-
-
jetty-9.4.19.v20190610
Tag for release: jetty-9.4.19.v20190610 + 2909 Remove B64Code + 3332 jetty-maven-plugin - transitive dependencies not loaded from "target/classes" + 3498 WebSocket Session.suspend() now suspends incoming frames instead of reads + 3534 Use System nanoTime, not currentTimeMillis for IdleTimeout + 3550 Server becomes unresponsive after sitting idle from a load spike + 3562 InetAccessHandler should be able to apply to a certain port or connector + 3568 Make UserStore able to be started/stopped with its LoginService + 3583 jetty-maven plugin in multi-module-project does not use files from /target/test-classes folder of dependent projects + 3605 IdleTimeout with Jetty HTTP/2 and InputStreamResponseListener + 3608 Reply with 400 Bad request to malformed WebSocket handshake + 3616 Backport WebSocket SessionTracker from Jetty 10 + 3620 Use of `throwUnavailableOnStartupException=true` does not stop Server in jetty-home + 3627 Only renew session id when spnego authentication is fully complete + 3628 NPE in QueuedThreadPool.getReservedThreads() + 3630 X-Forwarded-For missing last hextet for ipv6 + 3633 endpointIdentificationAlgorithm enabled by default jetty-ssl-context.xml + 3653 access control exception if programmatic security manager is used + 3655 Spaces missing on Cookies generated via RFC6265 + 3663 Remove deprecation of HttpClient replacement methods in WebSocketClient + 3680 Bom manages non-existent infinispan-remote and infinispan-embedded dependencies due to config classifier + 3683 Multipart file not deleted when client aborts upload + 3690 Upgrade to asm 7.1 + 3713 Emit warning when invoking deprecated method in Jetty XML + 3715 Improve Log.condensePackage performance + 3722 HttpSessionListener.sessionDestroyed should be able to access webapp classes + 3726 Remove OSGi export uses of servlet-api from jetty-util + 3729 Make creation of java:comp/env threadsafe + 3743 Update XmlConfiguration usage in Jetty to always use Constructors that provide Location information + 3748 @Resource field not injected in Jetty Demo + 3750 NPE in WebSocketClient.toString() + 3751 Modern Configure DTD / FPI is used inconsistently
-
jetty-9.4.18.v20190429
Tag for release: jetty-9.4.18.v20190429 + 3476 IllegalStateException in WebSocket ConnectionState + 3550 Server becomes unresponsive after sitting idle from a load spike + 3563 Update to apache jasper 8.5.40 + 3573 Update jetty-bom for new infinispan artifacts. + 3582 HeapByteBuffer cleared unexpected + 3597 Session persistence broken from 9.4.13+ + 3609 Fix infinispan start module dependencies
-
jetty-9.4.17.v20190418
Tag for release: jetty-9.4.17.v20190418 + 3464 Split SslContextFactory into Client and Server + 3549 Directory Listing on Windows reveals Resource Base path + 3555 DefaultHandler Reveals Base Resource Path of each Context
-
jetty-9.3.27.v20190418
Tag for release: jetty-9.3.27.v20190418 + 3549 Directory Listing on Windows reveals Resource Base path + 3555 DefaultHandler Reveals Base Resource Path of each Context
-
jetty-9.2.28.v20190418
Tag for release: jetty-9.2.28.v20190418 + 3549 Directory Listing on Windows reveals Resource Base path + 3555 DefaultHandler Reveals Base Resource Path of each Context
-
jetty-9.4.16.v20190411
Tag for release: jetty-9.4.16.v20190411 + 1861 Limit total bytes pooled by ByteBufferPools + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException` + 3159 WebSocket permessage-deflate RSV1 validity check + 3274 OSGi versions of java.base classes in org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ + 3319 Modernize Directory Listing: HTML5 and Sorting + 3361 HandlerCollection.addHandler is lacking synchronization + 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder + 3389 Websockets jsr356 willDecode not invoked during decoding + 3394 java.security.acl.Group is deprecated and marked for removal + 3404 Cleanup QuotedQualityCSV internal use of Double + 3411 HttpClient does not timeout during multiple redirection + 3421 Duplicate JSESSIONID sent when invalidating new session + 3422 CLOSE_WAIT socket status forever after terminating websocket client side + 3425 Upgrade conscrypt version to 2.0.0 and remove usage of reflection + 3429 JMX Operation to trigger manual deployment scan in WebAppProvider + 3440 Stop server if Unavailable thrown + 3444 org.eclipse.jetty.http.Http1FieldPreEncoder generates an invalid header byte-array if header is null + 3456 Allow multiple programmatic login/logout in same request + 3464 Split SslContextFactory into Client and Server + 3481 TLS close_notify() is not guaranteed + 3489 Using setExtraClasspath("lib/extra/*") does not work on Microsoft Windows + 3526 HTTP Request Locale not retained in WebsocketUpgrade Request + 3540 Use configured Provider in SslContextFactory consistently + 3545 NullPointerException on ServletOutputStream.print("");
-
jetty-9.2.27.v20190403
Tag for release: jetty-9.2.27.v20190403 + 3319 Refactored Directory Listing to modernize and avoid XSS
-
jetty-9.3.26.v20190403
Tag for release: jetty-9.3.26.v20190403 + 2954 Improve cause reporting for HttpClient failures + 3274 OSGi versions of java.base classes in org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ + 3302 Support host:port in X-Forwarded-For header in ForwardedRequestCustomizer + 3319 Allow reverse sort for directory listed files
-
jetty-9.4.15.v20190215
Tag for release: jetty-9.4.15.v20190215 + 113 Add support for NCSA Extended Log File Format + 150 extraClasspath() method on WebAppContext dont support dir path + 2646 Better handle concurrent calls to change session id and invalidate within a context + 2718 NPE using more than one Endpoint.publish + 2817 Change HttpClient and WebSocketClient default to always have SSL support enabled + 3030 Enforce Content-Encoding check only on parameter extraction + 3038 SSL Connection Leak + 3049 Warn on common SslContextFactory problematic configurations + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException` + 3139 NPE on WebSocketServerContainerInitializer.configureContext(ServletContextHandler) + 3146 ServletContainerInitializer from war WEB-INF/classes not executing + 3154 Add support for javax.net.ssl.HostnameVerifier to HttpClient + 3161 Update to Apache JSP 8.5.35 + 3178 BufferingResponseListener does not clear buffer in onHeaders + 3186 Jetty maven plugin - javax.annotation.jar picked up from jetty plugin rather than from applications classpath + 3202 jetty-maven plugin in multi-module project not using files from /target folders of sister projects + 3207 Async ServletOutputStream print methods + 3210 Threadpool module creates unmanged threadpool + 3212 Client and server need to to treat an incoming HTTP/2 RST_STREAM frame differently + 3234 AuthenticationProtocolHandler should not cache the failed results + 3240 ALPN support for Java 13 + 3241 Missing main manifest attribute in jetty-runner.jar + 3242 Fix WebSocket components dump() + 3278 NullPointerException if base resource is an empty ResourceCollection + 3279 WebSocket write may hang forever + 3302 Support host:port in X-Forwarded-For header in ForwardedRequestCustomizer + 3305 Avoid additional selectNow() on non-Windows runtimes + 3307 WebAppClassLoader loadClass can throw NullPointerException for missing class + 3311 Ability to serve HTTP and HTTPS from the same port + 3317 Improve uncaught exception handler double logging + 3329 Hazelcast delete expired session fails in deserialize + 3350 Do not expect to be able to connect to https URLs with the HttpClient created from a parameterless constructor
-
jetty-9.4.14.v20181114
jetty-9.4.14.v20181114 + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls + 3103 HttpClientLoadTest reports a leak in byte buffer + 3104 Align jetty-schemas version within apache-jsp module as well
-
jetty-9.4.13.v20181111
Tag for release: jetty-9.4.13.v20181111 + 2191 JPMS Support + 2431 Upgrade to Junit 5 + 2691 LdapLoginModule does not find accounts in subtrees + 2702 ArithmeticException in Credentials.stringEquals and .byteEquals + 2718 NPE using more than one Endpoint.publish + 2727 Cleanup behavior of JMX MBean discovery + 2740 Ensure OSGiWebappClassLoader uses bundleloader for all loadClass methods + 2787 Use status code from nested BadMessageException wrapped in ServletException + 2796 HTTP/2 max local stream count exceeded when request fails + 2834 Support Java 11 bytecode during annotation scanning + 2865 Update to apache jasper 8.5.33 + 2868 Adding SPNEGO authentication support for Jetty Client + 2871 HTTP/2 Server reads -1 after client resets stream + 2875 Fix WebSocketClient.connect() hang when attempting to connect at an invalid websocket endpoint + 2886 SNI matching does not work in certain cases when there is only one CN certificate in the keystore + 2901 Introduce HttpConnectionUpgrader as a conversation component in HttpClient + 2903 Avoid Listener instantiation during QuickStart generation + 2906 jetty-maven-plugin run goal adds output directory of reactor project dependencies to classpath without regard for scope + 2912 Requests handled with GzipHandler should remove Content-Encoding and Content-Length headers + 2913 Remove reliance on sun.reflect.Reflection to be compatible with Java 11 + 2936 Error during initial RequestDispatch with bad request query results in failure for ErrorHandler to process + 2941 Upgrade to ASM 7 to support Java 11 bytecode + 2954 Improve cause reporting for HttpClient failures + 2970 Ensure HttpChannel.onComplete is always called + 3018 Improve error handling and logging of min data rate violations + 3023 Wrong non-redirect behaviour with "null" path info + 3030 Enforce Content-Encoding check only on parameter extraction + 3041 Cookies parsing in RFC2965 should allow deprecated comma separators + 3049 Warn on common SslContextFactory problematic configurations + 3054 Update OSGi to ASM 7 + 3090 MBeanContainer throws NPE for arrays + 3092 Wrong classloader used to load *MBean classes
-
jetty-9.3.25.v20180904
Tag for release: jetty-9.3.25.v20180904 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work + 2777 Workaround for Conscrypt's ssl == null + 2787 BadMessageException wrapped as ServletException not handled + 2860 Leakage of HttpDestinations in HttpClient + 2871 Server reads -1 after client resets HTTP/2 stream
-
jetty-9.4.12.v20180830
Tag for release: jetty-9.4.12-SNAPSHOT + 300 Implement Deflater / Inflater Object Pool + 307 Monitor contention in AbstractNCSARequestLog + 321 Remove JaspiAuthenticatorFactory.findServerName(Server, Subject) + 901 Overriding SSL context KeyStoreType requires explicit override of TrustStoreType + 1688 Request with `Content-Encoding: gzip` should not perform parameter extraction + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+ Runtimes + 2075 Deprecating MultiException + 2135 Android 8.1 needs direct buffers for SSL/TLS to work + 2233 JDK9 Test failure: org.eclipse.jetty.server.ThreadStarvationTest.testWriteStarvation[https/ssl/tls] + 2342 File Descriptor Leak: Conscrypt: "Too many open files" + 2349 HTTP/2 max streams enforcement + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed to be overridden by Request.setCharacterEncoding() + 2468 EWYK concurrent produce can fail SSL connections + 2501 Include accepting connections in connection limit. + 2530 Client waits forever for cancelled large uploads + 2560 Review PathResource exception handling + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x + 2592 Failing test on Windows: ServerTimeoutsTest.testAsyncWriteIdleTimeoutFires[transport: HTTP] + 2597 Failing tests on windows UnixSocketTest + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient HEAD Requests to resources referencing large body contents + 2648 LdapLoginModule fails with forceBinding=true under Java 9 + 2655 WebSocketClient not removing closed WebSocket Session's from managed beans + 2662 Remove unnecessary boxing conversions + 2663 Guard Throwable.addSuppressed() calls + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport + 2675 Demo rewrite rules prevent URL Session tracking + 2677 Decode URI before matching against "/favicon.ico" + 2679 HTTP/2 Spec Compliance + 2681 Jetty Hot Deployment Module does not stop exploded webapps after removal from webapps directory + 2683 NPE in FrameFlusher toString() + 2684 MimeTypes.getAssumedEncodings() does not work + 2694 Bad DynamicImport-Package in Websocket Servlet + 2696 GcloudDataStore dependency generation broken + 2706 ResourceService may return 404 for unchanged content + 2711 TLS 1.3 compliance + 2717 Async requests are not considered when shutting down gracefully + 2718 NPE using more than one Endpoint.publish + 2719 property file passed to start.jar is not read + 2720 <property> config tag can't access property values in WebAppContext + 2722 Improve configurability for SETTINGS frames + 2730 Limit concurrent HTTP/2 pushed resources + 2737 HTTP Authentication parameters containing = + 2739 AuthenticationProtocolHandler Multiple Challenge Pattern + 2745 JDBCSessionDataStore schema potential performance issue + 2746 Move jmh classes to a dedicated module and run those daily or weekly + 2749 Graceful shutdown causes repeated 503s on keep-alive connections + 2754 Don't eagerly instantiate @WebListener during annotation scan if it is explicitly referenced in the webapp descriptor as well + 2755 Repeatedly stopping/starting an active HttpClient can result in a stuck ManagedSelector + 2757 Possible double release of HTTP/2 ByteBuffers + 2762 Fix typo in jetty.sh + 2767 WebSocket Policy on JSR356 ClientContainer not represented correctly + 2775 Make LowResourceMonitor extendable + 2777 Workaround for Conscrypt's ssl == null + 2778 Upgrade h2spec-maven-plugin 0.4 + 2787 BadMessageException wrapped as ServletException not handled + 2794 Generate p2 repos for Jetty 9.3.24.v20180605 and Jetty 9.2.25.v20180606 + 2796 Max local stream count exceeded when request fails + 2798 ThreadPoolBudget logs WARN when minThreads == maxThreads (was: Reasoning behind ThreadPoolBudget warning logic change on 3/5/18) + 2807 Exclude TLS_RSA_* ciphers by default + 2811 SslContextFactory.dump incorrectly uses default enabled for determining "jre:disabled" flag + 2817 Change HttpClient and WebSocketClient default to always have SSL support enabled + 2821 AuthenticationProtocolHandler should not always cache Authentication.Result + 2824 Every call to HttpServletRequest.getParameter*() methods results in a newly created Map object if both query and body content exist + 2828 connectionListener of AbstractHTTP2ServerConnectionFactory cause the low performance of concurrent connect of http2 + 2832 Wrong initialization of HTTP/2 UnknownBodyParser + 2835 JarFileResource#lastModified() side effect is URL caching preventing hot redeploy on Windows + 2836 Sequential HTTPS requests may not reuse the same connection + 2844 Clean up webdefault.xml and DefaultServlet doc + 2846 add unit test for ldap module + 2847 Wrap Connection.Listener invocations in try/catch + 2860 Leakage of HttpDestinations in HttpClient + 2871 Server reads -1 after client resets HTTP/2 stream
-
jetty-9.4.12.RC2
Tag for release: jetty-9.4.12.RC2 + 307 Monitor contention in AbstractNCSARequestLog + 901 Overriding SSL context KeyStoreType requires explicit override of TrustStoreType + 1688 Request with `Content-Encoding: gzip` should not perform parameter extraction + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+ Runtimes + 2075 Deprecating MultiException + 2135 Android 8.1 needs direct buffers for SSL/TLS to work + 2342 File Descriptor Leak: Conscrypt: "Too many open files" + 2349 HTTP/2 max streams enforcement + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed to be overridden by Request.setCharacterEncoding() + 2468 EWYK concurrent produce can fail SSL connections + 2501 Include accepting connections in connection limit. + 2530 Client waits forever for cancelled large uploads + 2560 Review PathResource exception handling + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient HEAD Requests to resources referencing large body contents + 2639 Missing p2 repo for Jetty 9.4.11 + 2648 LdapLoginModule fails with forceBinding=true under Java 9 + 2655 WebSocketClient not removing closed WebSocket Session's from managed beans + 2662 Remove unnecessary boxing conversions + 2663 Guard Throwable.addSuppressed() calls + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport + 2675 Demo rewrite rules prevent URL Session tracking + 2677 Decode URI before matching against "/favicon.ico" + 2679 HTTP/2 Spec Compliance + 2683 NPE in FrameFlusher toString() + 2684 MimeTypes.getAssumedEncodings() does not work + 2694 Bad DynamicImport-Package in Websocket Servlet + 2696 GcloudDataStore dependency generation broken + 2706 ResourceService may return 404 for unchanged content + 2717 Async requests are not considered when shutting down gracefully + 2722 Improve configurability for SETTINGS frames + 2730 Limit concurrent HTTP/2 pushed resources + 2737 HTTP Authentication parameters containing = + 2739 AuthenticationProtocolHandler Multiple Challenge Pattern + 2754 Don't eagerly instantiate @WebListener during annotation scan if it is explicitly referenced in the webapp descriptor as well + 2755 ManagedSelector 100% CPU spin + 2757 Possible double release of HTTP/2 ByteBuffers + 2762 Typo in jetty.sh + 2767 WebSocket Policy on JSR356 ClientContainer not represented correctly + 2777 Workaround for Conscrypt's ssl == null exception + 2796 Max local stream count exceeded when request fails
-
jetty-9.2.26.v20180806
Tag for release: 9.2.26.v20180806 + 2777 Workaround for Conscrypt's ssl == null
-
jetty-9.4.12.RC1
Tag for release: jetty-9.4.12.RC1 + 307 Monitor contention in AbstractNCSARequestLog + 901 Overriding SSL context KeyStoreType requires explicit override of TrustStoreType + 1688 Request with `Content-Encoding: gzip` should not perform parameter extraction + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+ Runtimes + 2075 Deprecating MultiException + 2135 Android 8.1 needs direct buffers for SSL/TLS to work + 2342 File Descriptor Leak: Conscrypt: "Too many open files" + 2349 HTTP/2 max streams enforcement + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed to be overridden by Request.setCharacterEncoding() + 2468 EWYK concurrent produce can fail SSL connections + 2501 Include accepting connections in connection limit. + 2530 Client waits forever for cancelled large uploads + 2560 Review PathResource exception handling + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient HEAD Requests to resources referencing large body contents + 2648 LdapLoginModule fails with forceBinding=true under Java 9 + 2655 WebSocketClient not removing closed WebSocket Session's from managed beans + 2662 Remove unnecessary boxing conversions + 2663 Guard Throwable.addSuppressed() calls + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport + 2675 Demo rewrite rules prevent URL Session tracking + 2677 Decode URI before matching against "/favicon.ico" + 2679 HTTP/2 Spec Compliance + 2683 NPE in FrameFlusher toString() + 2684 MimeTypes.getAssumedEncodings() does not work + 2694 Bad DynamicImport-Package in Websocket Servlet + 2696 GcloudDataStore dependency generation broken + 2706 ResourceService may return 404 for unchanged content + 2717 Async requests are not considered when shutting down gracefully + 2722 Improve configurability for SETTINGS frames + 2730 Limit concurrent HTTP/2 pushed resources + 2737 HTTP Authentication parameters containing = + 2755 ManagedSelector 100% CPU spin + 2757 Possible double release of HTTP/2 ByteBuffers
-
jetty-9.4.12.RC0
Tag for release: jetty-9.4.12.RC0 + 901 Overriding SSL context KeyStoreType requires explicit override of TrustStoreType + 2075 Deprecating MultiException + 2342 File Descriptor Leak: Conscrypt: "Too many open files" + 2349 HTTP/2 max streams enforcement + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed to be overridden by Request.setCharacterEncoding() + 2468 EWYK concurrent produce can fail SSL connections + 2501 Include accepting connections in connection limit. + 2530 Client waits forever for cancelled large uploads + 2560 Review PathResource exception handling + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient HEAD Requests to resources referencing large body contents + 2648 LdapLoginModule fails with forceBinding=true under Java 9 + 2655 WebSocketClient not removing closed WebSocket Session's from managed beans + 2662 Unnecessary boxing conversions + 2663 Guard Throwable.addSuppressed() calls + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport + 2675 Demo rewrite rules prevent URL Session tracking + 2677 Decode URI before matching against "/favicon.ico" + 2683 NPE in FrameFlusher toString() + 2684 MimeTypes.getAssumedEncodings() does not work + 2694 Bad DynamicImport-Package in Websocket Servlet + 2696 GcloudDataStore dependency generation broken + 2717 Async requests are not considered when shutting down gracefully
-
jetty-9.4.8.v20180619
Tag for release: jetty-9.4.8.v20180619 + 2102 Backport FileSessionDataStore
-
jetty-9.4.7.v20180619
Tag for release: jetty-9.4.7.v20180619 + 2102 Backport FileSessionDataStore