Releases: eclipse/jetty.project
Releases · eclipse/jetty.project
12.0.1
Important Notes
- New Environment System (ee10 / ee9 / ee8)
- Supports ee10 / ee9 / ee8 at the same time (in different deployed webapps)
- See Jetty 11 to 12 Migration Docs for help finding the new maven coordinates for EE specific artifacts.
- Jetty Core no longer has dependencies on any Jakarta EE Spec
Special Thanks to the following Eclipse Jetty community members
- @zugazagoitia (Alberto Zugazagoitia)
Changelog
- #10420 - do not recycle ServletChannel if aborted
- #10416 - EE9 Copies HttpFields in response
- #10411 - Review deployment of Jetty Context XML files
- #10406 - Bump jetty-setuid to 2.0.1
- #10388 - Jetty10 inetaccess mod started error
- #10383 - Unsuppressed exceptions from EE10 ServletTest
- #10356 - Deploying WAR with
ee10-cdi-spifails with Weld 5/CDI 4 - #10353 - Questions about porting WebSocket APIs to jetty-core 12
- #10349 - Character encoding is reset when setting Content-Type
- #10340 - Implement containsLast in HttpFields
- #10339 - Freeze HttpFields
- #10337 - SizeLimitHandler does not enforce 0 responseLimit
- #10323 - Jetty 12.0.0 return wrong value for HttpServletRequest.isRequestedSessionIdValid
- #10315 - ServletInputStream::isReady results in IllegalArgumentException
- #10309 - Jetty 12: X-Powered-By header is added 2 times (if enabled)
- #10306 - Jetty 12 generates wrong Host header
- #10295 - FormAuthenticator does not dispatch to an error page but redirect
- #10294 - Request.getContext().getContextPath()
- #10284 - Document all HttpFields methods
- #10275 - Fix wrong websocket artifact Jetty 12.x docs (@zugazagoitia)
- #10274 - java.nio.file.FileSystemNotFoundException when creating a resource from a JAR URL
- #10222 - Experiment/12/improve default servlet
- #10217 - Review ProxyConnectionFactory buffer management
- #10213 - UnknownFormatConversionException in
start.jar --debugif path has%sign - #10207 - Update failed JSP deployment message
- #10163 - Allow better configuration of WebAppContext classloader
- #10064 - Various Cleanup in ServletChannel
- #9169 - Idle timeout is ignored if callback is not completed
11.0.16
Security Updates
- This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh
Special Thanks to the following Eclipse Jetty community members
- @strogiyotec (Almas Abdrazak)
- @huisongma (huisongma)
- @garydgregory (Gary Gregory)
Changelog
- #10397 - Iso88591StringBuilder.append seems to have a logic error
- #10388 - Jetty10 inetaccess mod started error
- #10329 - Various cleanups in HttpParser
- #10271 - jetty.sh does not stop jetty anymore
- #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
- #10176 - cleanups of DateCache
- #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
- #10145 - WritePendingException over HTTP/2 tunnel
- #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
- #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
- #10105 - Document that Request objects are not reusable
- #10086 - Revisiting ProxyConfiguration.getProxies()
- #10066 - Allow
SAXParserFactoryorSAXParserto be configured in Jetty'sXmlParserclass - Allows for GHSA-58qw-p7qm-5rvh workaround - #9997 - No progress during Gzip Request Inflation results in bogus error
- #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@strogiyotec)
- #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@garydgregory)
- #9895 - A MessageTooLargeException doesn't close a WebSocket connection
- #9887 - Deprecate CGI Servlet
- #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
- #9777 - CrossOriginFilter does not return Vary header on no-cors mode
- #9761 - H3: Fix racy read from stream-less channel
- #9749 - HTTP/2 improvements.
- #9741 - Review of websocket parser, improve testing & comments.
- #9728 - Fixes to QPACK configuration from SETTINGS frames.
- #9715 - deprecate PushSessionCacheFilter
- #9685 - Jetty doesn't set the date header on error responses
- #9682 - RetainableByteBuffer buffer release bug in WebSocket
- #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9476 - onCompleteFailure called multiple times
- #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
- #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
- #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
- #7091 - Add SOCKS5 support (@huisongma)
10.0.16
Security Updates
- This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh
Special Thanks to the following Eclipse Jetty community members
- @strogiyotec (Almas Abdrazak)
- @huisongma (huisongma)
- @garydgregory (Gary Gregory)
Changelog
- #10397 - Iso88591StringBuilder.append seems to have a logic error
- #10388 - Jetty10 inetaccess mod started error
- #10329 - Various cleanups in HttpParser
- #10271 - jetty.sh does not stop jetty anymore
- #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
- #10176 - cleanups of DateCache
- #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
- #10145 - WritePendingException over HTTP/2 tunnel
- #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
- #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
- #10105 - Document that Request objects are not reusable
- #10086 - Revisiting ProxyConfiguration.getProxies()
- #10066 - Allow
SAXParserFactoryorSAXParserto be configured in Jetty'sXmlParserclass - Allows for GHSA-58qw-p7qm-5rvh workaround - #9997 - No progress during Gzip Request Inflation results in bogus error
- #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@strogiyotec)
- #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@garydgregory)
- #9895 - A MessageTooLargeException doesn't close a WebSocket connection
- #9887 - Deprecate CGI Servlet
- #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
- #9777 - CrossOriginFilter does not return Vary header on no-cors mode
- #9761 - H3: Fix racy read from stream-less channel
- #9749 - HTTP/2 improvements.
- #9741 - Review of websocket parser, improve testing & comments.
- #9728 - Fixes to QPACK configuration from SETTINGS frames.
- #9715 - deprecate PushSessionCacheFilter
- #9685 - Jetty doesn't set the date header on error responses
- #9682 - RetainableByteBuffer buffer release bug in WebSocket
- #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9476 - onCompleteFailure called multiple times
- #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
- #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
- #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
- #7091 - Add SOCKS5 support (@huisongma)
9.4.52.v20230823
Sponsored Release
This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com
Security Updates
- This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh
Special Thanks to the following Eclipse Jetty community members
- @RangerRick (Benjamin Reed)
Changelog
- #10352 - Backport of various cleanups in
HttpParserfromjetty-10.0.x - #10337 -
SizeLimitHandlerdoes not enforce 0 responseLimit - #10169 - make sure that a ServiceLoader is retrieved before iterating (@RangerRick)
- #10066 - Allow
SAXParserFactoryorSAXParserto be configured in Jetty'sXmlParserclass - Allows for GHSA-58qw-p7qm-5rvh workaround - #9887 - Deprecate
CGIServlet - #9716 - Deprecate
PushSessionCacheFilter - #9660 - Bring back some openid improvements from
jetty-10.0.x - #9476 - onCompleteFailure called multiple times
12.0.0
Important Notes
- New Environment System (ee10 / ee9 / ee8)
- Supports ee10 / ee9 / ee8 at the same time (in different deployed webapps)
- See Jetty 11 to 12 Migration Docs for help finding the new maven coordinates for EE specific artifacts.
- Jetty Core no longer has dependencies on any Jakarta EE Spec
Security Updates
- This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh
Special Thanks to the following Eclipse Jetty community members
@kohlschuetter (Christian Kohlschütter)
@gregpoulos (Greg Poulos)
Changelog
- #10231 - DefaultServlet no longer supports POST and OPTIONS and returns a 405 instead
- #10229 - HttpConfiguration.setIdleTimeout() breaks long running requests
- #10227 - EE10 Unable to use Cookie attributes with
HttpServletResponse.addCookie(jakarta.servlet.http.Cookie) - #10205 - fixes for jetty 12 ee8 websocket demos
- #10178 - Fix demo-spec webapp failures
- #10066 - Allow
SAXParserFactoryorSAXParserto be configured in Jetty'sXmlParserclass - Allows for GHSA-58qw-p7qm-5rvh workaround - #10165 - rename JAVAX_API to JAKARTA_API in ee9 and ee10 Source
- #10155 - EE10 Servlet include after
HttpServletResponse.getWriter().println()omitsContent-Lengthfrom the response - #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
12.0.0.beta4
Changelog
- #10144 - Common code and documentation for dispatched query parameters
- #10141 - welcome-file ignored on jetty12ee10 on exploded deploy, works on ee9 and older jettys.
- #10139 -
DefaultServletnot working with named dispatch in Jetty-12 EE10. - #10134 -
Server.stop()andWebInfConfiguration.deconfigure()can throw aClosedFileSystemExceptionwhen restoring the original base resource - #10131 - Review ERROR query-string handling
- #10102 - Fixes delivery of events to
Response.CompleteListeners. - #10090 - Improved
start.jardry-run command line quoting - #10084 -
ServletApiContext.getResourcePaths()doesn't respect the spec - #10082 - Various cleanups of
StringUtilandTypeUtil - #10081 - Fix replacement logic for
Configurationlists - #10071 - add
SizeLimitHandlerto Jetty-12 - #10068 - Jetty 12: instantiation of
HashLoginService - #10061 - Simplified
URLResourcecleaner - #9444 - Unexpected encoding in
request.getPathInfo()with Jetty 12 beta0
12.0.0.beta3
Changelog
- #9988 - Add constructors accepting the handler to wrap to all core handler wrappers
- #9984 - URLResource.isDirectory() throws a NullPointerException when created from a jar:file: URL
- #9983 - Implement quality lists for Locales
- #9975 - Experiment with a fully async ContentSourceCompletableFuture
- #9973 - Creating a Resource for an entry in a nested jar file in Jetty 12
- #9972 - getResourcePaths fails when a META-INF resource has reserved characters in its filename
- #9966 - NullPointerException with default servlet, include and welcome pages
- #9965 - prevent multiple websocket frames from being demanded in Jetty-12
- #9960 - Custom logging in Jetty 12 beta2 can fail due to NullPointerException in org.eclipse.jetty.server.Request
- #9955 - Jetty 12.0 beta 2 HttpServletResponse::getStatus returns 0 by default
- #9953 - Jetty 12.0 Handle HEAD requests in Handler
- #9946 - Handler passed to Handler in constructor a parent or child?
- #9944 - Remove integer for demand in websocket in Jetty-12
- #9934 - Fix ee10 path info only (alternative)
- #9927 - Jetty 12 inserted handler in ee10 servlet context
- #9925 - Bring back Jetty <12 flexibility of "current context / context handler"
- #9920 - Remove ee10 HttpChannel.Listener
- #9919 - Jetty-12 creates two instances of ArrayByteBufferPool
- #9904 - Experiment/jetty 12 chunk isError and warnings
- #9878 - Fixes and extra testing for EE9 ContextHandler class loading
- #9396 - Improve JPMS testing for websocket in Jetty 12
Dependencies
- #9924 - Upgrade of dependencies: slf4j 2.0.7, and some 3rd parties dependencies used for testing
12.0.0.beta2
Changelog
- #9914 - prevent potential NPE from StartArgs in Jetty-12
- #9911 - fixing JPMS and reactivating the tests
- #9906 - Inconsistent handling of empty "path info" between Jetty 10 and 12
- #9905 - Jetty 12 idletimeout
- #9902 - Jetty 12.0.x ee9 serverpush tck
- #9897 - Various improvements to CyclicTimeouts.
- #9895 - A MessageTooLargeException doesn't close a WebSocket connection
- #9890 - Fix redirect demo; fix links to sources for demos; fix blog link
- #9886 - Remove unused ee10-demo-realm files and add distro test
- #9883 - Jetty 12.0.x 9072 move core ee classes
- #9879 - Jetty-12 rewrite demo not working
- #9867 - Jetty 12 graceful contexts
- #9866 - Jetty 12 context initial ClassLoader
- #9796 - Fix/jetty 12 restore ee n fcgi
- #9792 - Simplified and fixed TryPathsHandler.
- #9790 - Fixed FCGI content parsing.
- #9785 - jetty-12 ee9 contextPath not set correctly on nested ContextHandler
- #9783 - Jetty 12 simplify EchoHandler
- #9774 - jetty-12 ee10 Cross context dispatch is not supported
- #9767 - jetty-12 ee10 ServerPush failures
- #9766 - jetty-12 ee9 ServerPush failures
- #9762 - jetty-12 ee9 Double parsing of cookies
- #9760 - jetty-12 ee9 Omnibus tck failure analysis
- #9750 - jetty-12 ee10 wrong authType for CLIENT-CERT
- #9745 - jetty-12 SecurityHandler role checking with * not correct
- #9743 - jetty-12 ee9 changeSessionId should throw ISE if no exception
- #9740 - Jetty 12 content length 0
- #9734 - Cookie config can be set after SessionHandler is started
- #9733 - FCGI improvements.
- #9731 - Infinite loop with mapped roles
- #9729 - Simplified QuotedStringTokenizer
- #9724 - Jetty 12 immutable ee10 configurations
- #9685 - Jetty doesn't set the date header on error responses
- #9684 - Refine how Request / Channel / Stream completion works
- #9682 - A possible native memory leak through RetainableByteBuffers
- #9657 - jetty-12 ee9 & ee10 Request.upgrade returns null
- #9650 - jetty-12 ee10
ServletApiResponse.resetBufferdoes not check for response being committed - #9649 - jetty-12 ee10 ServletApiResponse.addIntHeader does not ignore headers after response committed
- #9637 - jetty-12 ee10 ServletRequestListeners called too many times on sendError
- #9630 - Jetty 12 - Make Context dumpable
- #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9173 - Configuring SameSite on a per-cookie basis in Jetty 12
- #8885 - Jetty-12, replacement for HttpChannel.Listener
- #8819 - Jetty-12 Improve CustomRequestLog efficiency
Dependencies
- #9917 - Upgrade Guava to 32.0.1
12.0.0.beta1
Changelog
- #6184 Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
- #6483 Jetty http client SSL connectivity over CNTLM proxy fails
- #7608 Jetty-12 MetaData cleanup needed
- #8740 Jetty 12 - Move org.eclipse.jetty.server.context.ManagedAttributes to core
- #9237 Decouple QTP
idleTimeoutfrom pool shrink rate - #9309
jetty.shcannot handle complex Jetty properties fromstart.d/*.ini - #9311 Performance of
ArrayRetainableByteBufferPool.acquire()can degenerate pathologically as the buckets grow in size - #9391 Jetty 12: port/move Jetty WebSocket APIs, client and server to jetty-core
- #9400 Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
- #9408 HugeResourceTest failing
- #9410 Jetty 12: review locking in
MultiPartFormDataandMultiPartByteRanges - #9412 Jetty 12: WebSocket hangs when ServerEndpointConfig.Configurator.getEndpointInstance() throws
- #9438 Jetty 12: Review JakartaWebSocketClientContainer use of reflection
- #9440 Jetty 12: HttpCookieStore should return cookies for "ws" schemes
- #9442 Jetty 12 Documentation Html artifact not populated
- #9444 Unexpected encoding in request.getPathInfo() with Jetty 12 beta 0
- #9459 Path is missing from JSESSIONID cookie in 12 beta 0
- #9463 NPE when starting jetty-ee10-maven-plugin
- #9464 Respect expiry time of ID token
- #9466 WebSocket
DeploymentExceptionis not thrown by client nor server - #9467 Jetty 12 - Review BOMs
- #9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
- #9497 Maven plugin add support for jar projects in
:effective-web-xml - #9501 jetty client with proxy - ssl traffic between both proxy and servers
- #9537 "error-on-el-not-found" behavior is not as specified
- #9552 Jetty 12 - Rewrite of the Jetty WebSocket APIs
- #9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9556 Password Util does not ask for password
- #9617 Update to apache jasper 10.1.7 for jetty-12 ee10
- #9656 jetty-12 ee10 PushBuilderImpl.push must throw IllegalStateException
- #9685 Jetty doesn't set the date header on error responses
11.0.15
Changelog
- #9556 - Password Util does not ask for password
- #9555 - General bug fixes for jetty-start
- #9517 - Jetty 11.0.14 uses wrong pathSpec for request
- #9501 - jetty client with proxy - ssl traffic between both proxy and servers
- #9497 - Maven plugin add support for jar projects in
:effective-web-xml - #9494 - Improved HttpClient TLS documentation about server host name verification
- #9468 - Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
- #9464 - Respect expiry time of ID token
- #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
- #9309 -
jetty.shcannot handle complex Jetty properties fromstart.d/*.ini - #9237 - Decouple QTP
idleTimeoutfrom pool shrink rate - #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
Dependencies
- #9610 - Bump tycho-p2-repository-plugin to 3.0.4
- #9607 - Bump logback-core to 1.3.6
- #9596 - Bump org.eclipse.osgi.util to 3.7.200
- #9591 - Bump json-smart to 2.4.10
- #9581 - Bump commons-compress to 1.23.0
- #9575 - Bump protostream to 4.6.2.Final
- #9574 - Bump org.eclipse.osgi to 3.18.300
- #9558 - Bump asm.version to 9.5