Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better handle exceptions thrown from session destroy listener #6277

Closed
gregw opened this issue May 14, 2021 · 2 comments · Fixed by #6278
Closed

Better handle exceptions thrown from session destroy listener #6277

gregw opened this issue May 14, 2021 · 2 comments · Fixed by #6278
Assignees

Comments

@gregw
Copy link
Contributor

@gregw gregw commented May 14, 2021

Handle exceptions thrown from session destroyed listeners
CVE-2021-34428

janbartel added a commit that referenced this issue May 14, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue May 15, 2021
Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue May 15, 2021
…6278)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue May 16, 2021
…6278)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <janb@webtide.com>
janbartel added a commit that referenced this issue May 16, 2021
…6278) (#6279)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <janb@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 8, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 8, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 9, 2021
Issue #6277 - update VERSION.txt with SessionListener CVE number (9.4)
lachlan-roberts added a commit that referenced this issue Jul 9, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 14, 2021
Issue #6277 - update VERSION.txt with SessionListener CVE number
lachlan-roberts added a commit that referenced this issue Jul 15, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 23, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Jul 23, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@gregw
Copy link
Contributor Author

@gregw gregw commented Aug 31, 2021

backport to 9.3

@gregw gregw reopened this Aug 31, 2021
@gregw gregw added this to To do in Jetty 9.3.30 FROZEN via automation Aug 31, 2021
@olamy olamy removed this from To do in Jetty 9.3.30 FROZEN Sep 9, 2021
joakime added a commit that referenced this issue Sep 30, 2021
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
@joakime
Copy link
Member

@joakime joakime commented Sep 30, 2021

Opened PR #6948 for minimal backport to jetty-9.3.x of fix (no tests)

joakime added a commit that referenced this issue Oct 1, 2021
…stener-fix

Issue #6277 - Protect from Throwables on HttpSessionListener events.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants