Skip to content

11.0.10
Compare
Choose a tag to compare
@joakime joakime released this 20 Jun 19:17
· 1236 commits to jetty-10.0.x since this release
jetty-11.0.10
d21dded
This commit was signed with the committer’s verified signature.
joakime Joakim Erdfelt
GPG key ID: 2D0E1FB8FE4B68B4
Learn about vigilant mode.

Fixed Security Advisories

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
  • #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
  • #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
  • #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
  • #8057 - Support Http Response 103 (Early Hints)
  • #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
  • #8008 - Add compliance mode for LEGACY multipart parser in Jetty
  • #7994 - Ability to construct a detached client Request
  • #7991 - fix bom for jetty-cdi
  • #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
  • #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
  • #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
  • #7953 - Fix StatisticsHandler in the case a Handler throws exception.
  • #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
  • #7929 - Correct requestlog formatString commented default (@prenagha)
  • #7924 - Fix a typo in Javadoc (@jianglai)
  • #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
  • #7891 - Better Servlet PathMappings for Regex
  • #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@markslater)
  • #7863 - Default servlet drops first accept-encoding header if there is more than one. (@markslater)
  • #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
  • #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty
  • #7803 - unwrap exception until we get the first non ServletException, as this can be wrap of wrap of wrap when using ContextHandlerCollection
  • #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
  • #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
  • #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
  • #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
  • #4414 - GZipHandler not excluding inflation for specified paths
  • #1771 - Add module for SecuredRedirect support

Dependencies

  • #8083 - Bump asciidoctorj to 2.5.4
  • #8077 - Bump asciidoctorj-diagram to 2.2.3
  • #7839 - Bump asm.version to 9.3
  • #8142 - Bump biz.aQute.bndlib to 6.3.1
  • #8075 - Bump checkstyle to 10.3
  • #8056 - Bump error_prone_annotations to 2.14.0
  • #8109 - Bump google-cloud-datastore to 2.7.0
  • #8100 - Bump grpc-core to 1.47.0
  • #7987 - Bump hawtio-default to 2.15.0
  • #7934 - Bump hazelcast.version to 4.2.5
  • #8003 - Bump jackson-annotations to 2.13.3
  • #8004 - Bump jackson-core to 2.13.3
  • #7997 - Bump jackson-databind to 2.13.3
  • #7849 - Bump jacoco-maven-plugin to 0.8.8
  • #7830 - Bump jakarta.annotation-api to 2.1.0
  • #7913 - Bump jakarta.ws.rs-api to 3.1.0
  • #7937 - Bump jboss-logging to 3.5.0.Final
  • #7815 - Bump jnr-ffi to 2.2.12
  • #7967 - Bump kerb-simplekdc to 2.0.2
  • #8029 - Bump logback-core to 1.3.0-alpha16
  • #8064 - Bump mariadb-java-client to 3.0.5
  • #7908 - Bump maven-antrun-plugin to 3.1.0
  • #8001 - Bump maven-bundle-plugin to 5.1.6
  • #7843 - Bump maven-clean-plugin to 3.2.0
  • #8080 - Bump maven-invoker-plugin to 3.3.0
  • #7902 - Bump maven-javadoc-plugin to 3.4.0
  • #8079 - Bump maven-scm-provider-jgit to 1.13.0
  • #7904 - Bump maven-site-plugin to 3.12.0
  • #7900 - Bump maven.resolver.version to 1.8.0
  • #7915 - Bump mongo-java-driver to 3.12.11
  • #8108 - Bump openwebbeans.version to 2.0.27
  • #7877 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
  • #8123 - Bump org.apache.felix.framework to 7.0.5
  • #8019 - Bump plexus-utils to 3.4.2
  • #7944 - Bump protostream to 4.4.3.Final
  • #8030 - Bump spotbugs-maven-plugin to 4.7.0.0
  • #8031 - Bump testcontainers-bom to 1.17.2
  • #7972 - Bump tycho-p2-repository-plugin to 2.7.3
  • #8038 - Bump versions-maven-plugin to 2.11.0

Contributors

prenagha, markslater, and jianglai
Assets 2
Loading