Tag for release: jetty-9.4.19.v20190610
 + 2909 Remove B64Code
 + 3332 jetty-maven-plugin - transitive dependencies not loaded from
   "target/classes"
 + 3498 WebSocket Session.suspend() now suspends incoming frames instead
   of reads
 + 3534 Use System nanoTime, not currentTimeMillis for IdleTimeout
 + 3550 Server becomes unresponsive after sitting idle from a load spike
 + 3562 InetAccessHandler should be able to apply to a certain port or
   connector
 + 3568 Make UserStore able to be started/stopped with its LoginService
 + 3583 jetty-maven plugin in multi-module-project does not use files from
   /target/test-classes folder of dependent projects
 + 3605 IdleTimeout with Jetty HTTP/2 and InputStreamResponseListener
 + 3608 Reply with 400 Bad request to malformed WebSocket handshake
 + 3616 Backport WebSocket SessionTracker from Jetty 10
 + 3620 Use of `throwUnavailableOnStartupException=true` does not stop Server
   in jetty-home
 + 3627 Only renew session id when spnego authentication is fully complete
 + 3628 NPE in QueuedThreadPool.getReservedThreads()
 + 3630 X-Forwarded-For missing last hextet for ipv6
 + 3633 endpointIdentificationAlgorithm enabled by default
   jetty-ssl-context.xml
 + 3653 access control exception if programmatic security manager is used
 + 3655 Spaces missing on Cookies generated via RFC6265
 + 3663 Remove deprecation of HttpClient replacement methods in WebSocketClient
 + 3680 Bom manages non-existent infinispan-remote and infinispan-embedded
   dependencies due to config classifier
 + 3683 Multipart file not deleted when client aborts upload
 + 3690 Upgrade to asm 7.1
 + 3713 Emit warning when invoking deprecated method in Jetty XML
 + 3715 Improve Log.condensePackage performance
 + 3722 HttpSessionListener.sessionDestroyed should be able to access webapp
   classes
 + 3726 Remove OSGi export uses of servlet-api from jetty-util
 + 3729 Make creation of java:comp/env threadsafe
 + 3743 Update XmlConfiguration usage in Jetty to always use Constructors that
   provide Location information
 + 3748 @Resource field not injected in Jetty Demo
 + 3750 NPE in WebSocketClient.toString()
 + 3751 Modern Configure DTD / FPI is used inconsistently

Tag for release: jetty-9.4.18.v20190429

 + 3476 IllegalStateException in WebSocket ConnectionState
 + 3550 Server becomes unresponsive after sitting idle from a load spike
 + 3563 Update to apache jasper 8.5.40
 + 3573 Update jetty-bom for new infinispan artifacts.
 + 3582 HeapByteBuffer cleared unexpected
 + 3597 Session persistence broken from 9.4.13+
 + 3609 Fix infinispan start module dependencies

Tag for release: jetty-9.4.17.v20190418

 + 3464 Split SslContextFactory into Client and Server
 + 3549 Directory Listing on Windows reveals Resource Base path
 + 3555 DefaultHandler Reveals Base Resource Path of each Context

Tag for release: jetty-9.3.27.v20190418

 + 3549 Directory Listing on Windows reveals Resource Base path
 + 3555 DefaultHandler Reveals Base Resource Path of each Context

Tag for release: jetty-9.2.28.v20190418

 + 3549 Directory Listing on Windows reveals Resource Base path
 + 3555 DefaultHandler Reveals Base Resource Path of each Context

Tag for release: jetty-9.4.16.v20190411

 + 1861 Limit total bytes pooled by ByteBufferPools
 + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException`
 + 3159 WebSocket permessage-deflate RSV1 validity check
 + 3274 OSGi versions of java.base classes in
   org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
 + 3319 Modernize Directory Listing: HTML5 and Sorting
 + 3361 HandlerCollection.addHandler is lacking synchronization
 + 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder
 + 3389 Websockets jsr356 willDecode not invoked during decoding
 + 3394 java.security.acl.Group is deprecated and marked for removal
 + 3404 Cleanup QuotedQualityCSV internal use of Double
 + 3411 HttpClient does not timeout during multiple redirection
 + 3421 Duplicate JSESSIONID sent when invalidating new session
 + 3422 CLOSE_WAIT socket status forever after terminating websocket client
   side
 + 3425 Upgrade conscrypt version to 2.0.0 and remove usage of reflection
 + 3429 JMX Operation to trigger manual deployment scan in WebAppProvider
 + 3440 Stop server if Unavailable thrown
 + 3444 org.eclipse.jetty.http.Http1FieldPreEncoder generates an invalid header
   byte-array if header is null
 + 3456 Allow multiple programmatic login/logout in same request
 + 3464 Split SslContextFactory into Client and Server
 + 3481 TLS close_notify() is not guaranteed
 + 3489 Using setExtraClasspath("lib/extra/*") does not work on Microsoft
   Windows
 + 3526 HTTP Request Locale not retained in WebsocketUpgrade Request
 + 3540 Use configured Provider in SslContextFactory consistently
 + 3545 NullPointerException on ServletOutputStream.print("");

Tag for release: jetty-9.2.27.v20190403

 + 3319 Refactored Directory Listing to modernize and avoid XSS

Tag for release: jetty-9.3.26.v20190403

 + 2954 Improve cause reporting for HttpClient failures
 + 3274 OSGi versions of java.base classes in
   org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
 + 3302 Support host:port in X-Forwarded-For header in
   ForwardedRequestCustomizer
 + 3319 Allow reverse sort for directory listed files

Tag for release: jetty-9.4.15.v20190215

 + 113 Add support for NCSA Extended Log File Format
 + 150 extraClasspath() method on WebAppContext dont support dir path
 + 2646 Better handle concurrent calls to change session id and invalidate
   within a context
 + 2718 NPE using more than one Endpoint.publish
 + 2817 Change HttpClient and WebSocketClient default to always have SSL
   support enabled
 + 3030 Enforce Content-Encoding check only on parameter extraction
 + 3038 SSL Connection Leak
 + 3049 Warn on common SslContextFactory problematic configurations
 + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException`
 + 3139 NPE on
   WebSocketServerContainerInitializer.configureContext(ServletContextHandler)
 + 3146 ServletContainerInitializer from war WEB-INF/classes not executing
 + 3154 Add support for javax.net.ssl.HostnameVerifier to HttpClient
 + 3161 Update to Apache JSP 8.5.35
 + 3178 BufferingResponseListener does not clear buffer in onHeaders
 + 3186 Jetty maven plugin - javax.annotation.jar picked up from jetty plugin
   rather than from applications classpath
 + 3202 jetty-maven plugin in multi-module project not using files from /target
   folders of sister projects
 + 3207 Async ServletOutputStream print methods
 + 3210 Threadpool module creates unmanged threadpool
 + 3212 Client and server need to to treat an incoming HTTP/2 RST_STREAM frame
   differently
 + 3234 AuthenticationProtocolHandler should not cache the failed results
 + 3240 ALPN support for Java 13
 + 3241 Missing main manifest attribute in jetty-runner.jar
 + 3242 Fix WebSocket components dump()
 + 3278 NullPointerException if base resource is an empty ResourceCollection
 + 3279 WebSocket write may hang forever
 + 3302 Support host:port in X-Forwarded-For header in
   ForwardedRequestCustomizer
 + 3305 Avoid additional selectNow() on non-Windows runtimes
 + 3307 WebAppClassLoader loadClass can throw NullPointerException for missing
   class
 + 3311 Ability to serve HTTP and HTTPS from the same port
 + 3317 Improve uncaught exception handler double logging
 + 3329 Hazelcast delete expired session fails in deserialize
 + 3350 Do not expect to be able to connect to https URLs with the HttpClient
   created from a parameterless constructor

jetty-9.4.14.v20181114

 + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls
 + 3103 HttpClientLoadTest reports a leak in byte buffer
 + 3104 Align jetty-schemas version within apache-jsp module as well

Tag for release: jetty-9.4.13.v20181111

 + 2191 JPMS Support
 + 2431 Upgrade to Junit 5
 + 2691 LdapLoginModule does not find accounts in subtrees
 + 2702 ArithmeticException in Credentials.stringEquals and .byteEquals
 + 2718 NPE using more than one Endpoint.publish
 + 2727 Cleanup behavior of JMX MBean discovery
 + 2740 Ensure OSGiWebappClassLoader uses bundleloader for all loadClass
   methods
 + 2787 Use status code from nested BadMessageException wrapped in
   ServletException
 + 2796 HTTP/2 max local stream count exceeded when request fails
 + 2834 Support Java 11 bytecode during annotation scanning
 + 2865 Update to apache jasper 8.5.33
 + 2868 Adding SPNEGO authentication support for Jetty Client
 + 2871 HTTP/2 Server reads -1 after client resets stream
 + 2875 Fix WebSocketClient.connect() hang when attempting to connect at an
   invalid websocket endpoint
 + 2886 SNI matching does not work in certain cases when there is only one CN
   certificate in the keystore
 + 2901 Introduce HttpConnectionUpgrader as a conversation component in
   HttpClient
 + 2903 Avoid Listener instantiation during QuickStart generation
 + 2906 jetty-maven-plugin run goal adds output directory of reactor project
   dependencies to classpath without regard for scope
 + 2912 Requests handled with GzipHandler should remove Content-Encoding and
   Content-Length headers
 + 2913 Remove reliance on sun.reflect.Reflection to be compatible with Java 11
 + 2936 Error during initial RequestDispatch with bad request query results in
   failure for ErrorHandler to process
 + 2941 Upgrade to ASM 7 to support Java 11 bytecode
 + 2954 Improve cause reporting for HttpClient failures
 + 2970 Ensure HttpChannel.onComplete is always called
 + 3018 Improve error handling and logging of min data rate violations
 + 3023 Wrong non-redirect behaviour with "null" path info
 + 3030 Enforce Content-Encoding check only on parameter extraction
 + 3041 Cookies parsing in RFC2965 should allow deprecated comma separators
 + 3049 Warn on common SslContextFactory problematic configurations
 + 3054 Update OSGi to ASM 7
 + 3090 MBeanContainer throws NPE for arrays
 + 3092 Wrong classloader used to load *MBean classes

Tag for release: jetty-9.3.25.v20180904

 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2777 Workaround for Conscrypt's ssl == null
 + 2787 BadMessageException wrapped as ServletException not handled
 + 2860 Leakage of HttpDestinations in HttpClient
 + 2871 Server reads -1 after client resets HTTP/2 stream

Tag for release: jetty-9.4.12-SNAPSHOT

 + 300 Implement Deflater / Inflater Object Pool
 + 307 Monitor contention in AbstractNCSARequestLog
 + 321 Remove JaspiAuthenticatorFactory.findServerName(Server, Subject)
 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 1688 Request with `Content-Encoding: gzip` should not perform parameter
   extraction
 + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+
   Runtimes
 + 2075 Deprecating MultiException
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2233 JDK9 Test failure:
   org.eclipse.jetty.server.ThreadStarvationTest.testWriteStarvation[https/ssl/tls]
 + 2342 File Descriptor Leak: Conscrypt: "Too many open files"
 + 2349 HTTP/2 max streams enforcement
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2501 Include accepting connections in connection limit.
 + 2530 Client waits forever for cancelled large uploads
 + 2560 Review PathResource exception handling
 + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
 + 2592 Failing test on Windows:
   ServerTimeoutsTest.testAsyncWriteIdleTimeoutFires[transport: HTTP]
 + 2597 Failing tests on windows UnixSocketTest
 + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
   HEAD Requests to resources referencing large body contents
 + 2648 LdapLoginModule fails with forceBinding=true under Java 9
 + 2655 WebSocketClient not removing closed WebSocket Session's from managed
   beans
 + 2662 Remove unnecessary boxing conversions
 + 2663 Guard Throwable.addSuppressed() calls
 + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport
 + 2675 Demo rewrite rules prevent URL Session tracking
 + 2677 Decode URI before matching against "/favicon.ico"
 + 2679 HTTP/2 Spec Compliance
 + 2681 Jetty Hot Deployment Module does not stop exploded webapps after
   removal from webapps directory
 + 2683 NPE in FrameFlusher toString()
 + 2684 MimeTypes.getAssumedEncodings() does not work
 + 2694 Bad DynamicImport-Package in Websocket Servlet
 + 2696 GcloudDataStore dependency generation broken
 + 2706 ResourceService may return 404 for unchanged content
 + 2711 TLS 1.3 compliance
 + 2717 Async requests are not considered when shutting down gracefully
 + 2718 NPE using more than one Endpoint.publish
 + 2719 property file passed to start.jar is not read
 + 2720 <property> config tag can't access property values in WebAppContext
 + 2722 Improve configurability for SETTINGS frames
 + 2730 Limit concurrent HTTP/2 pushed resources
 + 2737 HTTP Authentication parameters containing =
 + 2739 AuthenticationProtocolHandler Multiple Challenge Pattern
 + 2745 JDBCSessionDataStore schema potential performance issue
 + 2746 Move jmh classes to a dedicated module and run those daily or weekly
 + 2749 Graceful shutdown causes repeated 503s on keep-alive connections
 + 2754 Don't eagerly instantiate @WebListener during annotation scan if it is
   explicitly referenced in the webapp descriptor as well
 + 2755 Repeatedly stopping/starting an active HttpClient can result in a stuck
   ManagedSelector
 + 2757 Possible double release of HTTP/2 ByteBuffers
 + 2762 Fix typo in jetty.sh
 + 2767 WebSocket Policy on JSR356 ClientContainer not represented correctly
 + 2775 Make LowResourceMonitor extendable
 + 2777 Workaround for Conscrypt's ssl == null
 + 2778 Upgrade h2spec-maven-plugin 0.4
 + 2787 BadMessageException wrapped as ServletException not handled
 + 2794 Generate p2 repos for Jetty 9.3.24.v20180605 and Jetty 9.2.25.v20180606
 + 2796 Max local stream count exceeded when request fails
 + 2798 ThreadPoolBudget logs WARN when minThreads == maxThreads (was:
   Reasoning behind ThreadPoolBudget warning logic change on 3/5/18)
 + 2807 Exclude TLS_RSA_* ciphers by default
 + 2811 SslContextFactory.dump incorrectly uses default enabled for determining
   "jre:disabled" flag
 + 2817 Change HttpClient and WebSocketClient default to always have SSL
   support enabled
 + 2821 AuthenticationProtocolHandler should not always cache
   Authentication.Result
 + 2824 Every call to HttpServletRequest.getParameter*() methods results in a
   newly created Map object if both query and body content exist
 + 2828 connectionListener of AbstractHTTP2ServerConnectionFactory cause the
   low performance of concurrent connect of http2
 + 2832 Wrong initialization of HTTP/2 UnknownBodyParser
 + 2835 JarFileResource#lastModified() side effect is URL caching preventing
   hot redeploy on Windows
 + 2836 Sequential HTTPS requests may not reuse the same connection
 + 2844 Clean up webdefault.xml and DefaultServlet doc
 + 2846 add unit test for ldap module
 + 2847 Wrap Connection.Listener invocations in try/catch
 + 2860 Leakage of HttpDestinations in HttpClient
 + 2871 Server reads -1 after client resets HTTP/2 stream

Tag for release: jetty-9.4.12.RC2

 + 307 Monitor contention in AbstractNCSARequestLog
 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 1688 Request with `Content-Encoding: gzip` should not perform parameter
   extraction
 + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+
   Runtimes
 + 2075 Deprecating MultiException
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2342 File Descriptor Leak: Conscrypt: "Too many open files"
 + 2349 HTTP/2 max streams enforcement
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2501 Include accepting connections in connection limit.
 + 2530 Client waits forever for cancelled large uploads
 + 2560 Review PathResource exception handling
 + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
 + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
   HEAD Requests to resources referencing large body contents
 + 2639 Missing p2 repo for Jetty 9.4.11
 + 2648 LdapLoginModule fails with forceBinding=true under Java 9
 + 2655 WebSocketClient not removing closed WebSocket Session's from managed
   beans
 + 2662 Remove unnecessary boxing conversions
 + 2663 Guard Throwable.addSuppressed() calls
 + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport
 + 2675 Demo rewrite rules prevent URL Session tracking
 + 2677 Decode URI before matching against "/favicon.ico"
 + 2679 HTTP/2 Spec Compliance
 + 2683 NPE in FrameFlusher toString()
 + 2684 MimeTypes.getAssumedEncodings() does not work
 + 2694 Bad DynamicImport-Package in Websocket Servlet
 + 2696 GcloudDataStore dependency generation broken
 + 2706 ResourceService may return 404 for unchanged content
 + 2717 Async requests are not considered when shutting down gracefully
 + 2722 Improve configurability for SETTINGS frames
 + 2730 Limit concurrent HTTP/2 pushed resources
 + 2737 HTTP Authentication parameters containing =
 + 2739 AuthenticationProtocolHandler Multiple Challenge Pattern
 + 2754 Don't eagerly instantiate @WebListener during annotation scan if it
   is explicitly referenced in the webapp descriptor as well
 + 2755 ManagedSelector 100% CPU spin
 + 2757 Possible double release of HTTP/2 ByteBuffers
 + 2762 Typo in jetty.sh
 + 2767 WebSocket Policy on JSR356 ClientContainer not represented correctly
 + 2777 Workaround for Conscrypt's ssl == null exception
 + 2796 Max local stream count exceeded when request fails

Tag for release: 9.2.26.v20180806

 + 2777 Workaround for Conscrypt's ssl == null

Tag for release: jetty-9.4.12.RC1

 + 307 Monitor contention in AbstractNCSARequestLog
 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 1688 Request with `Content-Encoding: gzip` should not perform parameter
   extraction
 + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+
   Runtimes
 + 2075 Deprecating MultiException
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2342 File Descriptor Leak: Conscrypt: "Too many open files"
 + 2349 HTTP/2 max streams enforcement
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2501 Include accepting connections in connection limit.
 + 2530 Client waits forever for cancelled large uploads
 + 2560 Review PathResource exception handling
 + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
 + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
   HEAD Requests to resources referencing large body contents
 + 2648 LdapLoginModule fails with forceBinding=true under Java 9
 + 2655 WebSocketClient not removing closed WebSocket Session's from managed
   beans
 + 2662 Remove unnecessary boxing conversions
 + 2663 Guard Throwable.addSuppressed() calls
 + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport
 + 2675 Demo rewrite rules prevent URL Session tracking
 + 2677 Decode URI before matching against "/favicon.ico"
 + 2679 HTTP/2 Spec Compliance
 + 2683 NPE in FrameFlusher toString()
 + 2684 MimeTypes.getAssumedEncodings() does not work
 + 2694 Bad DynamicImport-Package in Websocket Servlet
 + 2696 GcloudDataStore dependency generation broken
 + 2706 ResourceService may return 404 for unchanged content
 + 2717 Async requests are not considered when shutting down gracefully
 + 2722 Improve configurability for SETTINGS frames
 + 2730 Limit concurrent HTTP/2 pushed resources
 + 2737 HTTP Authentication parameters containing =
 + 2755 ManagedSelector 100% CPU spin
 + 2757 Possible double release of HTTP/2 ByteBuffers

Tag for release: jetty-9.4.12.RC0

 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 2075 Deprecating MultiException
 + 2342 File Descriptor Leak: Conscrypt: "Too many open files"
 + 2349 HTTP/2 max streams enforcement
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2501 Include accepting connections in connection limit.
 + 2530 Client waits forever for cancelled large uploads
 + 2560 Review PathResource exception handling
 + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
 + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
   HEAD Requests to resources referencing large body contents
 + 2648 LdapLoginModule fails with forceBinding=true under Java 9
 + 2655 WebSocketClient not removing closed WebSocket Session's from managed
   beans
 + 2662 Unnecessary boxing conversions
 + 2663 Guard Throwable.addSuppressed() calls
 + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport
 + 2675 Demo rewrite rules prevent URL Session tracking
 + 2677 Decode URI before matching against "/favicon.ico"
 + 2683 NPE in FrameFlusher toString()
 + 2684 MimeTypes.getAssumedEncodings() does not work
 + 2694 Bad DynamicImport-Package in Websocket Servlet
 + 2696 GcloudDataStore dependency generation broken
 + 2717 Async requests are not considered when shutting down gracefully

Tag for release: jetty-9.4.8.v20180619

 + 2102 Backport FileSessionDataStore

Tag for release: jetty-9.4.7.v20180619

 + 2102 Backport FileSessionDataStore