Skip to content

Commit

Permalink
Support Jetty 12
Browse files Browse the repository at this point in the history 
- Jetty versions from 7.0.0 up to 12.0.11 are affected by CVE-2024-6763 (Eclipse Jetty URI parsing of invalid authority).
- http4s 0.22's http4s-jetty uses Jetty 9.
- Jetty 9's community support ended in June 2022.
- Community support for Jetty 10 and Jetty 11 ended in January 2024.
- To solve the issue, http4s has to use Jetty 12, the current stable version.
- Updating the 0.22 version instead of 0.23 is for those who cannot use 0.23 as they are inextricably bound to cats-effect 2.
- Jetty 12 requires Java 17, so dropping support for Java 8 and 11 is necessary.
  • Loading branch information
@kevin-lee
kevin-lee committed Nov 12, 2024
1 parent 302d16f commit b5129ec
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 71 deletions.
104 changes: 34 additions & 70 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,35 +29,26 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-latest]
scala: [3.3.4, 2.12.18, 2.13.11]
java: [temurin@17, temurin@21]
scala: ["3.3.4", "2.12.18", "2.13.11"]
java:
- { java-version: "17", java-distribution: "temurin" }
runs-on: ${{ matrix.os }}
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java (temurin@17)
if: matrix.java == 'temurin@17'
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 17
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Setup Java (temurin@21)
if: matrix.java == 'temurin@21'
- name: Setup Java (${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }})
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 21
distribution: ${{ matrix.java.java-distribution }}
java-version: ${{ matrix.java.java-version }}
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Check that workflows are up to date
run: sbt '++${{ matrix.scala }}!' 'project /' githubWorkflowCheck
# - name: Check that workflows are up to date
# run: sbt '++${{ matrix.scala }}!' 'project /' githubWorkflowCheck

- name: Test
run: sbt '++${{ matrix.scala }}!' test
Expand Down Expand Up @@ -86,7 +77,7 @@ jobs:
if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/series/0.22')
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-${{ matrix.scala }}
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-${{ matrix.scala }}
path: targets.tar

publish:
Expand All @@ -97,36 +88,27 @@ jobs:
matrix:
os: [ubuntu-latest]
scala: [2.13.11]
java: [temurin@17]
java:
- { java-version: "17", java-distribution: "temurin" }
runs-on: ${{ matrix.os }}
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java (temurin@17)
if: matrix.java == 'temurin@17'
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 17
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Setup Java (temurin@21)
if: matrix.java == 'temurin@21'
- name: Setup Java (${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }})
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 21
distribution: ${{ matrix.java.java-distribution }}
java-version: ${{ matrix.java.java-version }}
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Download target directories (3.3.4)
uses: actions/download-artifact@v2
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-3.3.4
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-3.3.4

- name: Inflate target directories (3.3.4)
run: |
Expand All @@ -136,7 +118,7 @@ jobs:
- name: Download target directories (2.12.18)
uses: actions/download-artifact@v2
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-2.12.18
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-2.12.18

- name: Inflate target directories (2.12.18)
run: |
Expand All @@ -146,7 +128,7 @@ jobs:
- name: Download target directories (2.13.11)
uses: actions/download-artifact@v2
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-2.13.11
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-2.13.11

- name: Inflate target directories (2.13.11)
run: |
Expand All @@ -156,7 +138,7 @@ jobs:
- name: Download target directories (2.13.11)
uses: actions/download-artifact@v2
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-2.13.11
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-2.13.11

- name: Inflate target directories (2.13.11)
run: |
Expand All @@ -166,7 +148,7 @@ jobs:
- name: Download target directories (2.13.11)
uses: actions/download-artifact@v2
with:
name: target-${{ matrix.os }}-${{ matrix.java }}-2.13.11
name: target-${{ matrix.os }}-${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }}-2.13.11

- name: Inflate target directories (2.13.11)
run: |
Expand All @@ -192,30 +174,21 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest]
scala: [3.3.4, 2.12.18, 2.13.11]
java: [temurin@17]
scala: ["3.3.4", "2.12.18", "2.13.11"]
java:
- { java-version: "17", java-distribution: "temurin" }
runs-on: ${{ matrix.os }}
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java (temurin@17)
if: matrix.java == 'temurin@17'
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 17
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Setup Java (temurin@21)
if: matrix.java == 'temurin@21'
- name: Setup Java (${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }})
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 21
distribution: ${{ matrix.java.java-distribution }}
java-version: ${{ matrix.java.java-version }}
cache: 'sbt'
- uses: sbt/setup-sbt@v1

Expand All @@ -231,29 +204,20 @@ jobs:
matrix:
os: [ubuntu-latest]
scala: [2.13.11]
java: [temurin@17]
java:
- { java-version: "17", java-distribution: "temurin" }
runs-on: ${{ matrix.os }}
steps:
- name: Checkout current branch (full)
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java (temurin@17)
if: matrix.java == 'temurin@17'
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 17
cache: 'sbt'
- uses: sbt/setup-sbt@v1

- name: Setup Java (temurin@21)
if: matrix.java == 'temurin@21'
- name: Setup Java (${{ matrix.java.java-distribution }}@${{ matrix.java.java-version }})
uses: actions/setup-java@v4.4.0
with:
distribution: temurin
java-version: 21
distribution: ${{ matrix.java.java-distribution }}
java-version: ${{ matrix.java.java-version }}
cache: 'sbt'
- uses: sbt/setup-sbt@v1

Expand Down
2 changes: 1 addition & 1 deletion scalafix/build.sbt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
lazy val V = _root_.scalafix.sbt.BuildInfo
lazy val scalafixVersion = org.http4s.sbt.Http4sPlugin.V.scalafix
lazy val scalafixVersion = _root_.org.http4s.sbt.Http4sPlugin.V.scalafix
//lazy val scalafixVersion = V.scalafixVersion
lazy val outputVersion = "0.22.7"
inThisBuild(
Expand Down

0 comments on commit b5129ec

Please sign in to comment.