Releases: jetty/jetty.project
Releases · jetty/jetty.project
12.0.0.alpha1
Special Thanks to the following Eclipse Jetty community members
- @MoonLord-LM (MoonLord-LM)
Changelog
- #8548 - Fix the StatisticsServlet for Jetty-12 EE10
- #8547 - re-enabling and fixing some tests for Jetty-12
- #8540 - Maven pom is not correct for
org.eclipse.jetty/infinispan-embedded
andorg.eclipse.jetty/infinispan-remote
(@MoonLord-LM) - #8491 - jetty 12.0.x error unwrap servlet exception
- #8490 - add module configuration for demo handler
- #8474 - Jetty 12 : Resource API Review
- #8436 - Jetty 12 : More testing for Resource alias
9.4.49.v20220914
11.0.12
Special Thanks to the following Eclipse Jetty community members
- @MoonLord-LM (MoonLord-LM)
Changelog
- #8497 -
jetty-bom/11.0.11
depends onjetty-slf4j-impl/10.0.8-SNAPSHOT
that cause 404 error (@MoonLord-LM)
Dependencies
- #8389 - Bump avro to 1.11.1
- #8239 - Bump checkstyle to 10.3.1
- #8300 - Bump google-cloud-datastore to 2.10.1
- #8508 - Bump grpc-core to 1.49.0
- #8249 - Bump jakarta.annotation-api to 2.1.1
- #8506 - Bump jboss-threads to 3.5.0.Final
- #8254 - Bump jna-jpms to 5.12.1
- #8529 - Bump mariadb-java-client to 3.0.7
- #8371 - Bump maven-assembly-plugin to 3.4.2
- #8520 - Bump maven-checkstyle-plugin to 3.2.0
- #8248 - Bump maven-enforcer-plugin to 3.1.0
- #8377 - Bump maven-install-plugin to 3.0.1
- #8528 - Bump maven-javadoc-plugin to 3.4.1
- #8368 - Bump maven-resources-plugin to 3.3.0
- #8244 - Bump maven.version to 3.8.6
- #8308 - Bump spotbugs-maven-plugin to 4.7.1.0
- #8309 - Bump tycho-p2-repository-plugin to 2.7.4
- #8369 - Bump wildfly-elytron to 1.20.0.Final
10.0.12
Special Thanks to the following Eclipse Jetty community members
- @MoonLord-LM (MoonLord-LM)
- @keller-j (keller-j)
- @mwgmnn (Michael Weigmann)
- @cstamas (Tamas Cservenak)
- @fanf (François Armand)
Changelog
- #8578 -
getRequestURL
can append "null" ifgetRequestURI
is unspecified in an authority-form request-target - #8554 - remove infinispan-remote from bom as it doesn't have to be here
- #8540 - Maven pom is not correct for
org.eclipse.jetty/infinispan-embedded
andorg.eclipse.jetty/infinispan-remote
(@MoonLord-LM) - #8532 - Review System.nanoTime() usages
- #8485 - add testing for KeystoreGenerator
- #8468 - define the resourceBase in well-known ContextHandler to allow alias checking
- #8433 - improve performance of alias checking
- #8353 - Automatic pongs should not be sent when connection is closed
- #8294 - java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField
- #8264 - Fix errors in Mapped pool and javadoc
- #8259 - Symlinks cause 404 with DefaultServlet when its "resourceBase" is different from ContextHandler's
- #8222 - Jetty start.jar fails with NullPointerException when referencing a non existent module and using JVM args
- #8216 - OpenID logout / more extensibible OpenIdConfiguration (@keller-j)
- #8206 - Stopping server from within AbstractConnector#accept fails and results in a partially stopped QueuedThreadPool
- #8196 - Remove unused jetty-plus.xml file
- #8182 - Drop MAT (@cstamas)
- #8171 - Combined ByteBufferPool
- #8170 - WebSockets closed abruptly when using HTTP/2
- #8152 - jetty.sh does not read JAVA_OPTIONS anymore (@fanf)
- #8151 -
JakartaWebSocketSession.close()
blocks long time when called fromSendHandlerCallback
- #8007 - Support Loom
- #8006 - Use getSchemaTableName also in the create table statement (@mwgmnn)
- #7970 - Maven Plugin - the option to set extraClasspath in the plugin configuration isn't working
Dependencies
- #8503 - Bump apache.directory.api.version to 2.1.2
- #8383 - Bump asciidoctorj to 2.5.5
- #8387 - Bump avro to 1.11.1
- #8513 - Bump checkstyle to 10.3.3
- #8507 - Bump error_prone_annotations to 2.15.0
- #8367 - Bump exec-maven-plugin to 3.1.0
- #8515 - Bump flatten-maven-plugin to 1.3.0
- #8237 - Bump google-cloud-datastore to 2.9.1
- #8505 - Bump grpc-core to 1.49.0
- #8373 - Bump gson to 2.9.1
- #8363 - Bump h2spec-maven-plugin to 1.0.10
- #8561 - Bump hawtio-default to 2.15.1
- #8570 - Bump jackson-annotations to 2.13.4
- #8572 - Bump jackson-core to 2.13.4
- #8569 - Bump jackson-databind to 2.13.4
- #8130 - Bump jaxb-runtime to 2.3.6
- #8502 - Bump jboss-threads to 3.5.0.Final
- #8229 - Bump jna-jpms to 5.12.1
- #8380 - Bump junit.version to 5.9.0
- #8302 - Bump log4j-api to 2.18.0
- #8511 - Bump logback-core to 1.4.0
- #8516 - Bump mariadb-java-client to 3.0.7
- #8365 - Bump maven-assembly-plugin to 3.4.2
- #8378 - Bump maven-bundle-plugin to 5.1.8
- #8522 - Bump maven-checkstyle-plugin to 3.2.0
- #8374 - Bump maven-deploy-plugin to 3.0.0
- #8243 - Bump maven-enforcer-plugin to 3.1.0
- #8375 - Bump maven-install-plugin to 3.0.1
- #8509 - Bump maven-javadoc-plugin to 3.4.1
- #8501 - Bump maven-jxr-plugin to 3.3.0
- #8366 - Bump maven-remote-resources-plugin to 3.0.0
- #8364 - Bump maven-resources-plugin to 3.3.0
- #8362 - Bump maven.resolver.version to 1.8.2
- #8231 - Bump maven.version to 3.8.6
- #8236 - Bump org.eclipse.osgi to 3.18.0
- #8247 - Bump org.eclipse.osgi.util to 3.7.1
- #8519 - Bump protostream to 4.4.4.Final
- #8467 - Bump slf4j to 2.0.0-beta1 and logback to 1.3.0-beta0
- #8562 - Bump spotbugs-maven-plugin to 4.7.2.0
- #8234 - Bump testcontainers-bom to 1.17.3
- #8568 - Bump tycho-p2-repository-plugin to 2.7.5
- #8566 - Bump versions-maven-plugin to 2.12.0
- #8504 - Bump wildfly-elytron to 1.20.1.Final
- #8482 - use slf4j 2.0.0
12.0.0.alpha0
First alpha release of Jetty 12.
A lot of change but very good changes!
Get some popcorn and watch the show!
9.4.48.v20220622
11.0.11
Special Thanks to the following Eclipse Jetty community members
- @cstamas (Tamas Cservenak)
Critical Fix
- #8184 - All suffix globs except first fail to match if path has
.
character in prefix section
Changelog
- #8187 - Fix test-distribution classpath re resolver (@cstamas)
- #8175 - Removing invalid maxConnections references
- #8163 - RegexPathSpec documentation and MatchedPath improvements
- #8162 - Migrate code from jetty-util Logger to slf4j Logger
- #8161 - Improve SSLConnection buffers handling
- #8155 - Use static exceptions for closing websocket flushers and in ContentProducer
10.0.11
Special Thanks to the following Eclipse Jetty community members
- @cstamas (Tamas Cservenak)
Critical Fix
- #8184 - All suffix globs except first fail to match if path has
.
character in prefix section
Changelog
- #8187 - Fix test-distribution classpath re resolver (@cstamas)
- #8175 - Removing invalid maxConnections references
- #8163 - RegexPathSpec documentation and MatchedPath improvements
- #8162 - Migrate code from jetty-util Logger to slf4j Logger
- #8161 - Improve SSLConnection buffers handling
- #8155 - Use static exceptions for closing websocket flushers and in ContentProducer
11.0.10
Fixed Security Advisories
- (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
- (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service
- (CVE-2022-2191) - GHSA-8mpp-f3f7-xc28 - SslConnection does not release pooled ByteBuffers in case of errors
Special Thanks to the following Eclipse Jetty community members
- @jianglai (Lai Jiang)
- @markslater (markslater)
- @prenagha (Padraic Renaghan)
Changelog
- #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
- #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
- #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
- #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
- #8057 - Support Http Response 103 (Early Hints)
- #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
- #8008 - Add compliance mode for LEGACY multipart parser in Jetty
- #7994 - Ability to construct a detached client Request
- #7991 - fix bom for jetty-cdi
- #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
- #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
- #7975 -
ForwardedRequestCustomizer
setters do not clear existing handlers - #7953 - Fix StatisticsHandler in the case a Handler throws exception.
- #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
- #7929 - Correct requestlog formatString commented default (@prenagha)
- #7924 - Fix a typo in Javadoc (@jianglai)
- #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
- #7891 - Better Servlet PathMappings for Regex
- #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@markslater)
- #7863 - Default servlet drops first accept-encoding header if there is more than one. (@markslater)
- #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
- #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty
- #7803 - unwrap exception until we get the first non ServletException, as this can be wrap of wrap of wrap when using ContextHandlerCollection
- #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
- #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
- #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
- #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
- #4414 - GZipHandler not excluding inflation for specified paths
- #1771 - Add module for SecuredRedirect support
Dependencies
- #8083 - Bump asciidoctorj to 2.5.4
- #8077 - Bump asciidoctorj-diagram to 2.2.3
- #7839 - Bump asm.version to 9.3
- #8142 - Bump biz.aQute.bndlib to 6.3.1
- #8075 - Bump checkstyle to 10.3
- #8056 - Bump error_prone_annotations to 2.14.0
- #8109 - Bump google-cloud-datastore to 2.7.0
- #8100 - Bump grpc-core to 1.47.0
- #7987 - Bump hawtio-default to 2.15.0
- #7934 - Bump hazelcast.version to 4.2.5
- #8003 - Bump jackson-annotations to 2.13.3
- #8004 - Bump jackson-core to 2.13.3
- #7997 - Bump jackson-databind to 2.13.3
- #7849 - Bump jacoco-maven-plugin to 0.8.8
- #7830 - Bump jakarta.annotation-api to 2.1.0
- #7913 - Bump jakarta.ws.rs-api to 3.1.0
- #7937 - Bump jboss-logging to 3.5.0.Final
- #7815 - Bump jnr-ffi to 2.2.12
- #7967 - Bump kerb-simplekdc to 2.0.2
- #8029 - Bump logback-core to 1.3.0-alpha16
- #8064 - Bump mariadb-java-client to 3.0.5
- #7908 - Bump maven-antrun-plugin to 3.1.0
- #8001 - Bump maven-bundle-plugin to 5.1.6
- #7843 - Bump maven-clean-plugin to 3.2.0
- #8080 - Bump maven-invoker-plugin to 3.3.0
- #7902 - Bump maven-javadoc-plugin to 3.4.0
- #8079 - Bump maven-scm-provider-jgit to 1.13.0
- #7904 - Bump maven-site-plugin to 3.12.0
- #7900 - Bump maven.resolver.version to 1.8.0
- #7915 - Bump mongo-java-driver to 3.12.11
- #8108 - Bump openwebbeans.version to 2.0.27
- #7877 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
- #8123 - Bump org.apache.felix.framework to 7.0.5
- #8019 - Bump plexus-utils to 3.4.2
- #7944 - Bump protostream to 4.4.3.Final
- #8030 - Bump spotbugs-maven-plugin to 4.7.0.0
- #8031 - Bump testcontainers-bom to 1.17.2
- #7972 - Bump tycho-p2-repository-plugin to 2.7.3
- #8038 - Bump versions-maven-plugin to 2.11.0
10.0.10
Fixed Security Advisories
- (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
- (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service
- (CVE-2022-2191) - GHSA-8mpp-f3f7-xc28 - SslConnection does not release pooled ByteBuffers in case of errors
Special Thanks to the following Eclipse Jetty community members
- @jianglai (Lai Jiang)
- @markslater (markslater)
- @prenagha (Padraic Renaghan)
Changelog
- #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
- #8136 - Cherry-pick of Improvements to PathSpec for Jetty 10.0.x
- #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
- #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
- #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
- #8057 - Support Http Response 103 (Early Hints)
- #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
- #8008 - Add compliance mode for LEGACY multipart parser in Jetty 10+
- #7994 - Ability to construct a detached client Request
- #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
- #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
- #7975 -
ForwardedRequestCustomizer
setters do not clear existing handlers - #7953 - Fix StatisticsHandler in the case a Handler throws exception.
- #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
- #7929 - Correct requestlog formatString commented default (@prenagha)
- #7924 - Fix a typo in Javadoc (@jianglai)
- #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
- #7891 - Better Servlet PathMappings for Regex
- #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@markslater)
- #7863 - Default servlet drops first accept-encoding header if there is more than one. (@markslater)
- #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
- #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty 10
- #7808 - Jetty duplicate set session cookie
- #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
- #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
- #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
- #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
- #4414 - GZipHandler not excluding inflation for specified paths
- #1771 - Add module for SecuredRedirect support
Dependencies
- #8083 - Bump asciidoctorj to 2.5.4
- #8077 - Bump asciidoctorj-diagram to 2.2.3
- #7839 - Bump asm.version to 9.3
- #8142 - Bump biz.aQute.bndlib to 6.3.1
- #8075 - Bump checkstyle to 10.3
- #8056 - Bump error_prone_annotations to 2.14.0
- #8109 - Bump google-cloud-datastore to 2.7.0
- #8100 - Bump grpc-core to 1.47.0
- #7987 - Bump hawtio-default to 2.15.0
- #7934 - Bump hazelcast.version to 4.2.5
- #8003 - Bump jackson-annotations to 2.13.3
- #8004 - Bump jackson-core to 2.13.3
- #7849 - Bump jacoco-maven-plugin to 0.8.8
- #7937 - Bump jboss-logging to 3.5.0.Final
- #7815 - Bump jnr-ffi to 2.2.12
- #7967 - Bump kerb-simplekdc to 2.0.2
- #8029 - Bump logback-core to 1.3.0-alpha16
- #8064 - Bump mariadb-java-client to 3.0.5
- #7908 - Bump maven-antrun-plugin to 3.1.0
- #8001 - Bump maven-bundle-plugin to 5.1.6
- #7843 - Bump maven-clean-plugin to 3.2.0
- #8080 - Bump maven-invoker-plugin to 3.3.0
- #7902 - Bump maven-javadoc-plugin to 3.4.0
- #8079 - Bump maven-scm-provider-jgit to 1.13.0
- #7904 - Bump maven-site-plugin to 3.12.0
- #7900 - Bump maven.resolver.version to 1.8.0
- #7915 - Bump mongo-java-driver to 3.12.11
- #8108 - Bump openwebbeans.version to 2.0.27
- #7877 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
- #8123 - Bump org.apache.felix.framework to 7.0.5
- #8019 - Bump plexus-utils to 3.4.2
- #7859 - Bump protostream to 4.4.2.Final
- #8030 - Bump spotbugs-maven-plugin to 4.7.0.0
- #8031 - Bump testcontainers-bom to 1.17.2
- #7972 - Bump tycho-p2-repository-plugin to 2.7.3
- #8038 - Bump versions-maven-plugin to 2.11.0