chore(deps): bump jetty.version from 9.4.27.v20200227 to 9.4.43.v20210629

[dependabot]

Bumps jetty.version from 9.4.27.v20200227 to 9.4.43.v20210629.
Updates jetty-maven-plugin from 9.4.27.v20200227 to 9.4.43.v20210629

Release notes

Sourced from jetty-maven-plugin's releases.

9.4.43.v20210629

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6470 - java.nio.ReadOnlyBufferException
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169 and CVE-2021-34428
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content

... (truncated)

Commits

• 526006e Updating to version 9.4.43.v20210629
• 40535f1 Merge pull request #6486 from eclipse/jetty-9.4.x-6470-MessageInputStreamEOF
• 039a539 Issue #6470 - prevent EOF being released back into pool
• f045b5a Issue #6473 - Improve alias checking in PathResource. (#6477)
• 16d8b23 #6455 disable MaxDuration mechanism in testConnectionMaxUsage as it clashes w...
• 122a78a Issue #6473 - canonicalPath refactor & fix alias check in PathResource (#6474)
• a02ade7 Merge pull request #6456 from eclipse/jetty-9.4.x-6383-FileBufferedResponseHa...
• a3effb1 Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6467)
• 97b52e4 Merge pull request #6462 from eclipse/jetty-9.4.x-documentationFix
• 4289716 fix documentation format in community.adoc
• Additional commits viewable in compare view

Updates jetty-webapp from 9.4.27.v20200227 to 9.4.43.v20210629

Release notes

Sourced from jetty-webapp's releases.

9.4.43.v20210629

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6470 - java.nio.ReadOnlyBufferException
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169 and CVE-2021-34428
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content

... (truncated)

Commits

• 526006e Updating to version 9.4.43.v20210629
• 40535f1 Merge pull request #6486 from eclipse/jetty-9.4.x-6470-MessageInputStreamEOF
• 039a539 Issue #6470 - prevent EOF being released back into pool
• f045b5a Issue #6473 - Improve alias checking in PathResource. (#6477)
• 16d8b23 #6455 disable MaxDuration mechanism in testConnectionMaxUsage as it clashes w...
• 122a78a Issue #6473 - canonicalPath refactor & fix alias check in PathResource (#6474)
• a02ade7 Merge pull request #6456 from eclipse/jetty-9.4.x-6383-FileBufferedResponseHa...
• a3effb1 Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6467)
• 97b52e4 Merge pull request #6462 from eclipse/jetty-9.4.x-documentationFix
• 4289716 fix documentation format in community.adoc
• Additional commits viewable in compare view

Updates jetty-continuation from 9.4.27.v20200227 to 9.4.43.v20210629

Updates jetty-annotations from 9.4.27.v20200227 to 9.4.43.v20210629

Release notes

Sourced from jetty-annotations's releases.

9.4.43.v20210629

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6470 - java.nio.ReadOnlyBufferException
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169 and CVE-2021-34428
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content

... (truncated)

Commits

• 526006e Updating to version 9.4.43.v20210629
• 40535f1 Merge pull request #6486 from eclipse/jetty-9.4.x-6470-MessageInputStreamEOF
• 039a539 Issue #6470 - prevent EOF being released back into pool
• f045b5a Issue #6473 - Improve alias checking in PathResource. (#6477)
• 16d8b23 #6455 disable MaxDuration mechanism in testConnectionMaxUsage as it clashes w...
• 122a78a Issue #6473 - canonicalPath refactor & fix alias check in PathResource (#6474)
• a02ade7 Merge pull request #6456 from eclipse/jetty-9.4.x-6383-FileBufferedResponseHa...
• a3effb1 Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6467)
• 97b52e4 Merge pull request #6462 from eclipse/jetty-9.4.x-documentationFix
• 4289716 fix documentation format in community.adoc
• Additional commits viewable in compare view

Updates websocket-server from 9.4.27.v20200227 to 9.4.43.v20210629

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)