9.3.30.v20211001

🌟 Sponsored Changes

• #6072 - Backport High CPU usage when TLS client sends TLS Record data exceeding length 17408 fix
• #6263 - Backport URI encoding in ConcatServlet & WelcomeFilter fixes
• #6277 - Backport handle exceptions thrown from session destroy listener

9.4.44.v20210927

Changelog

• #6883 - Welcome file redirects do not honor the relativeRedirectAllowed option
• #6870 - Encode control characters in URIUtil.encodePath
• #6869 - Correct Content-Type within HTML error pages
• #6860 - IPv6 format
• #6652 - Improve ReservedThreadExecutor dump
• #6618 - ID token azp claim should not be required if aud is single value array
• #6617 - Add basic auth support for OpenId token endpoint (client_secret_basic)
• #6603 - HTTP/2 max local stream count exceeded
• #6562 - HttpOutput.write(ByteBuffer buffer)
• #6558 - Allow to configure return type in JSON array parsing
• #6554 - Allow creation of DefaultIdentityService without realmName.
• #6553 - Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
• #6535 - Non blocking ReservedThreadExecutor
• #6520 - Error page has HTML error when writePoweredBy is enabled.
• #6487 - Expose ServletHolder getter in ServletHandler$ChainEnd for auditing libraries to use

Updated Dependencies

• #6922 - Bump hawtio-default from 2.13.5 to 2.14.0
• #6919 - Bump jamon.version from 2.81 to 2.82
• #6906 - Bump google-cloud-datastore from 2.1.0 to 2.1.2
• #6903 - Bump grpc-core from 1.40.1 to 1.41.0
• #6865 - Bump jnr-unixsocket from 0.38.10 to 0.38.11
• #6858 - Bump guice from 4.2.2 to 5.0.1
• #6857 - Bump org.eclipse.osgi.services from 3.10.100 to 3.10.200
• #6847 - Bump org.eclipse.osgi.util from 3.6.0 to 3.6.100
• #6841 - Bump org.eclipse.osgi from 3.16.300 to 3.17.0
• #6816 - Bump mariadb-java-client from 2.7.0 to 2.7.4
• #6786 - Bump org.eclipse.osgi from 3.16.0 to 3.16.300
• #6772 - Update to asm 9.2
• #6746 - Bump hazelcast.version from 3.12.10 to 3.12.12
• #6739 - Bump jmh.version from 1.26 to 1.33
• #6671 - Update to apache jsp 8.5.70

9.4.43.v20210629

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6470 - java.nio.ReadOnlyBufferException
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1

11.0.6

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6468 - Revert logic in Request.setMetaData & clear emptySegment on HttpUri.clear()
• #6464 - Wrong files/lib definitions in certain *-capture.mod files?
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1
• #6418 - Bad and/or missing Require-Capability for osgi.serviceloader
• #6410 - Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
• #6407 - Malformed scheme logical expression check in WebSocket ClientUpgradeRequest
• #6394 - Review osgi manifests within Jetty 11
• #6376 - Cleanups for SslClientCertAuthenticator.
• #6375 - Always check XML Set elements with property attribute
• #6353 - Rename EWYK The AdaptiveExecutionStrategy

10.0.6

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6468 - Revert logic in Request.setMetaData & clear emptySegment on HttpUri.clear()
• #6464 - Wrong files/lib definitions in certain *-capture.mod files?
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1
• #6418 - Bad and/or missing Require-Capability for osgi.serviceloader
• #6410 - Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
• #6407 - Malformed scheme logical expression check in WebSocket ClientUpgradeRequest
• #6394 - Review osgi manifests within Jetty 10
• #6376 - Cleanups for SslClientCertAuthenticator.
• #6375 - Always check XML Set elements with property attribute
• #6353 - Rename EWYK The AdaptiveExecutionStrategy

11.0.5

Changelog

• #6392 - Review accidental xml config changes
• #6379 - Reduce contention in all ByteBufferPool implementations
• #6354 - org.slfj dependency imports packages at 2.0
• #6329 - Regression on graceful shutdown default in Jetty 10
• #6302 - Treat empty path segments are ambiguous.
• #4772 - Jetty WebSocket API onMessage annotation does not support partial messages.

10.0.5

Changelog

• #6392 - Review accidental xml config changes
• #6379 - Reduce contention in all ByteBufferPool implementations
• #6354 - org.slfj dependency imports packages at 2.0
• #6329 - Regression on graceful shutdown default in Jetty 10
• #6302 - Treat empty path segments are ambiguous.
• #4772 - Jetty WebSocket API onMessage annotation does not support partial messages.

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

11.0.4

Special Thanks to the following Eclipse Jetty community members

• @tjwatson (Thomas Watson)

Changelog

• #6354 - org.slfj dependency imports packages at 2.0 (@tjwatson)
• #6347 - session-store-gcloud module broken logging dependency
• #6330 - CustomRequestLog is missing HTTP version format option
• #6305 - Optimise ContextHandler.isProtectedTarget
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #6114 - Jetty Deploy scan / symlink behavior is broken
• #6112 - Jetty logging service file leaking to web applications

10.0.4

Special Thanks to the following Eclipse Jetty community members

• @tjwatson (Thomas Watson)

Changelog

• #6354 - org.slfj dependency imports packages at 2.0 (@tjwatson)
• #6347 - session-store-gcloud module broken logging dependency
• #6330 - CustomRequestLog is missing HTTP version format option
• #6305 - Optimise ContextHandler.isProtectedTarget
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #6114 - Jetty Deploy scan / symlink behavior is broken
• #6112 - Jetty logging service file leaking to web applications