Releases: jetty/jetty.project
Releases · jetty/jetty.project
12.0.0
Important Notes
- New Environment System (ee10 / ee9 / ee8)
- Supports ee10 / ee9 / ee8 at the same time (in different deployed webapps)
- See Jetty 11 to 12 Migration Docs for help finding the new maven coordinates for EE specific artifacts.
- Jetty Core no longer has dependencies on any Jakarta EE Spec
Security Updates
- This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh
Special Thanks to the following Eclipse Jetty community members
@kohlschuetter (Christian Kohlschütter)
@gregpoulos (Greg Poulos)
Changelog
- #10231 - DefaultServlet no longer supports POST and OPTIONS and returns a 405 instead
- #10229 - HttpConfiguration.setIdleTimeout() breaks long running requests
- #10227 - EE10 Unable to use Cookie attributes with
HttpServletResponse.addCookie(jakarta.servlet.http.Cookie)
- #10205 - fixes for jetty 12 ee8 websocket demos
- #10178 - Fix demo-spec webapp failures
- #10066 - Allow
SAXParserFactory
orSAXParser
to be configured in Jetty'sXmlParser
class - Allows for GHSA-58qw-p7qm-5rvh workaround - #10165 - rename JAVAX_API to JAKARTA_API in ee9 and ee10 Source
- #10155 - EE10 Servlet include after
HttpServletResponse.getWriter().println()
omitsContent-Length
from the response - #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
12.0.0.beta4
Changelog
- #10144 - Common code and documentation for dispatched query parameters
- #10141 - welcome-file ignored on jetty12ee10 on exploded deploy, works on ee9 and older jettys.
- #10139 -
DefaultServlet
not working with named dispatch in Jetty-12 EE10. - #10134 -
Server.stop()
andWebInfConfiguration.deconfigure()
can throw aClosedFileSystemException
when restoring the original base resource - #10131 - Review ERROR query-string handling
- #10102 - Fixes delivery of events to
Response.CompleteListener
s. - #10090 - Improved
start.jar
dry-run command line quoting - #10084 -
ServletApiContext.getResourcePaths()
doesn't respect the spec - #10082 - Various cleanups of
StringUtil
andTypeUtil
- #10081 - Fix replacement logic for
Configuration
lists - #10071 - add
SizeLimitHandler
to Jetty-12 - #10068 - Jetty 12: instantiation of
HashLoginService
- #10061 - Simplified
URLResource
cleaner - #9444 - Unexpected encoding in
request.getPathInfo()
with Jetty 12 beta0
12.0.0.beta3
Changelog
- #9988 - Add constructors accepting the handler to wrap to all core handler wrappers
- #9984 - URLResource.isDirectory() throws a NullPointerException when created from a jar:file: URL
- #9983 - Implement quality lists for Locales
- #9975 - Experiment with a fully async ContentSourceCompletableFuture
- #9973 - Creating a Resource for an entry in a nested jar file in Jetty 12
- #9972 - getResourcePaths fails when a META-INF resource has reserved characters in its filename
- #9966 - NullPointerException with default servlet, include and welcome pages
- #9965 - prevent multiple websocket frames from being demanded in Jetty-12
- #9960 - Custom logging in Jetty 12 beta2 can fail due to NullPointerException in org.eclipse.jetty.server.Request
- #9955 - Jetty 12.0 beta 2 HttpServletResponse::getStatus returns 0 by default
- #9953 - Jetty 12.0 Handle HEAD requests in Handler
- #9946 - Handler passed to Handler in constructor a parent or child?
- #9944 - Remove integer for demand in websocket in Jetty-12
- #9934 - Fix ee10 path info only (alternative)
- #9927 - Jetty 12 inserted handler in ee10 servlet context
- #9925 - Bring back Jetty <12 flexibility of "current context / context handler"
- #9920 - Remove ee10 HttpChannel.Listener
- #9919 - Jetty-12 creates two instances of ArrayByteBufferPool
- #9904 - Experiment/jetty 12 chunk isError and warnings
- #9878 - Fixes and extra testing for EE9 ContextHandler class loading
- #9396 - Improve JPMS testing for websocket in Jetty 12
Dependencies
- #9924 - Upgrade of dependencies: slf4j 2.0.7, and some 3rd parties dependencies used for testing
12.0.0.beta2
Changelog
- #9914 - prevent potential NPE from StartArgs in Jetty-12
- #9911 - fixing JPMS and reactivating the tests
- #9906 - Inconsistent handling of empty "path info" between Jetty 10 and 12
- #9905 - Jetty 12 idletimeout
- #9902 - Jetty 12.0.x ee9 serverpush tck
- #9897 - Various improvements to CyclicTimeouts.
- #9895 - A MessageTooLargeException doesn't close a WebSocket connection
- #9890 - Fix redirect demo; fix links to sources for demos; fix blog link
- #9886 - Remove unused ee10-demo-realm files and add distro test
- #9883 - Jetty 12.0.x 9072 move core ee classes
- #9879 - Jetty-12 rewrite demo not working
- #9867 - Jetty 12 graceful contexts
- #9866 - Jetty 12 context initial ClassLoader
- #9796 - Fix/jetty 12 restore ee n fcgi
- #9792 - Simplified and fixed TryPathsHandler.
- #9790 - Fixed FCGI content parsing.
- #9785 - jetty-12 ee9 contextPath not set correctly on nested ContextHandler
- #9783 - Jetty 12 simplify EchoHandler
- #9774 - jetty-12 ee10 Cross context dispatch is not supported
- #9767 - jetty-12 ee10 ServerPush failures
- #9766 - jetty-12 ee9 ServerPush failures
- #9762 - jetty-12 ee9 Double parsing of cookies
- #9760 - jetty-12 ee9 Omnibus tck failure analysis
- #9750 - jetty-12 ee10 wrong authType for CLIENT-CERT
- #9745 - jetty-12 SecurityHandler role checking with * not correct
- #9743 - jetty-12 ee9 changeSessionId should throw ISE if no exception
- #9740 - Jetty 12 content length 0
- #9734 - Cookie config can be set after SessionHandler is started
- #9733 - FCGI improvements.
- #9731 - Infinite loop with mapped roles
- #9729 - Simplified QuotedStringTokenizer
- #9724 - Jetty 12 immutable ee10 configurations
- #9685 - Jetty doesn't set the date header on error responses
- #9684 - Refine how Request / Channel / Stream completion works
- #9682 - A possible native memory leak through RetainableByteBuffers
- #9657 - jetty-12 ee9 & ee10 Request.upgrade returns null
- #9650 - jetty-12 ee10
ServletApiResponse.resetBuffer
does not check for response being committed - #9649 - jetty-12 ee10 ServletApiResponse.addIntHeader does not ignore headers after response committed
- #9637 - jetty-12 ee10 ServletRequestListeners called too many times on sendError
- #9630 - Jetty 12 - Make Context dumpable
- #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9173 - Configuring SameSite on a per-cookie basis in Jetty 12
- #8885 - Jetty-12, replacement for HttpChannel.Listener
- #8819 - Jetty-12 Improve CustomRequestLog efficiency
Dependencies
- #9917 - Upgrade Guava to 32.0.1
12.0.0.beta1
Changelog
- #6184 Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
- #6483 Jetty http client SSL connectivity over CNTLM proxy fails
- #7608 Jetty-12 MetaData cleanup needed
- #8740 Jetty 12 - Move org.eclipse.jetty.server.context.ManagedAttributes to core
- #9237 Decouple QTP
idleTimeout
from pool shrink rate - #9309
jetty.sh
cannot handle complex Jetty properties fromstart.d/*.ini
- #9311 Performance of
ArrayRetainableByteBufferPool.acquire()
can degenerate pathologically as the buckets grow in size - #9391 Jetty 12: port/move Jetty WebSocket APIs, client and server to jetty-core
- #9400 Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
- #9408 HugeResourceTest failing
- #9410 Jetty 12: review locking in
MultiPartFormData
andMultiPartByteRanges
- #9412 Jetty 12: WebSocket hangs when ServerEndpointConfig.Configurator.getEndpointInstance() throws
- #9438 Jetty 12: Review JakartaWebSocketClientContainer use of reflection
- #9440 Jetty 12: HttpCookieStore should return cookies for "ws" schemes
- #9442 Jetty 12 Documentation Html artifact not populated
- #9444 Unexpected encoding in request.getPathInfo() with Jetty 12 beta 0
- #9459 Path is missing from JSESSIONID cookie in 12 beta 0
- #9463 NPE when starting jetty-ee10-maven-plugin
- #9466 WebSocket
DeploymentException
is not thrown by client nor server - #9467 Jetty 12 - Review BOMs
- #9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
- #9497 Maven plugin add support for jar projects in
:effective-web-xml
- #9501 jetty client with proxy - ssl traffic between both proxy and servers
- #9516 Remove CGI Servlet (CVE-2023-40167)
- #9537 "error-on-el-not-found" behavior is not as specified
- #9552 Jetty 12 - Rewrite of the Jetty WebSocket APIs
- #9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
- #9556 Password Util does not ask for password
- #9617 Update to apache jasper 10.1.7 for jetty-12 ee10
- #9656 jetty-12 ee10 PushBuilderImpl.push must throw IllegalStateException
- #9685 Jetty doesn't set the date header on error responses
11.0.15
Security Updates
This release addresses:
Changelog
- #9556 - Password Util does not ask for password
- #9555 - General bug fixes for jetty-start
- #9517 - Jetty 11.0.14 uses wrong pathSpec for request
- #9501 - jetty client with proxy - ssl traffic between both proxy and servers
- #9497 - Maven plugin add support for jar projects in
:effective-web-xml
- #9494 - Improved HttpClient TLS documentation about server host name verification
- #9468 - Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
- #9464 - Add optional configuration to log user out after OpenID idToken expires (CVE-2023-41900)
- #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
- #9309 -
jetty.sh
cannot handle complex Jetty properties fromstart.d/*.ini
- #9237 - Decouple QTP
idleTimeout
from pool shrink rate - #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
Dependencies
- #9610 - Bump tycho-p2-repository-plugin to 3.0.4
- #9607 - Bump logback-core to 1.3.6
- #9596 - Bump org.eclipse.osgi.util to 3.7.200
- #9591 - Bump json-smart to 2.4.10
- #9581 - Bump commons-compress to 1.23.0
- #9575 - Bump protostream to 4.6.2.Final
- #9574 - Bump org.eclipse.osgi to 3.18.300
- #9558 - Bump asm.version to 9.5
10.0.15
Security Updates
This release addresses:
Changelog
- #9556 - Password Util does not ask for password
- #9555 - General bug fixes for jetty-start
- #9517 - Jetty 10.0.14 uses wrong pathSpec for request
- #9501 - jetty client with proxy - ssl traffic between both proxy and servers
- #9497 - Maven plugin add support for jar projects in
:effective-web-xml
- #9494 - Improved HttpClient TLS documentation about server host name verification
- #9468 - Jetty 10.0.14 is less tolerant of non-compliant cookies than 10.0.13
- #9464 - Add optional configuration to log user out after OpenID idToken expires (CVE-2023-41900)
- #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
- #9309 -
jetty.sh
cannot handle complex Jetty properties fromstart.d/*.ini
- #9237 - Decouple QTP
idleTimeout
from pool shrink rate - #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
Dependencies
- #9610 - Bump tycho-p2-repository-plugin to 3.0.4
- #9607 - Bump logback-core to 1.3.6
- #9596 - Bump org.eclipse.osgi.util to 3.7.200
- #9591 - Bump json-smart to 2.4.10
- #9581 - Bump commons-compress to 1.23.0
- #9575 - Bump protostream to 4.6.2.Final
- #9574 - Bump org.eclipse.osgi to 3.18.300
- #9558 - Bump asm.version to 9.5
12.0.0.beta0
Special Thanks to the following Eclipse Jetty community members
- @kohlschuetter (Christian Kohlschütter)
- @gregpoulos (Greg Poulos)
Changelog
- #9403 - TCK failure: DefaultServlet only sets status 404 instead of sending 404 response
- #9390 - Moved implementation methods ensure*() from the Response interface
- #9388 - Javadocs for Response and Context.
- #9385 - Rename process to handle
- #9383 - Reinstate ee9 jetty runner.
- #9382 - Remove jetty-ant
- #9356 - cleanup of websocket to fix JPMS warnings
- #9336 - Review LifeCycle of Parts in Jetty 12
- #9335 - Jetty 12 - Review client notifiers
- #9318 - Redo Handler renaming
- #9305 - Rename Handler Nested & Collection
- #9301 - JSTL fails in JPMS
- #9293 - Jetty 12 - Relax JPMS dependencies
- #9288 - Jetty 12 - Use oej.http.HttpCookie in jetty-client
- #9275 - Jetty-12 H3 tests passing after 30s timeout
- #9234 - Fix some JPMS issues for websocket-core
- #9230 - Remove duplicate osgi dependency declarations in top level pom
- #9227 - Fixed DetectorConnection buffer lifecycle.
- #9223 - Jetty 12 - Added a core Session abstraction
- #9220 - Fix/jetty 12 reorganize session tests
- #9213 - Converted PathMappings to be an AbstractMap
- #9210 - Jetty 12 - Review Pool and Pool.Entry
- #9207 - Jetty 12 - Fixing simple
@named
virtualhost configuration - #9205 - Jetty 12 - New HTTP Cookie interface
- #9202 - Jetty 12 - Add and allow plural form of existing
start.jar
args. - #9201 - Jetty 12 - Cleanup Shutdown classes
- #9191 - Jetty-12 Remove usage of HandlerList and reduce usage of Handler.Collection
- #9189 - Uncomment websocket deps for ee9 jetty maven plugin
- #9187 - Jetty 12.0.x Documentation: Logging section in operations manual (@gregpoulos)
- #9182 - Jetty 12 - Public version of JakartaWebSocketServerContainer
- #9174 - Jetty 12 - Introduce
GracefulShutdownHandler
and Test - #9173 - Configuring SameSite on a per-cookie basis in Jetty 12
- #9171 - Jetty 12 - Fix for HttpParser quick HTTP Version lookahead
- #9166 - Jetty 12: review/remove ByteBufferPool (@kohlschuetter)
- #9165 - Jetty 12 - Javadoc cleanup & new inspection profile
- #9159 - Jetty 12 simplify Retainable.canRetain usage
- #9158 - Jetty 12.0.x 9131 remove path watcher
- #9156 - Ensure all eeX versions of the plugin use prefix "jetty"
- #9153 - Jetty 12 temp directory cleanup
- #9152 - For consistency, convert "JETTY_HOME" attribute to "jetty-home" (@gregpoulos)
- #9151 - Jetty 12.0.x document modules (@gregpoulos)
- #9149 - Jetty 12 - Add tests in util/resource for alternate FileSystem implementations
- #9145 - Failure when running
add-module
for openid, websocket, and stats modules - #9141 - Thread-safe Content.Chunk#slice
- #9136 - util: Add support for GraalVM Native-Image resource:-URIs and Paths (@kohlschuetter)
- #9127 - Reorganization of jetty-client classes.
- #9115 - Use method references instead of reflection in TypeUtil (@kohlschuetter)
- #9096 - Jetty 12.0.x documentation (@gregpoulos)
- #9090 - keep matching exception to found errorpage
- #9077 - Jetty 12.0.x h2c perf improvement: implement equals/hashcode in Stream
- #9075 - Simpler TreeTrie.isEmpty() method
- #9074 - TCK: Dispatch forward and includes attributes do not meet the spec
- #9068 - Jetty 12.0.x osgi
- #9067 - TCK DefaultServlet handling of dispatch include incorrect
- #9066 - TCK multipart not set as request parameter
- #9061 - Async not supported without wrappers
- #9058 - Enable all jetty-deploy tests
- #9057 - Jetty 12.0.x ee10 convert cookie
- #9051 - Review Jetty-12 DelayedHandler
- #9048 - Test for ee10 response commit
- #9046 - Fix jetty-12 tck tests com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionTest and com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionxTest
- #9043 - Create StaticHttpContentFactory and other cleanups
- #9037 - response#getWriter should throw UnsupportedEncodingException in case of bad character encoding used
- #9035 - Jetty 12 handler as boolean processor
- #9033 - Merge Release 12.0.0.alpha3
- #9027 - Fix lag in pom versions.
- #8993 -
Content.Chunk.isTerminal()
cannot discriminateEOF
from chunks containing a pooled empty buffer - #8991 - Review naming of FrameHandler.isDemanding() in Jetty 12
- #8984 - Jetty 12 - Attributes dump is not working
- #8981 - Rework client content listeners
- #8069 - Jetty 12 is missing a way to record server latencies
11.0.14
Special Thanks to the following Eclipse Jetty community members
Changelog
- #9344 - Cleanup Multipart handling for CVE-2023-26048
- #9343 - URI Host Mismatch with optional Compliance modes
- #9339 - Cleanup Cookie Cutter handling for CVE-2023-26049
- #9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (@jluehe)
- #9334 - Better support for Cookie RFC 2965 compliance
- #9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain
- #9283 - Configurable Unsafe Host Header Behaviors
- #9188 - Log as info exceptions from server after sending stop with StopMojo.
- #9183 - ConnectHandler may close the connection instead of sending 200 OK
- #9181 java.lang.NullPointerException in SessionHandler.checkRequestedSessionId()
- #9128 - Do not execute any phase for maven plugin :start (@pzygielo)
- #9119 - Wrong value of javax.servlet.forward.context_path attribute
- #9092 - Use ASM Bom
- #9059 - IteratingCallback not serializing close() and failed()
- #9055 - PathMappings optimizations
- #7650 - QueuedThreadPool: Stopped without executing or closing null (@dzoech)
Dependencies
- #9271 - Bump infinispan-bom to 11.0.17.Final
- #9359 - Bump maven.version to 3.9.0
- #9375 - Bump jakarta.servlet.jsp-api to 3.1.1
- #9102 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.6
- #9098 - Bump org.eclipse.osgi to 3.18.200
- #9106 - Bump org.eclipse.osgi.services to 3.11.100
- #9097 - Bump protostream to 4.6.0.Final
- #9367 - Bump tycho-p2-repository-plugin to 3.0.2
10.0.14
Special Thanks to the following Eclipse Jetty community members
Changelog
- #9344 - Cleanup Multipart handling for CVE-2023-26048
- #9343 - URI Host Mismatch with optional Compliance modes
- #9339 - Cleanup Cookie Cutter handling for CVE-2023-26049
- #9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (@jluehe)
- #9334 - Better support for Cookie RFC 2965 compliance
- #9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain
- #9283 - Configurable Unsafe Host Header Behaviors
- #9188 - Log as info exceptions from server after sending stop with StopMojo.
- #9183 - ConnectHandler may close the connection instead of sending 200 OK
- #9128 - Do not execute any phase for maven plugin :start (@pzygielo)
- #9119 - Wrong value of javax.servlet.forward.context_path attribute
- #9092 - Use ASM Bom
- #9059 - IteratingCallback not serializing close() and failed()
- #9055 - PathMappings optimizations
- #7650 - QueuedThreadPool: Stopped without executing or closing null (@dzoech)
Dependencies
- #9242 - Bump infinispan-bom to 11.0.17.Final
- #9359 - Bump maven.version to 3.9.0
- #9102 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.6
- #9098 - Bump org.eclipse.osgi to 3.18.200
- #9106 - Bump org.eclipse.osgi.services to 3.11.100
- #9097 - Bump protostream to 4.6.0.Final
- #9367 - Bump tycho-p2-repository-plugin to 3.0.2