.1.0.RC4 - 13 January 2012 + 365048 jetty Http client does not send proxy authentication when requesting a Https-resource through a web-proxy. @@ -7551,12 +7623,71 @@ jetty-7.6.0.RC4 - 13 January 2012 + 368291 Change warning to info for NoSuchFieldException on BeanELResolver.properties +jetty-7.6.0.RC4 - 13 January 2012 + + 365048 jetty Http client does not send proxy authentication when requesting + a Https-resource through a web-proxy. + + 366774 removed XSS vulnerbility + + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum + + 367716 simplified idleTimeout logic + + 368035 WebSocketClientFactory does not invoke super.doStop() + + 368060 do not encode sendRedirect URLs + + 368114 Protect against non-Strings in System properties for Log + + 368189 WebSocketClientFactory should not manage external thread pool + + 368215 Remove debug from jaspi + + 368240 Improve AggregateLifeCycle handling of shared lifecycles + + 368291 Change warning to info for NoSuchFieldException on + BeanELResolver.properties + +jetty-7.6.0.RC3 - 05 January 2012 + + 367433 added tests to investigate + + 367435 improved D00 test harness + + 367485 HttpExchange canceled before response do not release connection + + 367502 WebSocket connections should be closed when application context is + stopped. + + 367591 corrected configuration.xml version to 7.6 + + 367635 Added support for start.d directory + + 367638 limit number of form parameters to avoid DOS + + JETTY-1467 close half closed when idle + +jetty-7.6.0.RC3 - 05 January 2012 + + 367433 added tests to investigate + + 367435 improved D00 test harness + + 367485 HttpExchange canceled before response do not release connection + + 367502 WebSocket connections should be closed when application context is + stopped. + + 367591 corrected configuration.xml version to 7.6 + + 367635 Added support for start.d directory + + 367638 limit number of form parameters to avoid DOS + + JETTY-1467 close half closed when idle + jetty-8.1.0.RC2 - 22 December 2011 + 359329 jetty-jaspi must exports its packages. jetty-plus must import javax.security + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to cope - + 364921 Made test less time sensitive + + 364921 Made test less time sensitive + + 364936 use Resource for opening URL streams + + 365267 NullPointerException in bad Address + + 365375 ResourceHandler should be a HandlerWrapper + + 365750 Support WebSocket over SSL, aka wss:// + + 365932 Produce jetty-websocket aggregate jar for android use + + 365947 Set headers for Auth failure and retry in http-spi + + 366316 Superfluous printStackTrace on 404 + + 366342 Dont persist DosFilter trackers in http session + + 366730 pass the time idle to onIdleExpire + + 367048 test harness for guard on suspended requests + + 367175 SSL 100% CPU spin in case of blocked write and RST + + 367219 WebSocketClient.open() fails when URI uses default ports + + 367383 jsp-config element must be returned for + ServletContext.getJspConfigDescriptor + + JETTY-1460 suppress PrintWriter exceptions + + JETTY-1463 websocket D0 parser should return progress even if no fill done + + JETTY-1465 NPE in ContextHandler.toString + +jetty-7.6.0.RC2 - 22 December 2011 + + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to + cope + + 364921 Made test less time sensitive for ssl + 364936 use Resource for opening URL streams + 365267 NullPointerException in bad Address + 365375 ResourceHandler should be a HandlerWrapper @@ -7569,23 +7700,10 @@ jetty-8.1.0.RC2 - 22 December 2011 + 367048 test harness for guard on suspended requests + 367175 SSL 100% CPU spin in case of blocked write and RST + 367219 WebSocketClient.open() fails when URI uses default ports - + 367383 jsp-config element must be returned for - ServletContext.getJspConfigDescriptor + JETTY-1460 suppress PrintWriter exceptions + JETTY-1463 websocket D0 parser should return progress even if no fill done + JETTY-1465 NPE in ContextHandler.toString -jetty-7.6.0.RC3 - 05 January 2012 - + 367433 added tests to investigate - + 367435 improved D00 test harness - + 367485 HttpExchange canceled before response do not release connection - + 367502 WebSocket connections should be closed when application context is - stopped. - + 367591 corrected configuration.xml version to 7.6 - + 367635 Added support for start.d directory - + 367638 limit number of form parameters to avoid DOS - + JETTY-1467 close half closed when idle - jetty-7.6.0.RC2 - 22 December 2011 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to cope @@ -7611,7 +7729,7 @@ jetty-8.1.0.RC1 - 06 December 2011 3.0 + 365370 ServletHandler can fall through to nested handler -jetty-8.1.0.RC0 - 30 November 2011 +jetty-7.6.0.RC1 - 04 December 2011 + 352565 cookie httponly flag ignored + 353285 ServletSecurity annotation ignored + 357163 jetty 8 ought to proxy jetty8 javadocs @@ -7623,70 +7741,9 @@ jetty-8.1.0.RC0 - 30 November 2011 + 363878 Add ecj compiler to jetty-8 for jsp + 364283 can't parse the servlet multipart-config for the web.xml + 364430 Support web.xml enabled state for servlets + + 365370 ServletHandler can fall through to nested handler -jetty-7.6.0.RC5 - 20 January 2012 - + 359329 Prevent reinvocation of LoginModule.login with jaspi for already - authed user - + 368632 Remove superfluous removal of org.apache.catalina.jsp_file - + 368633 fixed configure.dtd resource mappings - + 368635 moved lifecycle state reporting from toString to dump - + 368773 process data constraints without realm - + 368787 always set token view to new header buffers in httpparser - + 368821 improved test harness - + 368920 JettyAwareLogger always formats the arguments - + 368948 POM for jetty-jndi references unknown version for javax.activation - + 368992 avoid non-blocking flush when writing to avoid setting !_writable - without _writeblocked - + JETTY-1475 made output state fields volatile to provide memory barrier for - non dispatched thread IO - -jetty-7.6.0.RC4 - 13 January 2012 - + 365048 jetty Http client does not send proxy authentication when requesting - a Https-resource through a web-proxy. - + 366774 removed XSS vulnerbility - + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum - + 367716 simplified idleTimeout logic - + 368035 WebSocketClientFactory does not invoke super.doStop() - + 368060 do not encode sendRedirect URLs - + 368114 Protect against non-Strings in System properties for Log - + 368189 WebSocketClientFactory should not manage external thread pool - + 368215 Remove debug from jaspi - + 368240 Improve AggregateLifeCycle handling of shared lifecycles - + 368291 Change warning to info for NoSuchFieldException on - BeanELResolver.properties - -jetty-7.6.0.RC3 - 05 January 2012 - + 367433 added tests to investigate - + 367435 improved D00 test harness - + 367485 HttpExchange canceled before response do not release connection - + 367502 WebSocket connections should be closed when application context is - stopped. - + 367591 corrected configuration.xml version to 7.6 - + 367635 Added support for start.d directory - + 367638 limit number of form parameters to avoid DOS - + JETTY-1467 close half closed when idle - -jetty-7.6.0.RC2 - 22 December 2011 - + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to - cope - + 364921 Made test less time sensitive for ssl - + 364936 use Resource for opening URL streams - + 365267 NullPointerException in bad Address - + 365375 ResourceHandler should be a HandlerWrapper - + 365750 Support WebSocket over SSL, aka wss:// - + 365932 Produce jetty-websocket aggregate jar for android use - + 365947 Set headers for Auth failure and retry in http-spi - + 366316 Superfluous printStackTrace on 404 - + 366342 Dont persist DosFilter trackers in http session - + 366730 pass the time idle to onIdleExpire - + 367048 test harness for guard on suspended requests - + 367175 SSL 100% CPU spin in case of blocked write and RST - + 367219 WebSocketClient.open() fails when URI uses default ports - + JETTY-1460 suppress PrintWriter exceptions - + JETTY-1463 websocket D0 parser should return progress even if no fill done - + JETTY-1465 NPE in ContextHandler.toString - -jetty-7.6.0.RC1 - 04 December 2011 +jetty-8.1.0.RC0 - 30 November 2011 + 352565 cookie httponly flag ignored + 353285 ServletSecurity annotation ignored + 357163 jetty 8 ought to proxy jetty8 javadocs @@ -7698,7 +7755,6 @@ jetty-7.6.0.RC1 - 04 December 2011 + 363878 Add ecj compiler to jetty-8 for jsp + 364283 can't parse the servlet multipart-config for the web.xml + 364430 Support web.xml enabled state for servlets - + 365370 ServletHandler can fall through to nested handler jetty-7.6.0.RC0 - 29 November 2011 + 349110 fixed bypass chunk handling @@ -7765,6 +7821,10 @@ jetty-8.0.3.v20111011 - 11 October 2011 + 348978 migrate jetty-http-spi + 358649 StdErrLog system properties for package/class logging LEVEL +jetty-7.5.3.v20111011 - 11 October 2011 + + 348978 migrate jetty-http-spi + + 358649 StdErrLog system properties for package/class logging LEVEL + jetty-8.0.2.v20111006 - 06 October 2011 + 336443 add missing comma in DigestAuthenticator string + 342161 ScannerTest fails intermittently on Mac OS X @@ -7817,10 +7877,6 @@ jetty-8.0.2.v20111006 - 06 October 2011 + JETTY-1434 Add a jsp that exercises jstl + JETTY-1439 space in directory installation path causes classloader problem -jetty-7.5.3.v20111011 - 11 October 2011 - + 348978 migrate jetty-http-spi - + 358649 StdErrLog system properties for package/class logging LEVEL - jetty-7.5.2.v20111006 - 06 October 2011 + 336443 check nonce count is increasing + 342161 ScannerTest fails intermittently on Mac OS X @@ -7942,13 +7998,6 @@ jetty-8.0.0.RC0 - 16 August 2011 + Enable annotations by default + Merge from jetty-7.4.3 -jetty-8.0.0.M3 - 27 May 2011 - + 324505 Implement API login - + 335500 request.getParts() throws a NullPointerException - + 343472 isUserInRole does not prevent subsequent login call - + 346180 jsp-2.2 support - + Updated to jetty-7.4.2.v20110526 - jetty-7.5.0.RC0 - 15 August 2011 + 298502 Handle 200 Connect responses with no content-length + 347484 / - > ${/} in some paths in grant codebases @@ -8024,7 +8073,14 @@ jetty-7.4.3.v20110701 - 01 July 2011 HTttpExchange.setRequestContentSource(InputStream) + JETTY-1390 RewriteHandler handles encoded URIs -jetty-7.4.2.v20110526 +jetty-8.0.0.M3 - 27 May 2011 + + 324505 Implement API login + + 335500 request.getParts() throws a NullPointerException + + 343472 isUserInRole does not prevent subsequent login call + + 346180 jsp-2.2 support + + Updated to jetty-7.4.2.v20110526 + +jetty-7.4.2.v20110526 - 26 May 2011 + 334443 Improve the ability to specify extra class paths using the Jetty Maven Plugin + 336220 tmp directory is not set if you reload a webapp with @@ -8049,7 +8105,7 @@ jetty-7.4.2.v20110526 + JETTY-1146 Encode jsessionid in sendRedirect + JETTY-1342 Recreate selector if wakeup throws JVM bug -jetty-7.4.1.v20110513 +jetty-7.4.1.v20110513 - 13 May 2011 + 288563 remove unsupported and deprecated --secure option + 332907 Add context property to ObjectName of JMX MBeans + 336056 Ability to override the computation of the ContextHandler to deploy @@ -8085,13 +8141,13 @@ jetty-7.4.1.v20110513 + JETTY-1343 IllegalArgumentException for bad % encodings + JETTY-1347 Updated ServletHander javadoc -jetty-7.4.0.v20110414 +jetty-7.4.0.v20110414 - 14 April 2011 + 342504 Scanner Listener + 342700 refine websocket API for anticipated changes + JETTY-1362 Set root cause of UnavailableException + Various test harness cleanups to avoid random failures -jetty-7.4.0.RC0 +jetty-7.4.0.RC0 - 07 April 2011 + 324110 Added test harnesses for merging of QueryStrings + 337685 Update websocket API in preparation for draft -07 + 338627 HashSessionManager.getIdleSavePeriod returns milliseconds instead of @@ -8131,26 +8187,6 @@ jetty-7.4.0.RC0 + Added extra session removal test + Ensure generated fragment names are unique -jetty-8.0.0.M2 - 16 November 2010 - + 320073 Reconsile configuration mechanism - + 321068 JSF2 fails to initialize - + 324493 Registration init parameter handling null check, setInitParameters - additive - + 324505 Request.login method must throw ServletException if it cant login - + 324872 allow disabling listener restriction from using *Registration - interfaces - + 327416 Change meaning of @HandlesTypes in line with latest interpretation by - JSR315 - + 327489 Change meaning of @MultipartConfig to match servlet spec 3.0 - maintenance release 3.0a - + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii - + 330188 Reject web-fragment.xml with same as another already loaded - one - + 330208 Support new wording on servlet-mapping and filter-mapping merging - from servlet3.0a - + 330292 request.getParts() returns only one part when the name is the same - + Update to jetty-7.2.1.v20101111 - jetty-7.3.1.v20110307 - 07 March 2011 + 316382 Support a more strict SSL option with certificates + 333481 Handle UCS-4 codepoints in decode and encode @@ -8252,6 +8288,26 @@ jetty-7.2.2.v20101205 - 05 December 2010 + JETTY-1307 Check that JarFileResource directories end with / + JETTY-1308 327109 (re)fixed AJP handling of empty packets +jetty-8.0.0.M2 - 16 November 2010 + + 320073 Reconsile configuration mechanism + + 321068 JSF2 fails to initialize + + 324493 Registration init parameter handling null check, setInitParameters + additive + + 324505 Request.login method must throw ServletException if it cant login + + 324872 allow disabling listener restriction from using *Registration + interfaces + + 327416 Change meaning of @HandlesTypes in line with latest interpretation by + JSR315 + + 327489 Change meaning of @MultipartConfig to match servlet spec 3.0 + maintenance release 3.0a + + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii + + 330188 Reject web-fragment.xml with same as another already loaded + one + + 330208 Support new wording on servlet-mapping and filter-mapping merging + from servlet3.0a + + 330292 request.getParts() returns only one part when the name is the same + + Update to jetty-7.2.1.v20101111 + jetty-7.2.1.v20101111 - 11 November 2010 + 324679 Fixed dedection of write before static content + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii @@ -8381,7 +8437,20 @@ jetty-7.2.0.RC0 - 01 October 2010 + Fix jetty-plus.xml for new configuration names + Improved debug dump -jetty-7.1.6.v20100715 +jetty-6.1.25 - 26 July 2010 + + 320264 Removed duplicate mime.property entries + + JETTY-1212 Long content lengths + + JETTY-1214 Avoid ISE when scavenging invalid session + + JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and + resourceBase is not set + + JETTY-1226 javax.activation needs to be listed in the system classes + + JETTY-1237 Remember local/remote details of endpoint + + JETTY-1251 protected against closed selector + + COMETD-112 if two threads create the same channel, then create events may + occur after subscribe events + + Jetty-6 is now in maintenance mode. + +jetty-7.1.6.v20100715 - 15 July 2010 + 319519 Warn about duplicate configuration files + 319655 Reset HEAD status + JETTY-1247 synchronize recylcing of SSL NIO buffers @@ -8398,7 +8467,7 @@ jetty-8.0.0.M1 - 12 July 2010 + Ensure empty implies exclusion of all fragments + Ensure servlet-api jar class inheritance hierarchy is scanned -jetty-7.1.5.v20100705 +jetty-7.1.5.v20100705 - 05 July 2010 + 288194 Add blacklist/whitelist to ProxyServlet and ProxyHandler + 296570 EOFException for HttpExchange when HttpClient.stop called + 311550 The WebAppProvider should allow setTempDirectory @@ -8424,20 +8493,7 @@ jetty-7.1.5.v20100705 + JETTY-1237 Save local/remote address to be available after close + Update ecj to 3.6 Helios release drop -jetty-6.1.25 - 26 July 2010 - + 320264 Removed duplicate mime.property entries - + JETTY-1212 Long content lengths - + JETTY-1214 Avoid ISE when scavenging invalid session - + JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and - resourceBase is not set - + JETTY-1226 javax.activation needs to be listed in the system classes - + JETTY-1237 Remember local/remote details of endpoint - + JETTY-1251 protected against closed selector - + COMETD-112 if two threads create the same channel, then create events may - occur after subscribe events - + Jetty-6 is now in maintenance mode. - -jetty-7.1.4.v20100610 +jetty-7.1.4.v20100610 - 10 June 2010 + 292326 Stop continuations if server is stopped + 292814 Make QoSFilter and DoSFilter JMX manageable + 293222 Improve request log to handle/show asynchronous latency @@ -8467,7 +8523,7 @@ jetty-7.1.4.v20100610 + JETTY-547 Delay close after shutdown until request read + JETTY-1231 Support context request log handler -jetty-7.1.3.v20100526 +jetty-7.1.3.v20100526 - 26 May 2010 + 296567 HttpClient RedirectListener handles new HttpDestination + 297598 JDBCLoginService uses hardcoded credential class + 305898 Websocket handles query string in URI @@ -8477,7 +8533,7 @@ jetty-7.1.3.v20100526 + 314177 JSTL support is broken + 314459 support maven3 for builds -jetty-7.1.2.v20100523 +jetty-7.1.2.v20100523 - 23 May 2010 + 308866 Update test suite to JUnit4 - Module jetty-util + 312948 Recycle SSL crypto buffers + 313196 randomly allocate ports for session test @@ -8486,7 +8542,7 @@ jetty-7.1.2.v20100523 + 314009 updated README.txt + Update links to jetty website and wiki on test webapp -jetty-7.1.1.v20100517 +jetty-7.1.1.v20100517 - 17 May 2010 + 302344 Make the list of available contexts if root context is not configured optional + 304803 Remove TypeUtil Integer and Long caches @@ -8568,19 +8624,6 @@ jetty-7.1.0.RC0 - 27 April 2010 + Merged 7.0.2.v20100331 + Temporarily remove jetty-osgi module to clarify jsp version compatibility -jetty-7.0.2.v20100331 - 31 March 2010 - + 297552 Don't call Continuation timeouts from acceptor tick - + 298236 Additional unit tests for jetty-client - + 306782 httpbis interpretation of 100 continues. Body never skipped - + 306783 NPE in StdErrLog when Throwable is null - + 306840 Suppress content-length in requests with no content - + 306880 Support for UPGRADE in HttpClient - + 306884 Suspend with timeout <=0 never expires - + 307589 updated servlet 3.0 continuations for final API - + Allow Configuration array to be set on Server instance for all web apps - + Ensure webapps with no WEB-INF don't scan WEB-INF/lib - + Take excess logging statements out of startup - jetty-6.1.24 - 21 April 2010 + 308925 Protect the test webapp from remote access + JETTY-903 Stop both caches @@ -8649,7 +8692,20 @@ jetty-6.1.23 - 02 April 2010 + Remove references to old content in HttpClient client tests for www.sun.com + Updated JSP to 2.1.v20091210 -jetty-7.0.2.RC0 +jetty-7.0.2.v20100331 - 31 March 2010 + + 297552 Don't call Continuation timeouts from acceptor tick + + 298236 Additional unit tests for jetty-client + + 306782 httpbis interpretation of 100 continues. Body never skipped + + 306783 NPE in StdErrLog when Throwable is null + + 306840 Suppress content-length in requests with no content + + 306880 Support for UPGRADE in HttpClient + + 306884 Suspend with timeout <=0 never expires + + 307589 updated servlet 3.0 continuations for final API + + Allow Configuration array to be set on Server instance for all web apps + + Ensure webapps with no WEB-INF don't scan WEB-INF/lib + + Take excess logging statements out of startup + +jetty-7.0.2.RC0 - 09 March 2010 + 290765 Reset input for HttpExchange retry + 292799 WebAppDeployer - start a started context? + 292800 ContextDeployer - recursive setting is undone by FilenameFilter @@ -8893,6 +8949,29 @@ jetty-7.0.0.RC5 - 27 August 2009 + JETTY-1086 Added UncheckedPrintWriter to avoid ignored EOFs + JETTY-1087 Chunked SSL non blocking input +jetty-7.0.0.RC4 - 18 August 2009 + + 279820 Fixed HotSwapHandler + + 285891 SessionAuthentication is serializable + + 286185 Implement ability for JSON implementation to automatically register + convertors + + 286535 ContentExchange status code + + JETTY-1057 XSS error page + + JETTY-1079 ResourceCollection.toString + + JETTY-1080 Ignore files that would be extracted outside the destination + directory when unpacking WARs + + Added discoverable start options + +jetty-7.0.0.RC3 - 07 August 2009 + + 277403 remove system properties + + 282447 concurrent destinations in HttpClient + + 283172 fix Windows build, broken on directory creation with the + DefaultServlet + + 283375 additional error-checking on SSL connector passwords to prevent NPE + + 283513 Check endp.isOpen when blocking read + + 285697 extract parameters if dispatch has query + + JETTY-1074 JMX thread manipulation + + Improved deferred authentication handling + jetty-6.1.19 - 01 July 2009 + JETTY-799 shell script for jetty on cygwin + JETTY-863 Non blocking stats handler @@ -8922,29 +9001,6 @@ jetty-6.1.19 - 01 July 2009 + JETTY-1058 Handle trailing / with aliases on + JETTY-1062 Don't filter cometd message without data -jetty-7.0.0.RC4 - 18 August 2009 - + 279820 Fixed HotSwapHandler - + 285891 SessionAuthentication is serializable - + 286185 Implement ability for JSON implementation to automatically register - convertors - + 286535 ContentExchange status code - + JETTY-1057 XSS error page - + JETTY-1079 ResourceCollection.toString - + JETTY-1080 Ignore files that would be extracted outside the destination - directory when unpacking WARs - + Added discoverable start options - -jetty-7.0.0.RC3 - 07 August 2009 - + 277403 remove system properties - + 282447 concurrent destinations in HttpClient - + 283172 fix Windows build, broken on directory creation with the - DefaultServlet - + 283375 additional error-checking on SSL connector passwords to prevent NPE - + 283513 Check endp.isOpen when blocking read - + 285697 extract parameters if dispatch has query - + JETTY-1074 JMX thread manipulation - + Improved deferred authentication handling - jetty-7.0.0.RC2 - 29 June 2009 + 283375 improved extensibility of SSL connectors + 283818 fixed merge of forward parameters @@ -8959,6 +9015,23 @@ jetty-7.0.0.RC2 - 29 June 2009 + Disassociate method on IdentityService + Improved handling of overlays and resourceCollections +jetty-7.0.0.M3 - 20 June 2009 + + 274251 Allow dispatch to welcome files that are servlets (configurable) + + 276545 Quoted cookie paths + + 277403 Cleanup system property usage + + 277798 Denial of Service Filter + + 279725 Support 100 and 102 expectations + + 280707 client.HttpConnection does not catch and handle non-IOExceptions + + 281470 Handle the case where request.PathInfo() should be "/*" + + Added ContinuationThrowable + + added WebAppContext.setConfigurationDiscovered for servlet 3.0 features + + fixed race with expired async listeners + + Numerous cleanups from static code analysis + + Portable continuations for jetty6 and servlet3 + + Refactored AbstractBuffers to HttpBuffers for performance + + refactored configuration mechanism + + Refactored continuations to only support response wrapping + jetty-7.0.0.RC1 - 15 June 2009 + 283344 Startup on windows is broken + JETTY-1066 283357 400 response for bad URIs @@ -8985,23 +9058,6 @@ jetty-7.0.0.M4 - 01 June 2009 + JETTY-1055 Cookie quoting + JETTY-1057 Error page stack trace XSS -jetty-7.0.0.M3 - 20 June 2009 - + 274251 Allow dispatch to welcome files that are servlets (configurable) - + 276545 Quoted cookie paths - + 277403 Cleanup system property usage - + 277798 Denial of Service Filter - + 279725 Support 100 and 102 expectations - + 280707 client.HttpConnection does not catch and handle non-IOExceptions - + 281470 Handle the case where request.PathInfo() should be "/*" - + Added ContinuationThrowable - + added WebAppContext.setConfigurationDiscovered for servlet 3.0 features - + fixed race with expired async listeners - + Numerous cleanups from static code analysis - + Portable continuations for jetty6 and servlet3 - + Refactored AbstractBuffers to HttpBuffers for performance - + refactored configuration mechanism - + Refactored continuations to only support response wrapping - jetty-7.0.0.M2 - 18 May 2009 + 273767 Update to use geronimo annotations spec 1.1.1 + 275396 Added ScopedHandler to set servlet scope before security handler @@ -9019,6 +9075,11 @@ jetty-7.0.0.M2 - 18 May 2009 + JETTY-1020 ZipException in org.mortbay.jetty.webapp.TagLibConfiguration prevents all contexts from being loaded +jetty-5.1.15 - 18 May 2009 + + JETTY-418 synchronized load class + + JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment + + Fixes for CERT438616-CERT237888-CERT21284 + jetty-6.1.18 - 16 May 2009 + JETTY-937 Improved work around sun JVM selector bugs + JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment @@ -9033,11 +9094,6 @@ jetty-6.1.18 - 16 May 2009 prevents all contexts from being loaded + JETTY-1022 Removed several 1.5isms -jetty-5.1.15 - 18 May 2009 - + JETTY-418 synchronized load class - + JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment - + Fixes for CERT438616-CERT237888-CERT21284 - jetty-6.1.17 - 30 April 2009 + JETTY-936 Make optional dispatching to welcome files as servlets + JETTY-937 Work around sun JVM selector bugs @@ -9187,7 +9243,7 @@ jetty-7.0.0.M0 - 27 March 2009 + moved to org.eclipse packages + simplified HandlerContainer API -jetty-6.1.15 - 04 March 2009 +jetty-6.1.15 - 02 March 2009 + JETTY-923 BayeuxClient uses message pools to reduce memory footprint + JETTY-924 Improved BayeuxClient disconnect handling + JETTY-925 Lazy bayeux messages @@ -9845,13 +9901,18 @@ jetty-6.1.6rc0 - 03 October 2007 + Use terracotta repo for build; make jetty a terracotta module + UTF-8 for bayeux client +jetty-5.1.14 - 09 August 2007 + + JETTY-155 force close with content length + + JETTY-369 failed state in Container + + patched with correct version + jetty-6.1.5 - 19 July 2007 + JETTY-392 updated LikeJettyXml example + Fixed GzipFilter for dispatchers + Fixed reset of reason + Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007 -jetty-6.1.5rc0 - 15 July 0200 +jetty-6.1.5rc0 - 15 July 2007 + JETTY-253 Improved graceful shutdown + JETTY-373 Stop all dependent lifecycles + JETTY-374 HttpTesters handles large requests/responses @@ -10109,8 +10170,15 @@ jetty-6.1.1rc0 - 10 January 2007 + start webapps on deployment with jboss, use isDistributed() method from WebAppContext -jetty-6.1.0 - 09 January 2007 +jetty-6.1.0 - 05 January 2007 + Fixed unpacking WAR + + JETTY-206 fixed AJP getServerPort and getRemotePort + + Added extras/win32service + + Added WebAppContext.setCopyWebDir to avoid JVM jar caching issues. + + GERONIMO-2677 refactor of session id handling for clustering + + Improved config of java5 threadpool + + Protect context deployer from Errors + + ServletTester sets content length jetty-6.1.0 - 05 January 2007 + JETTY-206 fixed AJP getServerPort and getRemotePort @@ -10241,14 +10309,6 @@ jetty-6.0.2 - 22 November 2006 + updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006 + Upgraded session ID generation to use SecureRandom -jetty-5.1.14 - 09 August 2007 - + JETTY-155 force close with content length - + JETTY-369 failed state in Container - + patched with correct version - -jetty-5.1.13 - + Sourceforge 1648335: problem setting version for AJP13 - jetty-5.1.12 - 22 November 2006 + JETTY-154 Cookies ignore single quotes + Added support for TLS_DHE_RSA_WITH_AES_256_CBC_SHA @@ -10397,6 +10457,40 @@ jetty-6.0.0rc2 - 25 August 2006 + use mvn -Dslf4j=false jetty:run to disable use of slf4j logging with jdk1.4/jsp2.0 +jetty-6.0.0ALPHA2 - 20 August 2006 + + Continuations - way cool way to suspend a request and retry later. + + Dispatchers + + Security + +jetty-6.0.0ALPHA1 - 20 August 2006 + + Filters + + web.xml handling + +jetty-6.0.0ALPHA0 - 20 August 2006 + + file may be sent as sent is a single operation. + + Improved "dependancy injection" and "inversion of control" design of + components + + Improved "interceptor" design of handlers + + Missing Request Dispatchers + + Missing Security + + Missing war support + + Missing web.xml based configuration + + Optional use of NIO Buffering so that efficient direct buffers and memory + mapped files can be used. + + Optional use of NIO gather writes, so that for example a HTTP header and a + memory mapped + + Optional use of NIO non-blocking scheduling so that threads are not + allocated per connection. + + Smart split buffer design allows large buffers to only be allocated to + active connections. The resulting memory savings allow very large buffers to + be used, which increases the chance of efficient asynchronous flushing and + of avoiding chunking. + + Totally rearchitected and rebuilt, so 10 years of cruft could be removed! + +jetty-6.0.0ALPHA3 - 20 August 2006 + + Added demo for Continuations + + Jasper and associated libraries. + jetty-6.0.0rc1 - 16 August 2006 + JETTY-85 JETTY-86 (TrustManager and SecureRandom are now configurable; better handling of null/default values) @@ -10468,7 +10562,7 @@ jetty-6.0.0rc0 - 07 July 2006 + Updated javax code from http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/javax@417727 -jetty-6.0.0beta17 - 01 June 2006 +jetty-6.0.0beta17 - 02 June 2006 + Added clover reports and enough tests to get >50% coverage + Added config to disable file memory mapped buffers for windows + Added Request.isHandled() @@ -10484,7 +10578,7 @@ jetty-6.0.0beta17 - 01 June 2006 + Recovered repository from Codehaus crash + Refactored Synchronization of SelectChannelConnector -jetty-6.0.0beta16 - 12 May 2006 +jetty-6.0.0beta16 - 15 May 2006 + remove a couple of System.err.printlns + replace backwards compativle API in UrlEncoded @@ -10539,6 +10633,15 @@ jetty-6.0.0beta14 - 09 April 2006 + stop JDBCUserRealm coercing all credentials to String + Use start.config to select which JSP impl at runtime based on jdk version +jetty-5.1.11RC0 - 05 April 2006 + + Added provider support to SslListener + + Fixed AJP handling of ;jsessionid. + + force close with shutdownOutput for win32 + + improved contentType param handling + + logging improvements for servlet and runtime exceptions + + NPE protection if desirable client certificates + + stop JDBCUserRealm forcing all credentials to be String + jetty-6.0.0beta12 - 16 March 2006 + Added JSP2.0 demos to test webapp + Added provider support to SslListener @@ -10562,7 +10665,13 @@ jetty-6.0.0beta11 - 14 March 2006 + refactored session ID management + refactored writers and improved UTF-8 generation. -jetty-6.0.0beta10 - 25 February 2006 +jetty-6.0.0beta0 - 27 February 2006 + + Dispatcher parameters + + Fixed blocking read + + Maven 2 build + + UTF-8 encoding for URLs + +jetty-6.0.0beta10 - 24 February 2006 + added getLocalPort() to connector + Added support for java:comp/env + Added support for pluggable transaction manager @@ -10576,7 +10685,7 @@ jetty-6.0.0beta10 - 25 February 2006 + Forward masks include attributes and vice versa + Updates javax to MR2 release -jetty-6.0.0beta9 - 09 February 2006 +jetty-6.0.0beta9 - 14 February 2006 + Added CGI servlet. + Added request log. + Added TLD tag listener handling. @@ -10590,7 +10699,7 @@ jetty-6.0.0beta9 - 09 February 2006 + PathMap for direct context mapping. + Refactored chat demo and upgraded prototype.js -jetty-6.0.0beta8 - 24 January 2006 +jetty-6.0.0beta8 - 25 January 2006 + conveniance addHandler removeHandler methods + fixed bug in overloaded write method on HttpConnection (reported against Tapestry4.0) @@ -10606,8 +10715,9 @@ jetty-6.0.0beta8 - 24 January 2006 + patch to remove spurious ; in HttpFields + reinstated rfc2616 test harness + Removed queue from thread pool. + + convenience addHandler removeHandler methods -jetty-6.0.0Beta7 +jetty-6.0.0beta7 - 10 January 2006 + Faster header name lookup + Fixed infinite loop with chunk handling + maven-jetty6-plugin added tmpDirectory property @@ -10617,28 +10727,61 @@ jetty-6.0.0Beta7 + reduced info verbosity + removed singleton Container -jetty-6.0.0Beta6 +jetty-5.1.10 - 05 January 2006 + + Fixed path aliasing with // on windows. + + Fix for AJP13 with encoded path + + Fix for AJP13 with multiple headers + + Put POST content default back to iso_8859_1. GET is UTF-8 still + + Remove null dispatch attributes from getAttributeNames + +jetty-4.2.25 - 04 January 2006 + + Fixed aliasing of // for win32 + +jetty-6.0.0beta6 - 09 December 2005 + Fixed issue with blocking reads + Fixed issue with unknown headers + optimizations -jetty-6.0.0Beta5 +jetty-5.1.9 - 07 December 2005 + + Fixed wantClientAuth(false) overriding netClientAuth(true) + +jetty-5.1.8 - 07 December 2005 + + Fixed space in URL issued created in 5.1.6 + +jetty-5.1.7 - 07 December 2005 + +jetty-5.1.7rc0 - 06 December 2005 + + better support for URI character encodings + + char encoding for MultiPartRequest + + fixed merging of POST params in dispatch query string. + + improved server stats + + JSP file servlet mappings copy JspServlet init params. + + Prefix servlet context logs with org.mortbay.jetty.context + + protect from NPE in dispatcher getValues + + Updated to 2.6.2 xerces + + use commons logging jar instead of api jar. + +jetty-6.0.0beta5 - 05 December 2005 + Added management module for mbeans + Fixed writer char[] creations + Moved to SVN -jetty-6.0.0Beta4 +jetty-6.0.0beta4 - 22 November 2005 + Fixed JSP visibility security issue (CVE-2006-2758) + Improved jetty-web.xml access to org.mortbay classes. + Jasper 5.5.12 + System property support in plugin -jetty-6.0.0Beta3 +jetty-5.1.6 - 18 November 2005 + + Fixed JSP visibility security issue (CVE-2006-2758) + + Improved jetty-web.xml access to org.mortbay classes. + +jetty-6.0.0beta3 - 17 November 2005 + Fixed classloader issue with server classes + Fixed error in block read + Named dispatch. -jetty-6.0.0Beta2 +jetty-6.0.0beta2 - 14 November 2005 + Improved buffer return + Improved reuse of HttpField values and cookies. + loosely coupled with JSP servlet @@ -10646,7 +10789,7 @@ jetty-6.0.0Beta2 + merged util jar back into jetty jar + Simpler continuation API -jetty-6.0.0Beta1 +jetty-6.0.0beta1 - 11 November 2005 + Error pages + Implemented all listeners + maven2 plugin @@ -10657,91 +10800,6 @@ jetty-6.0.0Beta1 + SSL connector + Virtual hosts -jetty-6.0.0Beta0 - + Dispatcher parameters - + Fixed blocking read - + Maven 2 build - + UTF-8 encoding for URLs - -jetty-6.0.0APLPA3 - + Added demo for Continuations - + Jasper and associated libraries. - -jetty-6.0.0ALPHA2 - + Continuations - way cool way to suspend a request and retry later. - + Dispatchers - + Security - -jetty-6.0.0ALPHA1 - + Filters - + web.xml handling - -jetty-6.0.0ALPHA0 - + file may be sent as sent is a single operation. - + Improved "dependancy injection" and "inversion of control" design of - components - + Improved "interceptor" design of handlers - + Missing Request Dispatchers - + Missing Security - + Missing war support - + Missing web.xml based configuration - + Optional use of NIO Buffering so that efficient direct buffers and memory - mapped files can be used. - + Optional use of NIO gather writes, so that for example a HTTP header and a - memory mapped - + Optional use of NIO non-blocking scheduling so that threads are not - allocated per connection. - + Smart split buffer design allows large buffers to only be allocated to - active connections. The resulting memory savings allow very large buffers to - be used, which increases the chance of efficient asynchronous flushing and - of avoiding chunking. - + Totally rearchitected and rebuilt, so 10 years of cruft could be removed! - -jetty-5.1.11RC0 - 05 April 2006 - + Added provider support to SslListener - + Fixed AJP handling of ;jsessionid. - + force close with shutdownOutput for win32 - + improved contentType param handling - + logging improvements for servlet and runtime exceptions - + NPE protection if desirable client certificates - + stop JDBCUserRealm forcing all credentials to be String - -jetty-5.1.10 - 05 January 2006 - + Fixed path aliasing with // on windows. - + Fix for AJP13 with encoded path - + Fix for AJP13 with multiple headers - + Put POST content default back to iso_8859_1. GET is UTF-8 still - + Remove null dispatch attributes from getAttributeNames - -jetty-4.2.25 - 04 January 2006 - + Fixed aliasing of // for win32 - -jetty-5.1.9 - 07 December 2005 - + Fixed wantClientAuth(false) overriding netClientAuth(true) - -jetty-6.0.0betaX - + See http://jetty.mortbay.org/jetty6 for 6.0 releases - -jetty-5.1.8 - 07 December 2005 - + Fixed space in URL issued created in 5.1.6 - -jetty-5.1.7 - 07 December 2005 - -jetty-5.1.7rc0 - 06 December 2005 - + better support for URI character encodings - + char encoding for MultiPartRequest - + fixed merging of POST params in dispatch query string. - + improved server stats - + JSP file servlet mappings copy JspServlet init params. - + Prefix servlet context logs with org.mortbay.jetty.context - + protect from NPE in dispatcher getValues - + Updated to 2.6.2 xerces - + use commons logging jar instead of api jar. - -jetty-5.1.6 - 18 November 2005 - + Fixed JSP visibility security issue (CVE-2006-2758) - + Improved jetty-web.xml access to org.mortbay classes. - jetty-5.1.5 - 10 November 2005 + Improved mapping of JSP files. + Improved shutdown hook @@ -10792,6 +10850,9 @@ jetty-5.1.4rc0 - 19 April 2005 + Stop start.jar putting current directory on classpath. + Turn off web.xml validation for JBoss. +jetty-5.1.13 - 07 April 2005 + + Sourceforge 1648335: problem setting version for AJP13 + jetty-5.1.3 - 07 April 2005 + Some minor code janitorial services @@ -10820,7 +10881,7 @@ jetty-5.1.3rc1 - 13 March 2005 + JettyPlus updated to JOTM 2.0.5, XAPool 1.4.2 + update to demo site look and feel. -jetty-4.2.24rc1 +jetty-4.2.24rc1 - 11 March 2005 + Fixed principal naming in FormAuthenticator jetty-5.1.3rc0 - 08 March 2005 @@ -10867,7 +10928,7 @@ jetty-4.2.23RC0 - 17 December 2004 jetty-5.1.1 - 01 December 2004 -jetty-5.1.1RC1 +jetty-5.1.1RC1 - 24 November 2004 + Allow double // within URIs + Applied patch for MD5 hashed credentials for MD5 + Fixed ordering of filters with multiple interleaved mappings. @@ -10927,7 +10988,7 @@ jetty-5.0.RC3 - 28 August 2004 + Less verbose warning for non validating xml parser. + Update to jasper 5.0.27 -jetty-4.2.22 +jetty-4.2.22 - 24 August 2004 + Added parameters for acceptQueueSize and lowResources level. + fixed deployment of ejb-link elements in web.xml for jboss + fixed jaas logout for jetty-jboss integration @@ -10998,6 +11059,14 @@ jetty-4.2.20RC0 - 07 April 2004 jetty-4.2.19 - 19 March 2004 + Fixed DOS attack problem +jetty-4.2.18 - 01 March 2004 + + Added log4j context repository to jettyplus + + Default servlet respectes servlet path + + Fixed j2se 1.3 problem with HttpFields + + Improved log performance + + NPE guard for no-listener junit deployment + + Suppress some more IOExceptions + jetty-5.0.beta2 - 12 February 2004 + Added experimental NIO listeners again. + Added log4j context repository to jettyplus @@ -11017,14 +11086,6 @@ jetty-5.0.beta2 - 12 February 2004 + RequestDispatcher uses request encoding for query params + Updated to Japser 5.0.16 -jetty-4.2.18 - 01 March 2004 - + Added log4j context repository to jettyplus - + Default servlet respectes servlet path - + Fixed j2se 1.3 problem with HttpFields - + Improved log performance - + NPE guard for no-listener junit deployment - + Suppress some more IOExceptions - jetty-4.2.17 - 01 February 2004 + Fixed busy loop in threadpool run + Reorganized ServletHolder init @@ -11144,15 +11205,6 @@ jetty-5.0.alpha1 - 12 August 2003 + Synced with 4.2.12 + Updated to Jasper 5.0.7 -jetty-5.0.alpha0 - 16 July 2003 - + Compiled against 2.4 servlet spec. - + Implemented Dispatcher forward attributes. - + Implemented filter-mapping element - + Implemented remote/local addr/port methods - + Implemented setCharaterEncoding - + Updated authentication so that a normal Principal is used. - + updated to jasper 5.0.3 - jetty-4.2.12 - 12 August 2003 + Added missing S to some OPTIONS strings + Added open method to threaded server. @@ -11165,6 +11217,15 @@ jetty-4.2.12 - 12 August 2003 + Removed protection of org.mortbay.http attributes + Restore max inactive interval for session manager +jetty-5.0.alpha0 - 16 July 2003 + + Compiled against 2.4 servlet spec. + + Implemented Dispatcher forward attributes. + + Implemented filter-mapping element + + Implemented remote/local addr/port methods + + Implemented setCharaterEncoding + + Updated authentication so that a normal Principal is used. + + updated to jasper 5.0.3 + jetty-4.2.11 - 12 July 2003 + Branched for Jetty 5 development. + Cookie params all in lower case. @@ -12294,6 +12355,11 @@ jetty-3.0.0.rc2 - 29 October 2000 + Prevented multiple init of ServletHolder + Replaced ISO-8859-1 literals with StringUtil static +jetty-2.4.8 - 23 October 2000 + + Fixed bug with 304 replies with bodies. + + Fixed closing socket problem + + Improved win32 make files. + jetty-3.0.0.rc1 - 22 October 2000 + Added CGI to demo + Added HashUserRealm and cleaned up security constraints @@ -12306,11 +12372,6 @@ jetty-3.0.0.rc1 - 22 October 2000 + Partial handling of 0.9 requests. + removed Thread.destroy() calls. -jetty-2.4.8 - 23 October 2000 - + Fixed bug with 304 replies with bodies. - + Fixed closing socket problem - + Improved win32 make files. - jetty-3.0.B05 - 18 October 2000 + Added default webapp servlet mapping /servlet/name/* + Cleaned up response committing and flushing @@ -13085,41 +13146,41 @@ jetty-1.3.4 - 15 March 1998 + ServletHandler now takes an optional file base directory name which is used to set the translated path for pathInfo in servlet requests. -jetty-1.3.3 +jetty-1.3.3 - 01 March 1998 + Closed exception window in HttpListener.java + Fixed TableForm.addButtonArea bug. + TableForm.extendRow() uses existing cell -jetty-1.3.2 +jetty-1.3.2 - 20 February 1998 + Added per Table cell composite factories + Fixed proxy bug with no port number -jetty-1.3.1 +jetty-1.3.1 - 12 February 1998 + Better handling of InvocationTargetException in debug + ForwardHandler only forwards as http/1.0 (from Tobias.Miller) + Improved parsing of stack traces + Minor fixes in SmtpMail + Minor release adjustments for Tracker -jetty-1.3.0 +jetty-1.3.0 - 03 February 1998 + Added DbAdaptor to JDBC wrappers + Beta release of Tracker -jetty-1.2.0 +jetty-1.2.0 - 22 January 1998 + Alternate look and feel for Jetty + Better Debug configuration + DebugServlet + Fixed install bug for nested classes + Reintroduced STF -jetty-1.1.1 +jetty-1.1.1 - 13 January 1998 + Improved documentation -jetty-1.1 +jetty-1.1 - 09 January 1998 + Improved connection caching in java.mortbay.JDBC + Moved HttpCode to com.mortbay.Util -jetty-1.0.1 +jetty-1.0.1 - 06 January 1998 + Bug fixes jetty-1.0 - 01 January 1998