forked from jetty/jetty.project
-
Notifications
You must be signed in to change notification settings - Fork 0
/
VERSION.txt
11977 lines (11360 loc) · 564 KB
/
VERSION.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
jetty-10.0.10
jetty-10.0.9 - 30 March 2022
+ 5681 Unrecognized jetty-home/start.jar command line option not reported
clearly
+ 5965 Option --write-module-graph produces wrong .dot file
+ 6879 Remove jminix (not maintained) module as hawtio provide same features
+ 7182 jetty.sh start process should remove jetty_state whenever deleting the
pid
+ 7344 Incompatible with jacoco due to shutdown race condition
+ 7414 QoSFilter.setMaxRequests throws NullPointerException
+ 7513 Getter/setter type mismatch for mbean attribute file in class
org.eclipse.jetty.deploy.PropertiesConfigurationManager
+ 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very
large entry
+ 7518 ArrayTrie getBest fails to match the empty string entry in certain
cases
+ 7545 Named arguments do not work in jetty-openid.xml
+ 7548 Interrupt flag is not always cleared in between requests
+ 7567 Gzip compression not working for multipart/form-data when added to the
allowed list using addIncludedMimeTypes.
+ 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer"
+ 7575 Misleading docs for `HttpClientTransportDynamic`
+ 7613 Configurations.add(Configuration) results in
UnsupportedOperationException
+ 7615 HttpServletResponse.encodeURL not working for URLs starting with ../
+ 7617 Logback-access RequestLog not working
+ 7625 HTTP/3 error against www.google.com
+ 7677 jetty-maven-plugin - maven internal dependencies included on webapp
classloader
+ 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and
always uses non-direct buffers (causing GC locking)
+ 7688 Read data to native memory from HttpInput
+ 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
allow for regex or uri-template matching
jetty-10.0.8 - 07 February 2022
+ 2504 Expose more WebSocket details in JMX and Server Dump
+ 4275 Path Normalization/Traversal - Context Matching
+ 4317 EventSource does not work with GzipHandler
+ 6017 Property overriding does not work
+ 6282 SecuredRedirectHandler should probably redirect with 301
+ 6497 Replace SameFileAliasChecker
+ 6728 QUIC and HTTP/3
+ 6730 HTTP3: update Quiche to 0.9.0
+ 6965 Expose Spec `ServerContainer.upgrade()` API
+ 6973 Jetty starts consuming CPU that remains high even without any traffic
+ 6974 Major websocket memory change in 9.4.36
+ 6980 ELContextCleaner failed because cannot access a member of class
javax.el.BeanELResolver with modifiers "private static final"
+ 6987 jetty-unixdomain-server is missing from jetty-bom
+ 6990 UnixDomainServerConnector throws misleading exception on invalid socket
path
+ 7008 Problem with jetty.sh start regression 10.0.6 -> 10.0.7 when using
JETTY_USER
+ 7012 Remove all old geronimo spec jars from jetty-10
+ 7031 ResponseWriter.println(char) does not print newline
+ 7042 Simplify configuration to use different OpenIdConfiguration per webapp
+ 7059 NPE in AllowedResourceAliasChecker.getPath()
+ 7063 Simplify command line use of org.eclipse.jetty.util.Password
+ 7064 Cleanup or clarify `(null)` in output of `--list-config`
+ 7086 WebSocket: java.lang.IllegalStateException: already released
RetainableByteBuffer
+ 7103 Rework LaF of distro landing page
+ 7107 Client timeout and async close exceptions when setting max duration on
pool
+ 7109 Deprecate UnixSocket JNR support
+ 7111 Add support to deprecate jetty-home modules
+ 7113 Improve Unix-Domain client documentation
+ 7124 Add default methods on LifeCycle.Listener interface
+ 7131 Use Charset instead of encoding string where possible
+ 7157 Multiplexed connection pools retain CLOSED entries
+ 7160 HttpURI considers %25 to be ambiguous, preventing access to static
resources with % in their name
+ 7240 Clarify and javadoc InvocationType
+ 7243 Reset pooled ByteBuffer endianness
+ 7262 Allow the SerlvetHandler.getFilterChain method to be overridden
+ 7277 Allow override of `ServletRequest.getLocalName()` and `.getLocalPort()`
in post-intermediary scenarios
+ 7280 Interceptors don't get destroyed in HttpInput
+ 7281 EOFs are not passed to interceptors any more - shouldn't they?
+ 7284 HttpInput reopen/recycle cleanup
+ 7297 Deprecate log4j 1.x support
+ 7313 addBean(_attributes); only called in the Convenience constructor of
org.eclipse.jetty.server.Server
+ 7327 jetty-slf4j-impl missing from BOM
+ 7348 Slow CONNECT request causes NPE
+ 7351 Large WebSocket payloads with permessage-deflate hang on 10.0.7
+ 7354 Demo jars should not be in jetty-home
+ 7369 Document CustomRequestLog
+ 7375 Some environments require Request scoping during session save
+ 7435 Investigate Infinispan transitive dependencies
+ 7496 Transient 400: Bad Request responses in jetty-9.4.45.v20220128
+ 7514 Adding InheritedListeners to already-started components can cause
IllegalStateException
+ 7523 Typo in AnnotationConfiguration
+ 7524 Missing package in JmxConfiguration
+ 7529 Upgrade quiche to version 0.11.0
jetty-9.4.45.v20220203 - 03 February 2022
+ 4275 Path Normalization/Traversal - Context Matching
+ 6497 Replace SameFileAliasChecker
+ 6687 Upgrade Infinispan in all active Jetty branches
+ 6965 Expose Spec `ServerContainer.upgrade()` API
+ 6969 Getting 404 failures when trying to enable `logging-log4j` module
+ 6974 Major websocket memory change in 9.4.36
+ 7031 ResponseWriter.println(char) does not print newline
+ 7059 NPE in AllowedResourceAliasChecker.getPath()
+ 7073 Error in parse parameter in broken UTF-8 encoding
+ 7078 CompressionPools are not shared between multiple contexts for 9.4
WebSocket
+ 7107 Client timeout and async close exceptions when setting max duration on
pool
+ 7124 Add default methods on LifeCycle.Listener interface
+ 7157 Multiplexed connection pools retain CLOSED entries
+ 7243 Reset pooled ByteBuffer endianness
+ 7266 Wrong ALPN jars are selected for newer versions of JDK8
+ 7271 It is necessary to set MAX_CAPACITY to ArrayTernaryTrie/ArrayTrie
+ 7277 Allow override of `ServletRequest.getLocalName()` and `.getLocalPort()`
in post-intermediary scenarios
+ 7297 Deprecate log4j 1.x support
+ 7348 Slow CONNECT request causes NPE
+ 7375 Some environments require Request scoping during session save
+ 7435 Investigate Infinispan transitive dependencies
+ 7440 ContextHandler.getAliasChecks() breaks Spring Boot
+ 7496 Transient 400: Bad Request responses in jetty-9.4.45.v20220128
jetty-10.0.7 - 06 October 2021
+ 3514 Use interpolation of versions from pom in mod files
+ 6043 Reimplement UnixSocket support based on Java 16
+ 6322 Use `RetainableByteBuffer` in `HttpConnection`
+ 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond
+ 6372 Review socket options configuration
+ 6403 Deploy a maven based p2-updatesite
+ 6406 Jetty Jaspi module not compatible with Jakarta EE 9 (Jakarta
Authentication)
+ 6476 Show message if JVM args are present but new JVM is spawned based on
active modules
+ 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing
libraries to use
+ 6489 Some URI valid compliance modes cannot be set in .ini file
+ 6491 onDataAvailable() not called when HttpParser is closed prematurely
+ 6497 Replace SameFileAliasChecker
+ 6520 Error page has HTML error when writePoweredBy is enabled
+ 6544 Using jetty.gzip.excludedMimeTypeList property results in an error
+ 6545 image/webp MIME type support
+ 6552 FileBufferedInterceptor.dispose not working due to locked file
+ 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
+ 6554 Allow creation of DefaultIdentityService without realmName
+ 6556 MemcachedSessionDataMap needs to set the context classloader before
serialization/deseriazliation.
+ 6558 Allow to configure return type in JSON array parsing
+ 6562 HttpOutput.write(ByteBuffer buffer)
+ 6565 Improve deployment of symlinked webapplications
+ 6566 High CPU use due to new thread created on every websocket message in
DispatchedMessageSink
+ 6601 jetty-websocket-core not usable standalone, only with
websocket-javax-server or websocket-jetty-server
+ 6602 SessionTracker memory leak on WebSockets that close immediately
+ 6603 HTTP/2 max local stream count exceeded
+ 6617 Add basic auth support for OpenId token endpoint (client_secret_basic)
+ 6618 ID token `azp` claim should not be required if `aud` is single value
array
+ 6642 WebSocket handling of Connection: upgrade,close
+ 6646 Deadlock in HTTP2Flusher when using a small thread pool due to
incorrect InvocableType
+ 6652 Improve ReservedThreadExecutor dump
+ 6654 ServerUpgradeRequest.getCookies() can throws NullPointerException
+ 6661 Some SocketOptions not supported on Windows
+ 6677 Update to apache jasper 9.0.52
+ 6687 Upgrade Infinispan in all active Jetty branches
+ 6693 FastCGI review
+ 6696 High WebSocket memory usage in Jetty 10
+ 6752 DefaultSessionCache more extensible using ConcurrentMap
+ 6772 Update to asm 9.2
+ 6853 Remove pack200 plugins
+ 6860 IPv6 format
+ 6868 _uriCompliance attribute has been forgotten in the HttpConfiguration
constructor from another configuration
+ 6869 Correct Content-Type within HTML error pages
+ 6870 Encode control characters in URIUtil.encodePath
+ 6883 Welcome file redirects do not honor the relativeRedirectAllowed option
+ 6938 module-info.java file do not use the canonical order for the elements
jetty-9.4.44.v20210927 - 27 September 2021
+ 3514 Use interpolation of versions from pom in mod files
+ 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond
+ 6372 Review socket options configuration
+ 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing
libraries to use
+ 6491 onDataAvailable() not called when HttpParser is closed prematurely
+ 6520 Error page has HTML error when writePoweredBy is enabled
+ 6545 image/webp MIME type support
+ 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
+ 6554 Allow creation of DefaultIdentityService without realmName
+ 6558 Allow to configure return type in JSON array parsing
+ 6562 HttpOutput.write(ByteBuffer buffer)
+ 6603 HTTP/2 max local stream count exceeded
+ 6617 Add basic auth support for OpenId token endpoint (client_secret_basic)
+ 6618 ID token `azp` claim should not be required if `aud` is single value
array
+ 6652 Improve ReservedThreadExecutor dump
+ 6671 Update to apache jsp 8.5.70
+ 6772 Update to asm 9.2
+ 6853 Remove pack200 plugins
+ 6860 Correct IPv6 format
+ 6869 Correct Content-Type within HTML error pages
+ 6870 Encode control characters in URIUtil.encodePath
+ 6883 Welcome file redirects do not honor the relativeRedirectAllowed option
jetty-10.0.6 - 29 June 2021
+ 6375 Always check XML `Set` elements with `property` attribute
+ 6382 HttpClient TimeoutException message reports transient values
+ 6394 Review osgi manifests within Jetty 10
+ 6407 Malformed scheme logical expression check in WebSocket
ClientUpgradeRequest
+ 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
+ 6418 Bad and/or missing Require-Capability for osgi.serviceloader
+ 6425 Update to asm 9.1
+ 6447 Deprecate support for UTF16 encoding in URIs (Resolves CVE-2021-34429)
+ 6451 Request#getServletPath() returns null for ROOT mapping
+ 6464 Wrong files/lib definitions in certain *-capture.mod files?
+ 6473 Improve alias checking in PathResource
jetty-10.0.5 - 11 June 2021
+ 4772 Jetty WebSocket API onMessage annotation does not support partial
messages.
+ 6302 Treat empty path segments are ambiguous
+ 6329 Regression on graceful shutdown default in Jetty 10
+ 6354 org.slf4j dependency imports osgi packages at 2.0
+ 6379 Reduce contention in all `ByteBufferPool` implementations
+ 6392 Review accidental xml config changes
jetty-10.0.4 - 04 June 2021
+ 5379 Better handling for wrong SNI
+ 5931 SslConnection should implement getBytesIn()/getBytesOut()
+ 6112 Jetty logging service file leaking to web applications
+ 6114 Jetty Deploy scan / symlink behavior is broken
+ 6118 Display a warning when Hazelcast configuration does not contain Jetty
session serializer
+ 6276 Support non-standard domains in SNI and X509
+ 6305 Optimise `ContextHandler.isProtectedTarget`
+ 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
with timeouts are sent
+ 6347 session-store-gcloud module broken logging dependency
+ 6354 org.slfj osgi dependency imports packages at 2.0
jetty-10.0.3 - 20 May 2021
+ 3764 DeprecationWarning Decorator
+ 5306 Default jetty.*.acceptors should be 1
+ 5684 Review disabled tests
+ 5798 jetty-runner startup error with jetty-10
+ 5817 Provide more filtering for CustomRequestLog
+ 6049 Default provider [files] section always executed
+ 6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
+ 6098 jetty-cdi is missing from jetty-bom
+ 6099 Cipher preference may break SNI if certificates have different key
types
+ 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
+ 6106 WebSocket/CDI integration is broken in Jetty 10
+ 6132 Ambiguous segment in URI in DELETE
/a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from
10.0.0 to 10.0.2
+ 6153 jetty-maven-plugin does not correctly pass JVM arguments for external
deployMode
+ 6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected
by IP rather than hostname.
+ 6166 WebSocket MessageInputStream.read() spends a lot of time in
ByteBuffer.compact()
+ 6205 OpenIdAuthenticator may use incorrect redirect
+ 6207 Make ALPN optional in HTTP2Client over TLS
+ 6208 HTTP/2 max local stream count exceeded
+ 6224 make jetty-jspc-maven-plugin @threadSafe
+ 6227 Better resolve race between `AsyncListener.onTimeout` and
`AsyncContext.dispatch`
+ 6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
+ 6250 Lazily allocate HTTP2Stream data queue
+ 6251 Use CyclicTimeout for HTTP2Streams
+ 6254 Total timeout not enforced for queued requests
+ 6263 Review URI encoding in ConcatServlet & WelcomeFilter (Resolved
CVE-2021-28169)
+ 6272 Reduce allocation in HttpClient when notifying content listeners
+ 6277 Better handle exceptions thrown from session destroy listener (Resolved
CVE-2021-34428)
+ 6280 Copy ServletHolder class/instance properly during startWebapp
+ 6287 Class loading broken for WebSocketClient used inside webapp
jetty-10.0.2 - 26 March 2021
+ 4275 Path Normalization/Traversal - Context Matching
+ 5828 Allow to create a WebSocketContainer passing HttpClient
+ 5832 Ctrl-C after jetty:run produces NoClassDefFoundError
+ 5835 Review Durable Filters, Servlets and Listeners
+ 5977 Cache-Control header set by a filter is override by the value from
DefaultServlet configuration
+ 5994 QueuedThreadPool "free" threads
+ 5996 ERROR : No module found to provide logback-impl for
logback-access{enabled}
+ 5999 HttpURI ArrayIndexOutOfBounds
+ 6001 Ambiguous URI legacy compliance mode
+ 6008 Allow absolute paths to be provided in start.ini for request log
directory.
+ 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong
method taken
+ 6020 Review Jetty Maven Plugin scanning defaults
+ 6021 Standardize Path resolution in XmlConfiguration
+ 6024 Error starting jetty-10: Provider
org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not
found
+ 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
+ 6034 SslContextFactory may select a wildcard certificate during SNI
selection when a more specific SSL certificate is present
+ 6037 Review logging modules for j.u.l
+ 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
+ 6063 Allow override of hazelcast version when using module
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves
CVE-2021-28165
+ 6076 Embedded Jetty throws null pointer exception
+ 6082 SslConnection compacting
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
Message
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
+ 6102 Exclude webapps directory from deployment scan - Resolves
CVE-2021-28163
jetty-10.0.1 - 19 February 2021
+ 1673 jetty-demo/etc/keystore should not be distributed
+ 4275 Path Normalization/Traversal - Context Matching
+ 4515 Validation extension should not downcast CoreSession
+ 5492 Add ability to manage start modules by java feature
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
+ 5605 Blocked IO Thread not woken
+ 5689 Jetty ssl keystorePath doesn't work with absolute path
+ 5706 The WebSocket ServerUpgradeResponse can produce NPE in jetty 10
+ 5725 Review Preventers
+ 5755 Cannot configure maxDynamicTableSize on HTTP2Client
+ 5757 Review Inferred vs Assumed charsets
+ 5779 Include can set pathInContext
+ 5783 Fix ConnectionStatistics.*Rate() methods
+ 5784 Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0
+ 5785 Reduce log level for WebSocket connections closed by clients
+ 5787 Make ManagedSelector report better JMX data
+ 5794 ServerConnector leaks closed sockets which can lead to file descriptor
exhaustion
+ 5799 Allow specifying the duration an object can stay in a pool
+ 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
+ 5830 Jetty-util contains wrong Import-Package
+ 5844 download flag to jetty-start causes NullPointerException
+ 5845 Use UTF-8 encoding for client basic auth if requested
+ 5850 NPE at Principal WebSocketSession.getUserPrincipal()
+ 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
+ 5855 HttpClient may not send queued requests
+ 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
+ 5866 Support Programmatic WebSocket upgrade in Jetty 10
+ 5868 Cleaning up request attributes after websocket upgrade in Jetty 10
+ 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
due to URI case comparison bug
+ 5872 Improve JMX support for Jetty logging
+ 5880 Move test-simple-webapp to demos
+ 5882 Simplify ALPN modules
+ 5901 Starting Jetty with JPMS produces warnings about Servlet resources not
found
+ 5909 Cannot disable HTTP OPTIONS Method
+ 5933 ClientCertAuthenticator is not taking account SslContext configuration
+ 5937 Unnecessary blocking in ResourceService
+ 5939 Use unwrapped exception as exception type for error handling
+ 5950 Deadlock due to logging inside classloaders
+ 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
+ 5966 jetty-home should not have a webapps/ directory
+ 5973 Proxy client TLS authentication example
+ 5977 Cache-Control header set by a filter is override by the value from
DefaultServlet configuration
+ 5979 Configurable gzip Etag extension
jetty-10.0.0 - 02 December 2020
+ 1923 GCThreadLeakPreventer won't work with Java 9
+ 4711 Reset trailers on recycled response
+ 5272 The UserStore and PropertyUserStore classes are hard to re-use for
caching eg JDBC data
+ 5310 Jetty Http2 client discards the response fames when there is GOAWAY and
sends RST_STREAM
+ 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
web application causes ClassCastException
+ 5486 PropertyFileLoginModule retains PropertyUserStores
+ 5488 jetty-dir.css not found when using JPMS
+ 5493 StatisticsHandler broken for async applications
+ 5498 Review ServletHolder.getServlet
+ 5521 ResourceCollection NPE in list()
+ 5535 Support regex in SslContextFactory include/exclude of protocols
+ 5539 StatisticsServlet output is not valid
+ 5555 NPE for servlet with no mapping
+ 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod
+ 5605 java.io.IOException: unconsumed input during http request parsing -
Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority
+ 5679 Distro argument --list-all-modules does not work
+ 5680 No way to see which modules are enabled for the distro
+ 5691 HttpInput may skip setting fill interest
jetty-10.0.0.beta3 - 21 October 2020
+ 5022 Cleanup ServletHandler, specifically with respect to making filter
chains more extensible
+ 5287 CompressionPools should use the new jetty-util Pool class
+ 5360 demo-spec module incorrectly depends on demo-jndi
+ 5368 WebSocket text event execute in same thread as running binary event and
destroy Threadlocal
+ 5378 Filter/Servlet/Listener Holders are not started if added during
STARTING state.
+ 5379 Better handling for wrong SNI
+ 5394 Quickstart does not inject/decorate objects
+ 5401 Move jetty-http-tools under the project root
+ 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
+ 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
produced by ForwardedHeader
+ 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer
+ 5448 Request.isSecure() returns false for `https` schemes in Jetty 10
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
jetty-10.0.0.beta2 - 02 October 2020
+ 1337 MultiPart Part.write(String fileName) - Write method used unexpected
path
+ 1761 Make GzipHandler module more configurable
+ 2609 Make finding orphaned expired sessions common across SessionDataStores
+ 2796 HTTP/2 max local stream count exceeded when request fails
+ 3766 Introduce HTTP/2 API to batch frames
+ 3916 multipart/byterange output is invalid to RFC7233
+ 4430 Duplicate generation of servlets/filters/listeners from context xml
with quickstart
+ 4572 Replace Jetty Logging with slf4j
+ 4736 Update Import-Package version start ranges
+ 4808 Review HttpClient Request header APIs
+ 4809 Set a max number of requests per connection
+ 4824 WebSocket server outgoing message queue memory growth
+ 4888 Request getSession() method throws IllegalStateException when Session
exists
+ 4919 websocket container stop ordering
+ 4954 Simplify ability to get Byte Counts about requests
+ 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet()
+ 4988 The check for whether a mime type is gzipable modifies (lower-cases)
the content type
+ 4996 Warning log printed when debug is enabled in AbstractLifecycle.java
+ 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate
+ 5018 WebSocketClient connect / upgrade timeout not configurable
+ 5019 Automatically hot-reload SSL certificates if keystore file changed
+ 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle
events
+ 5025 dispatcher.include() with welcome files lead to stack overflow error
+ 5029 Open redirect when sending custom Host header to URL with no trailing
forward-slash
+ 5032 Introduce Listeners to aid in tracking timings within ServletContext
and WebApp
+ 5043 WebSocketListener anonymous classes should be invocable
+ 5044 Jetty WebSocket UpgradeRequest & UpgradeResponse types in Jetty 10
+ 5053 CWE-331 in DigestAuthentication class
+ 5057 `javax.servlet.include.context_path` attribute on root context. should
be empty string, but is `"/"`
+ 5064 NotSerializableException for OpenIdConfiguration
+ 5069 HttpClientTimeoutTests can occasionally fail due to unreachable network
+ 5079 authority header for IPv6 address not having square brackets
+ 5081 Review HouseKeeper locking
+ 5083 Convert synchronized usages to AutoLock
+ 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter
+ 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2
client
+ 5104 AbstractProxyServlet include incorrect protocol version in Via header
when accessed over H2
+ 5105 Graceful shutdown does not wait for resumed requests
+ 5108 Improve SessionTracker scalability
+ 5122 Retrieving websocket connections via jmx
+ 5129 No jars added when using a folder in extraClasspath of the webapp
context xml file
+ 5133 Improve ResourceFactory and Resource list handling
+ 5137 WebAppContext Tests need cleanup
+ 5147 Set MaxUsageCount with existing connection pool changing the behavior
+ 5150 Zero connection timeout is not supported in HTTP client with
non-blocking connect
+ 5152 HttpClient should handle unsolicited responses
+ 5162 DecoratingListener raises a NullPointerException
+ 5165 Wrong messagesIn count for HttpClient
+ 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client
Upgrade
+ 5171 GzipHandler Vary head should be configurable
+ 5174 Remove jetty-distribution in favor of jetty-home
+ 5178 Update to asm 8.0.1
+ 5185 Introduce DoSFilter Listener for Alert messages
+ 5193 WebSocket unimplemented BINARY message handling can result in TEXT
message delivery to fail
+ 5198 Update GzipHandler
+ 5201 QueuedThreadPool setDetailedDump gives less detail
+ 5204 SNI does not work with PKIX
+ 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE
+ 5217 Review RoundRobinConnectionPool
+ 5224 HttpServletRequest.getServerName can include port when using
ForwardedRequestCustomizer
+ 5233 Bad/Unsupported HTTP version should return 505 not 400
+ 5246 GzipHandler's DeflaterPool should be dumpable
+ 5247 Improve ForwardRequestCustomizer authority priority
+ 5254 Short list of Jetty modules
+ 5256 Cleanup Jetty 10 Start
+ 5263 Introduce jetty-home contamination warning
+ 5264 Create demo module
+ 5268 WARN Ignoring eviction setting: 0
+ 5280 Remove unused methods on SessionHandler
+ 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415
Unsupported Media Type
+ 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty
10, but a valid value on Jetty 9
+ 5316 Review <Map> element in Jetty XML
+ 5317 Remove jetty-all from Jetty 10
+ 5321 javadoc:aggregate-jar broken in Jetty 10
+ 5324 Jetty XML <Get> should support nested elements
+ 5327 NPE from jetty test webapp
+ 5357 Update http://eclipse.org to https://eclipse.org in source
+ 5360 demo-spec module incorrectly depends on demo-jndi
+ 5362 Default ProxyServlet cannot proxy to https urls
+ 5365 org.eclipse.jetty.server.Request throws NullPointerException if
SessionHandler newHttpSession returns null
jetty-10.0.0.beta1 - 10 July 2020
+ 1100 JSR356 Encoder#init is not called when created on demand
+ 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest
+ 3428 Support Decoder lists on javax.websocket endpoints
+ 4741 getHttpServletMapping for async dispatch
+ 4776 Incorrect path matching for WebSocket using PathMappings
+ 4826 Upgrade to Apache Jasper 8.5.54
+ 4855 occasional h2spec failures on jenkins
+ 4877 Review PathSpec classes
+ 4885 setCookie() must not change the headers in a response during an include
+ 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
SETTINGS Frame.
+ 4903 Give better errors for non public Websocket Endpoints
+ 4904 WebsocketClient creates more connections than needed
+ 4913 DirectoryNotEmptyException when using mvn jetty:run-distro
+ 4920 Restore ability to delete sessions on stop
+ 4921 Quickstart run improperly runs dynamically added context initializers
+ 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
before
+ 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
+ 4936 Response header overflow leads to buffer corruptions
+ 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2
session
+ 4967 Possible buffer corruption in HTTP/2 session failures
+ 4971 Simplify Connection.upgradeFrom()/upgradeTo()
+ 4976 HttpClient async content throws NPE in DEBUG log
+ 4981 Incorrect example for TryFilesFilter API docs
+ 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from
9.4.26 to 9.4.30
+ 4989 annotation get NPE when parse library contain module-info.class
(example jakarta.xml.ws-api_2.3.2.jar)
+ 5000 NPE from Server.dump of FilterMapping
+ 5018 WebSocketClient upgrade request timeout not configurable
jetty-9.4.43.v20210629 - 30 June 2021
+ 6379 Reduce contention in all `ByteBufferPool` implementations
+ 6382 HttpClient TimeoutException message reports transient values
+ 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout
+ 6425 Update to asm 9.1
+ 6447 Deprecate support for UTF16 encoding in URIs
+ 6470 java.nio.ReadOnlyBufferException
+ 6473 Improve alias checking in PathResource
jetty-9.4.42.v20210604 - 04 June 2021
+ 5379 Better handling for wrong SNI
+ 5931 SslConnection should implement getBytesIn()/getBytesOut()
+ 6118 Display a warning when Hazelcast configuration does not contain Jetty
session serializer
+ 6276 Support non-standard domains in SNI and X509
+ 6287 Class loading broken for WebSocketClient used inside webapp
+ 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
with timeouts are sent
jetty-9.4.41.v20210516 - 16 May 2021
+ 6099 Cipher preference may break SNI if certificates have different key
types
+ 6186 Add Null Protection on Log / Logger
+ 6205 OpenIdAuthenticator may use incorrect redirect
+ 6208 HTTP/2 max local stream count exceeded
+ 6227 Better resolve race between `AsyncListener.onTimeout` and
`AsyncContext.dispatch`
+ 6254 Total timeout not enforced for queued requests
+ 6263 Review URI encoding in ConcatServlet & WelcomeFilter (Resolved
CVE-2021-28169)
+ 6277 Better handle exceptions thrown from session destroy listener
+ 6280 Copy ServletHolder class/instance properly during startWebapp
jetty-9.4.40.v20210413 - 13 April 2021
+ 6082 SslConnection compacting
+ 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
+ 6148 Jetty start.jar always reports jetty.tag.version as `master`
+ 6168 Improve handling of unconsumed content
jetty-9.4.39.v20210325 - 25 March 2021
+ 6034 SslContextFactory may select a wildcard certificate during SNI
selection when a more specific SSL certificate is present
+ 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
+ 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
work on Android
+ 6063 Allow override of hazelcast version when using module
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves
CVE-2021-28165
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
Message
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
+ 6102 Exclude webapps directory from deployment scan - Resolves
CVE-2021-28163
jetty-9.4.38.v20210224 - 24 February 2021
+ 4275 Path Normalization/Traversal - Context Matching
+ 5963 Improve QuotedQualityCSV for CVE-2020-27223
+ 5977 Cache-Control header set by a filter is override by the value from
DefaultServlet configuration
+ 5994 QueuedThreadPool "free" threads
+ 5999 HttpURI ArrayIndexOutOfBounds
+ 6001 Ambiguous URI legacy compliance mode
jetty-9.4.37.v20210219 - 19 February 2021
+ 4275 Path Normalization/Traversal - Context Matching
+ 5492 Add ability to manage start modules by java feature
+ 5605 Blocked IO Thread not woken
+ 5787 Make ManagedSelector report better JMX data
+ 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
+ 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
+ 5909 Cannot disable HTTP OPTIONS Method
+ 5937 Unnecessary blocking in ResourceService
+ 5950 Deadlock due to logging inside classloaders
+ 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
+ 5973 Proxy client TLS authentication example
+ 5977 Cache-Control header set by a filter is override by the value from
DefaultServlet configuration
+ 5979 Configurable gzip Etag extension
jetty-9.4.36.v20210114 - 14 January 2021
+ 5310 Jetty Http2 client discards the response frames when there is GOAWAY
and sends RST_STREAM
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
+ 5633 Allow to configure HttpClient request authority
+ 5689 Jetty ssl keystorePath doesn't work with absolute path
+ 5755 Cannot configure maxDynamicTableSize on HTTP2Client
+ 5783 Fix ConnectionStatistics.*Rate() methods
+ 5785 Reduce log level for WebSocket connections closed by clients
+ 5794 ServerConnector leaks closed sockets which can lead to file descriptor
exhaustion
+ 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
+ 5830 Jetty-util contains wrong Import-Package
+ 5844 download flag to jetty-start causes NullPointerException
+ 5845 Use UTF-8 encoding for client basic auth if requested
+ 5855 HttpClient may not send queued requests
+ 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
due to URI case comparison bug
jetty-9.4.35.v20201120 - 20 November 2020
+ 4711 Reset trailers on recycled response
+ 5486 PropertyFileLoginModule retains PropertyUserStores
+ 5539 StatisticsServlet output is not valid
+ 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod
+ 5605 java.io.IOException: unconsumed input during http request parsing -
Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority
jetty-9.4.34.v20201102 - 02 November 2020
+ 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
web application causes ClassCastException
+ 5488 jetty-dir.css not found when using JPMS
+ 5498 ServletHolder lifecycle correctness
+ 5521 ResourceCollection NPE in list()
+ 5535 Support regex in SslContextFactory include/exclude of protocols
+ 5555 NPE for servlet with no mapping
jetty-9.4.33.v20201020 - 20 October 2020
+ 5022 Cleanup ServletHandler, specifically with respect to making filter
chains more extensible
+ 5368 WebSocket text event execute in same thread as running binary event and
destroy Threadlocal
+ 5378 Filter/Servlet/Listener Holders are not started if added during
STARTING state.
+ 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
+ 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
produced by ForwardedHeader
+ 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
jetty-9.4.32.v20200930 - 30 September 2020
+ 2796 HTTP/2 max local stream count exceeded when request fails
+ 3766 Introduce HTTP/2 API to batch frames
+ 3916 multipart/byterange output is invalid to RFC7233
+ 4809 Set a max number of requests per connection
+ 4824 WebSocket server outgoing message queue memory growth
+ 4888 Request getSession() method throws IllegalStateException when Session
exists
+ 4954 Simplify ability to get Byte Counts about requests
+ 5032 Introduce Listeners to aid in tracking timings within ServletContext
and WebApp
+ 5079 authority header for IPv6 address not having square brackets
+ 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2
client
+ 5104 AbstractProxyServlet include incorrect protocol version in Via header
when accessed over H2
+ 5105 Graceful shutdown does not wait for resumed requests
+ 5108 Improve SessionTracker scalability
+ 5121 Add if (LOG.isDebugEnabled()) in CompressExtension.decompress
+ 5122 Retrieving websocket connections via jmx
+ 5129 No jars added when using a folder in extraClasspath of the webapp
context xml file
+ 5147 Set MaxUsageCount with existing connection pool changing the behavior
+ 5150 Zero connection timeout is not supported in HTTP client with
non-blocking connect
+ 5152 HttpClient should handle unsolicited responses
+ 5162 DecoratingListener raises a NullPointerException
+ 5165 Wrong messagesIn count for HttpClient
+ 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client
Upgrade
+ 5185 Introduce DoSFilter Listener for Alert messages
+ 5193 WebSocket unimplemented BINARY message handling can result in TEXT
message delivery to fail
+ 5201 QueuedThreadPool setDetailedDump gives less detail
+ 5204 SNI does not work with PKIX
+ 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE
+ 5217 Review RoundRobinConnectionPool
+ 5224 HttpServletRequest.getServerName can include port when using
ForwardedRequestCustomizer
+ 5233 Bad/Unsupported HTTP version should return 505 not 400
+ 5246 GzipHandler's DeflaterPool should be dumpable
+ 5247 Improve ForwardRequestCustomizer authority priority
+ 5268 WARN Ignoring eviction setting: 0
+ 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415
Unsupported Media Type
+ 5362 Default ProxyServlet cannot proxy to https urls
+ 5365 org.eclipse.jetty.server.Request throws NullPointerException if
SessionHandler newHttpSession returns null
jetty-9.4.31.v20200723 - 23 July 2020
+ 1100 JSR356 Encoder#init is not called when created on demand
+ 4736 Update Import-Package version start ranges
+ 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
SETTINGS Frame.
+ 4904 WebsocketClient creates more connections than needed
+ 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2
session
+ 4967 Possible buffer corruption in HTTP/2 session failures
+ 4971 Simplify Connection.upgradeFrom()/upgradeTo()
+ 4976 HttpClient async content throws NPE in DEBUG log
+ 4981 Incorrect example for TryFilesFilter API docs
+ 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet()
+ 4989 Prevent parsing of module-info.class in OSGi bundles
+ 5000 NPE from Server.dump of FilterMapping
+ 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate
+ 5018 WebSocketClient connect / upgrade timeout not configurable
+ 5019 Automatically hot-reload SSL certificates if keystore file changed
+ 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle
events
+ 5025 dispatcher.include() with welcome files lead to stack overflow error
+ 5053 CWE-331 in DigestAuthentication class
+ 5057 `javax.servlet.include.context_path` attribute on root context. should
be empty string, but is `"/"`
+ 5064 NotSerializableException for OpenIdConfiguration
jetty-9.4.30.v20200611 - 11 June 2020
+ 4776 Incorrect path matching for WebSocket using PathMappings
+ 4826 Upgrade to Apache Jasper 8.5.54
+ 4855 occasional h2spec failures on jenkins
+ 4873 Server.join not working when used with ExecutorThreadPool
+ 4885 setCookie() must not change the headers in a response during an include
+ 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
SETTINGS Frame.
+ 4894 JDBCSessionDataStore fails to create multiple JettySessions for server
with multiple databases
+ 4903 Give better errors for non public Websocket Endpoints
+ 4904 WebsocketClient creates more connections than needed
+ 4913 DirectoryNotEmptyException when using mvn jetty:run-distro
+ 4920 Restore ability to delete sessions on stop
+ 4921 Quickstart run improperly runs dynamically added context initializers
+ 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
before
+ 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
+ 4936 Response header overflow leads to buffer corruptions - Resolves
CVE-2019-17638
jetty-9.4.29.v20200521 - 21 May 2020
+ 2188 Lock contention creating HTTP/2 streams
+ 4235 communicate the reason of failure to the OpenID error page
+ 4695 HttpChannel recycling in h2
+ 4764 HTTP2 Jetty Server does not send back content-length
+ 4778 Enforcing SNI when there are only non-wildcards certificates
+ 4787 Make org.eclipse.jetty.client.HttpRequest's host name writable
+ 4789 org.eclipse.jetty.util.thread.ShutdownThread should use an appropriate
name to identify itself in Thread dump
+ 4798 Better handling of fatal Selector failures
+ 4814 Allow a ConnectionFactory (eg SslConnectionFactory) to automatically
add a Customizer
+ 4820 Jetty OSGi DefaultJettyAtJettyHomeHelper refers to non-existent config
file
+ 4824 WebSocket server outgoing message queue memory growth
+ 4828 NIO ByteBuffer corruption in embedded Jetty server
+ 4835 GzipHandler and GzipHttpOutputInterceptor do not flush response when
body is empty
+ 4860 org.eclipse.jetty.server.HttpChannel busyloop on HttpFields
NullPointerException
+ 4861 Combine `AttributesMap` and `Attributes.Wrapper`
+ 4868 Update to asm 7.3.1
+ 4892 Non-blocking JSON parser
+ 4895 AbstractSessionCache.setFlushOnResponseCommit(true) can write an
invalid session to the backing store
jetty-9.4.28.v20200408 - 08 April 2020
+ 847 Setting async timeout on WebSocketClient does not seem to timeout writes
+ 2896 Wrong Certificate Selected When Using Multiple Virtual Host Names in
Conscrypt
+ 4443 Track backport of ALPN APIs to Java 8
+ 4529 ErrorHandler showing servlet info, can not be disabled unless
overriding most of its functionality
+ 4542 servlet context root mapping incorrect
+ 4619 Inconsistent library versions notice
+ 4620 Using console-capture with StdErrLog results in empty log file
+ 4621 jetty-jaspi in jetty-all uber aggregate artifact requires
javax.security.auth.message.AuthException which cannot be included
+ 4628 Add support for conditional module dependencies in jetty-start
+ 4631 Startup XmlConfiguration WARN on Arg threadpool
+ 4638 maxFormContentSize fix in Issue #3856 broke JenkinsCI/Winstone
+ 4644 no injection of env-entry if env-entry-value is whitespace only or
missing
+ 4645 Empty "X-Forwarded-Port" header results in NumberFormatException
+ 4647 Hazelcast remote.xml configuration file do not configure hazelcast
remote addresses
+ 4650 Do not use ServiceLoader every time a WebSocketSession is created
+ 4654 Hazelcast configurationLocation is not configurable via mod files
+ 4662 Jetty 9.4.x calls ServletContextListener.contextDestroyed() too early
+ 4671 CustomRequestLog throws NullPointerException when no request cookie is
present
+ 4673 Short reads break form-data multipart parsing
+ 4676 ALPN support for Java 15
+ 4682 "UnreadableSessionDataException Unreadable session ..." after upgrading
to 9.4.27
+ 4693 Version 9.4.25 breaks binary compatibility by renaming
Response.closeOutput()
+ 4699 ServletContainerInitializer.onStartUp is not called with maven jar
packaging using Jetty Maven Plugin
+ 4711 Reset trailers on recycled response
+ 4714 Low setMaxConcurrentStreams causes "1/unexpected_data_frame" errors
+ 4735 Get env variables in PHP scripts served through FastCGIProxyServlet
+ 4737 PreDestroy not called for non-async and run-as servlets
+ 4739 @RunAs not honoured on servlets
+ 4751 Refresh NetworkTraffic* classes
jetty-9.4.27.v20200227 - 27 February 2020
+ 3247 Generate jetty-maven-plugin website
+ 4247 Cookie security attributes are going to mandated by Google Chrome
+ 4360 Upgrade to Apache Jasper 8.5.49
+ 4475 WebSocket JSR356 implementation not honoring javadoc of MessageHandler
on Whole<Reader>
+ 4495 Review ReservedThreadExecutor's concurrency model
+ 4504 X-Forwarded-Server header overwrites X-Forwarded-Host
+ 4520 Jetty jdbc session manager causing exceptions for violating primary key
in inserting session in the table
+ 4529 ErrorHandler showing servlet info, can not be disabled unless
overriding most of its functionality
+ 4533 Reinstate hard close in dispatcher
+ 4537 High CPU on Jetty Websocket thread
+ 4541 Jetty server always allocates maximum response header size
+ 4550 XmlConfiguration constructor selection based on number of arguments
+ 4567 Jetty logging supporting Throwable as last argument
+ 4573 Order dependency of X-Forwarded-Host and X-Forwarded-Port
+ 4575 Stopping ReservedThreadExecutor may hang
+ 4577 request getPathInfo returns null
+ 4594 ServletContextListeners added to destroyServletContextListeners in
ContextHandler::startContext() are not removed by
ContextHandler::removeEventListener()
+ 4606 DateCache.formatNow(long now) does not honor the passed in long
+ 4612 ReservedThreadExecutor hangs when the last reserved thread idles out
jetty-9.4.26.v20200117 - 17 January 2020
+ 2620 Exception from user endpoint onClose results in unclosed
WebSocketSession
+ 4383 Errors deleting multipart tmp files java.lang.NullPointerException
under heavy load
+ 4444 TLS Connection Timeout Intermittently
+ 4461 IllegalStateException in HttpOutput with Jersey
jetty-9.4.25.v20191220 - 20 December 2019
+ 995 UrlEncoded.encodeString should skip more characters
+ 2195 Add parameter expansion to start.jar --exec parameters
+ 3512 File descriptor is not released after zip file uploaded via
jetty-client
+ 3730 WebSocketClient constructor cleanup (and deprecations)
+ 4269 ResponseWriter should not throw RuntimeIOExceptions
+ 4323 QOS Filter does not handle IllegalStateException and never releases
passes
+ 4329 rewrite prevents URL session tracking
+ 4331 Improve handling of HttpOutput.close() for pending writes
+ 4350 Deprecated MultiPartInputStreamParser still used in jetty-server
(MultiPartsUtilParser) but OSGi ExportPackage suppressed
+ 4351 Servlet.service called before Servlet.init is finished when servlet is
lazily initialized
+ 4363 jetty-maven-plugin no longer processes supplied context.xml-file
+ 4366 HTTP client uses SOCKS4 proxy hostname for SSL hostname verification
+ 4374 Jetty client: Response.AsyncContentListener.onContent is not called
+ 4376 Async Content Complete bug results in
org.eclipse.jetty.io.EofException: Async closed
+ 4385 Limit new UnsupportedOperationException to direct base class
SslContextFactory usage
+ 4392 Suppress logging of QuietException in HttpChannelState.asyncError()
+ 4402 NPE in JettyRunWarExplodedMojo
+ 4411 Jetty server spins on incomplete request due to delayed dispatch until
content
+ 4415 GzipHandler invalid input zip size on large (over 2,147,483,647 bytes)
request body content
+ 4421 HttpClient support for PROXY protocol
+ 4427 Retried HttpClient Requests can result in duplicates cookies
jetty-9.4.24.v20191120 - 20 November 2019
+ 3083 The ini-template for jetty.console-capture.dir does not match the
default value
+ 4128 OpenIdCredetials can't decode JWT ID token
+ 4334 Better test ErrorHandler changes - Resolves CVE-2019-17632
jetty-9.4.23.v20191118 - 18 November 2019
+ 1485 Add systemd service file
+ 2266 Jetty maven plugin reload is triggered each time the
`scanIntervalSeconds` pass
+ 2340 Remove raw ServletHandler usage examples from documentation
+ 2709 current default for headerCacheSize is not large enough for many
requests
+ 3863 Enforce use of SNI
+ 3869 Update to ASM 7.2 for jdk 13
+ 4033 Ignore bad percent encodings in paths during
URIUtil.equalsIgnoreEncodings()
+ 4138 OpenID module should use HttpClient instead of HttpURLConnection
+ 4156 IllegalStateException when forwarding to jsp with new session
+ 4161 Regression: EofException: request lifecycle violation
+ 4173 NullPointerException warning in log from WebInfConfiguration after
upgrade
+ 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
+ 4236 clean up redirect code calculation for OpenIdAuthenticator
+ 4237 simplify openid module configuration
+ 4240 CGI form post results in 500 response if no character encoding
+ 4243 ErrorHandler produces invalid json error response
+ 4247 Cookie security attributes are going to mandated by Google Chrome
+ 4248 Websocket client UpgradeListener never reports success
+ 4251 Http 2.0 clients cannot upgrade protocol
+ 4258 RateControl should be per-connection
+ 4264 Spring Boot BasicErrorController no longer invoked
+ 4265 HttpChannel SEND_ERROR should use ErrorHandler.doError()
+ 4277 Reading streamed gzipped body never terminates
+ 4279 Regression: ResponseWriter#close blocks indefinitely
+ 4282 Review HttpParser handling in case of no content
+ 4283 Wrong package for OpenJDK8ClientALPNProcessor
+ 4284 Possible NullPointerException in Main.java when stopped from command
line
+ 4287 Move getUriLastPathSegment(URI uri) to URIUtil
+ 4296 Unable to create WebSocket connect if the query string of the URL has %
symbol.
+ 4301 Demand beforeContent is not forwarded
+ 4305 Jetty server ALPN shall alert fatal no_application_protocol if no
client application protocol is supported
+ 4325 Deprecate SniX509ExtendedKeyManager constructor without
SslContextFactory$Server
jetty-9.4.22.v20191022 - 22 October 2019
+ 2429 HttpClient backpressure improved
+ 3558 Error notifications can be received after a successful websocket
+ 3787 Jetty client sometimes returns EOFException instead of
SSLHandshakeException on certificate errors.
+ 3913 Clustered HttpSession IllegalStateException: Invalid for read
+ 3989 Inform custom ManagedSelector of dead selector via optional
onFailedSelect()
+ 4096 Thread in ReservedThreadExecutor does not exit when stopped
+ 4104 Frames are sent through ExtensionStack even if WebSocket Session is
closed
+ 4105 QueuedThreadPool increased thread usage and no idle thread decay
+ 4115 Drop HTTP/2 pseudo headers
+ 4121 QueuedThreadPool should support ThreadFactory behaviors
+ 4122 QueuedThreadPool should reset thread interrupted on failed run
+ 4128 OpenIdCredetials can't decode JWT ID token
+ 4132 Should be possible to use OIDC without metadata
+ 4141 ClassCastException with non-async Servlet + async Filter +
HttpServletRequestWrapper
+ 4142 Configurable HTTP/2 RateControl
+ 4144 Naked cast to Request should be avoided
+ 4156 IllegalStateException when forwarding to jsp with new session
+ 4158 Behaviour change in session handling in 9.4.21.v20190926
+ 4170 Client-side alias selection based on SSLEngine
+ 4174 ConcurrentModificationException when stopping jetty:run-war
+ 4176 Should not set header if sendError has been called
+ 4177 Configure HTTP proxy with SslContextFactory
+ 4179 Improve HttpChannel$SendCallback references for GC
+ 4183 Jetty considers bootstrap injected class to be a "server class"
+ 4188 Spin in HttpOutput.close
+ 4190 Jetty hangs after thread blocked in SharedBlockingCallback.block()
called by HttpOutput.close
+ 4191 Increase GzipHandler minGzipSize default size
+ 4193 InetAccessHandler - new includeConnectors/excludeConnectors not quite
correct anymore