Skip to content

Releases: jetty/jetty.project

12.0.0

07 Aug 20:10
52d9417
Compare
Choose a tag to compare

Important Notes

  • New Environment System (ee10 / ee9 / ee8)
  • Supports ee10 / ee9 / ee8 at the same time (in different deployed webapps)
  • Jetty Core no longer has dependencies on any Jakarta EE Spec

Security Updates

Special Thanks to the following Eclipse Jetty community members

@kohlschuetter (Christian Kohlschütter)
@gregpoulos (Greg Poulos)

Changelog

  • #10231 - DefaultServlet no longer supports POST and OPTIONS and returns a 405 instead
  • #10229 - HttpConfiguration.setIdleTimeout() breaks long running requests
  • #10227 - EE10 Unable to use Cookie attributes with HttpServletResponse.addCookie(jakarta.servlet.http.Cookie)
  • #10205 - fixes for jetty 12 ee8 websocket demos
  • #10178 - Fix demo-spec webapp failures
  • #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
  • #10165 - rename JAVAX_API to JAKARTA_API in ee9 and ee10 Source
  • #10155 - EE10 Servlet include after HttpServletResponse.getWriter().println() omits Content-Length from the response
  • #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.

12.0.0.beta4

27 Jul 15:22
2fab7ac
Compare
Choose a tag to compare
12.0.0.beta4 Pre-release
Pre-release

Changelog

  • #10144 - Common code and documentation for dispatched query parameters
  • #10141 - welcome-file ignored on jetty12ee10 on exploded deploy, works on ee9 and older jettys.
  • #10139 - DefaultServlet not working with named dispatch in Jetty-12 EE10.
  • #10134 - Server.stop() and WebInfConfiguration.deconfigure() can throw a ClosedFileSystemException when restoring the original base resource
  • #10131 - Review ERROR query-string handling
  • #10102 - Fixes delivery of events to Response.CompleteListeners.
  • #10090 - Improved start.jar dry-run command line quoting
  • #10084 - ServletApiContext.getResourcePaths() doesn't respect the spec
  • #10082 - Various cleanups of StringUtil and TypeUtil
  • #10081 - Fix replacement logic for Configuration lists
  • #10071 - add SizeLimitHandler to Jetty-12
  • #10068 - Jetty 12: instantiation of HashLoginService
  • #10061 - Simplified URLResource cleaner
  • #9444 - Unexpected encoding in request.getPathInfo() with Jetty 12 beta0

12.0.0.beta3

18 Jul 10:07
c19a581
Compare
Choose a tag to compare
12.0.0.beta3 Pre-release
Pre-release

Changelog

  • #9988 - Add constructors accepting the handler to wrap to all core handler wrappers
  • #9984 - URLResource.isDirectory() throws a NullPointerException when created from a jar:file: URL
  • #9983 - Implement quality lists for Locales
  • #9975 - Experiment with a fully async ContentSourceCompletableFuture
  • #9973 - Creating a Resource for an entry in a nested jar file in Jetty 12
  • #9972 - getResourcePaths fails when a META-INF resource has reserved characters in its filename
  • #9966 - NullPointerException with default servlet, include and welcome pages
  • #9965 - prevent multiple websocket frames from being demanded in Jetty-12
  • #9960 - Custom logging in Jetty 12 beta2 can fail due to NullPointerException in org.eclipse.jetty.server.Request
  • #9955 - Jetty 12.0 beta 2 HttpServletResponse::getStatus returns 0 by default
  • #9953 - Jetty 12.0 Handle HEAD requests in Handler
  • #9946 - Handler passed to Handler in constructor a parent or child?
  • #9944 - Remove integer for demand in websocket in Jetty-12
  • #9934 - Fix ee10 path info only (alternative)
  • #9927 - Jetty 12 inserted handler in ee10 servlet context
  • #9925 - Bring back Jetty <12 flexibility of "current context / context handler"
  • #9920 - Remove ee10 HttpChannel.Listener
  • #9919 - Jetty-12 creates two instances of ArrayByteBufferPool
  • #9904 - Experiment/jetty 12 chunk isError and warnings
  • #9878 - Fixes and extra testing for EE9 ContextHandler class loading
  • #9396 - Improve JPMS testing for websocket in Jetty 12

Dependencies

  • #9924 - Upgrade of dependencies: slf4j 2.0.7, and some 3rd parties dependencies used for testing

12.0.0.beta2

19 Jun 00:39
c19a581
Compare
Choose a tag to compare
12.0.0.beta2 Pre-release
Pre-release

Changelog

  • #9914 - prevent potential NPE from StartArgs in Jetty-12
  • #9911 - fixing JPMS and reactivating the tests
  • #9906 - Inconsistent handling of empty "path info" between Jetty 10 and 12
  • #9905 - Jetty 12 idletimeout
  • #9902 - Jetty 12.0.x ee9 serverpush tck
  • #9897 - Various improvements to CyclicTimeouts.
  • #9895 - A MessageTooLargeException doesn't close a WebSocket connection
  • #9890 - Fix redirect demo; fix links to sources for demos; fix blog link
  • #9886 - Remove unused ee10-demo-realm files and add distro test
  • #9883 - Jetty 12.0.x 9072 move core ee classes
  • #9879 - Jetty-12 rewrite demo not working
  • #9867 - Jetty 12 graceful contexts
  • #9866 - Jetty 12 context initial ClassLoader
  • #9796 - Fix/jetty 12 restore ee n fcgi
  • #9792 - Simplified and fixed TryPathsHandler.
  • #9790 - Fixed FCGI content parsing.
  • #9785 - jetty-12 ee9 contextPath not set correctly on nested ContextHandler
  • #9783 - Jetty 12 simplify EchoHandler
  • #9774 - jetty-12 ee10 Cross context dispatch is not supported
  • #9767 - jetty-12 ee10 ServerPush failures
  • #9766 - jetty-12 ee9 ServerPush failures
  • #9762 - jetty-12 ee9 Double parsing of cookies
  • #9760 - jetty-12 ee9 Omnibus tck failure analysis
  • #9750 - jetty-12 ee10 wrong authType for CLIENT-CERT
  • #9745 - jetty-12 SecurityHandler role checking with * not correct
  • #9743 - jetty-12 ee9 changeSessionId should throw ISE if no exception
  • #9740 - Jetty 12 content length 0
  • #9734 - Cookie config can be set after SessionHandler is started
  • #9733 - FCGI improvements.
  • #9731 - Infinite loop with mapped roles
  • #9729 - Simplified QuotedStringTokenizer
  • #9724 - Jetty 12 immutable ee10 configurations
  • #9685 - Jetty doesn't set the date header on error responses
  • #9684 - Refine how Request / Channel / Stream completion works
  • #9682 - A possible native memory leak through RetainableByteBuffers
  • #9657 - jetty-12 ee9 & ee10 Request.upgrade returns null
  • #9650 - jetty-12 ee10 ServletApiResponse.resetBuffer does not check for response being committed
  • #9649 - jetty-12 ee10 ServletApiResponse.addIntHeader does not ignore headers after response committed
  • #9637 - jetty-12 ee10 ServletRequestListeners called too many times on sendError
  • #9630 - Jetty 12 - Make Context dumpable
  • #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
  • #9173 - Configuring SameSite on a per-cookie basis in Jetty 12
  • #8885 - Jetty-12, replacement for HttpChannel.Listener
  • #8819 - Jetty-12 Improve CustomRequestLog efficiency

Dependencies

  • #9917 - Upgrade Guava to 32.0.1

12.0.0.beta1

02 May 21:52
f98b345
Compare
Choose a tag to compare
12.0.0.beta1 Pre-release
Pre-release

Changelog

  • #6184 Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM
  • #6483 Jetty http client SSL connectivity over CNTLM proxy fails
  • #7608 Jetty-12 MetaData cleanup needed
  • #8740 Jetty 12 - Move org.eclipse.jetty.server.context.ManagedAttributes to core
  • #9237 Decouple QTP idleTimeout from pool shrink rate
  • #9309 jetty.sh cannot handle complex Jetty properties from start.d/*.ini
  • #9311 Performance of ArrayRetainableByteBufferPool.acquire() can degenerate pathologically as the buckets grow in size
  • #9391 Jetty 12: port/move Jetty WebSocket APIs, client and server to jetty-core
  • #9400 Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
  • #9408 HugeResourceTest failing
  • #9410 Jetty 12: review locking in MultiPartFormData and MultiPartByteRanges
  • #9412 Jetty 12: WebSocket hangs when ServerEndpointConfig.Configurator.getEndpointInstance() throws
  • #9438 Jetty 12: Review JakartaWebSocketClientContainer use of reflection
  • #9440 Jetty 12: HttpCookieStore should return cookies for "ws" schemes
  • #9442 Jetty 12 Documentation Html artifact not populated
  • #9444 Unexpected encoding in request.getPathInfo() with Jetty 12 beta 0
  • #9459 Path is missing from JSESSIONID cookie in 12 beta 0
  • #9463 NPE when starting jetty-ee10-maven-plugin
  • #9466 WebSocket DeploymentException is not thrown by client nor server
  • #9467 Jetty 12 - Review BOMs
  • #9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
  • #9497 Maven plugin add support for jar projects in :effective-web-xml
  • #9501 jetty client with proxy - ssl traffic between both proxy and servers
  • #9516 Remove CGI Servlet (CVE-2023-40167)
  • #9537 "error-on-el-not-found" behavior is not as specified
  • #9552 Jetty 12 - Rewrite of the Jetty WebSocket APIs
  • #9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
  • #9556 Password Util does not ask for password
  • #9617 Update to apache jasper 10.1.7 for jetty-12 ee10
  • #9656 jetty-12 ee10 PushBuilderImpl.push must throw IllegalStateException
  • #9685 Jetty doesn't set the date header on error responses

11.0.15

13 Apr 20:07
5bc5e56
Compare
Choose a tag to compare

Security Updates

This release addresses:

Changelog

  • #9556 - Password Util does not ask for password
  • #9555 - General bug fixes for jetty-start
  • #9517 - Jetty 11.0.14 uses wrong pathSpec for request
  • #9501 - jetty client with proxy - ssl traffic between both proxy and servers
  • #9497 - Maven plugin add support for jar projects in :effective-web-xml
  • #9494 - Improved HttpClient TLS documentation about server host name verification
  • #9468 - Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
  • #9464 - Add optional configuration to log user out after OpenID idToken expires (CVE-2023-41900)
  • #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
  • #9309 - jetty.sh cannot handle complex Jetty properties from start.d/*.ini
  • #9237 - Decouple QTP idleTimeout from pool shrink rate
  • #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM

Dependencies

  • #9610 - Bump tycho-p2-repository-plugin to 3.0.4
  • #9607 - Bump logback-core to 1.3.6
  • #9596 - Bump org.eclipse.osgi.util to 3.7.200
  • #9591 - Bump json-smart to 2.4.10
  • #9581 - Bump commons-compress to 1.23.0
  • #9575 - Bump protostream to 4.6.2.Final
  • #9574 - Bump org.eclipse.osgi to 3.18.300
  • #9558 - Bump asm.version to 9.5

10.0.15

13 Apr 20:07
68017db
Compare
Choose a tag to compare

Security Updates

This release addresses:

Changelog

  • #9556 - Password Util does not ask for password
  • #9555 - General bug fixes for jetty-start
  • #9517 - Jetty 10.0.14 uses wrong pathSpec for request
  • #9501 - jetty client with proxy - ssl traffic between both proxy and servers
  • #9497 - Maven plugin add support for jar projects in :effective-web-xml
  • #9494 - Improved HttpClient TLS documentation about server host name verification
  • #9468 - Jetty 10.0.14 is less tolerant of non-compliant cookies than 10.0.13
  • #9464 - Add optional configuration to log user out after OpenID idToken expires (CVE-2023-41900)
  • #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
  • #9309 - jetty.sh cannot handle complex Jetty properties from start.d/*.ini
  • #9237 - Decouple QTP idleTimeout from pool shrink rate
  • #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM

Dependencies

  • #9610 - Bump tycho-p2-repository-plugin to 3.0.4
  • #9607 - Bump logback-core to 1.3.6
  • #9596 - Bump org.eclipse.osgi.util to 3.7.200
  • #9591 - Bump json-smart to 2.4.10
  • #9581 - Bump commons-compress to 1.23.0
  • #9575 - Bump protostream to 4.6.2.Final
  • #9574 - Bump org.eclipse.osgi to 3.18.300
  • #9558 - Bump asm.version to 9.5

12.0.0.beta0

27 Feb 18:52
Compare
Choose a tag to compare

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #9403 - TCK failure: DefaultServlet only sets status 404 instead of sending 404 response
  • #9390 - Moved implementation methods ensure*() from the Response interface
  • #9388 - Javadocs for Response and Context.
  • #9385 - Rename process to handle
  • #9383 - Reinstate ee9 jetty runner.
  • #9382 - Remove jetty-ant
  • #9356 - cleanup of websocket to fix JPMS warnings
  • #9336 - Review LifeCycle of Parts in Jetty 12
  • #9335 - Jetty 12 - Review client notifiers
  • #9318 - Redo Handler renaming
  • #9305 - Rename Handler Nested & Collection
  • #9301 - JSTL fails in JPMS
  • #9293 - Jetty 12 - Relax JPMS dependencies
  • #9288 - Jetty 12 - Use oej.http.HttpCookie in jetty-client
  • #9275 - Jetty-12 H3 tests passing after 30s timeout
  • #9234 - Fix some JPMS issues for websocket-core
  • #9230 - Remove duplicate osgi dependency declarations in top level pom
  • #9227 - Fixed DetectorConnection buffer lifecycle.
  • #9223 - Jetty 12 - Added a core Session abstraction
  • #9220 - Fix/jetty 12 reorganize session tests
  • #9213 - Converted PathMappings to be an AbstractMap
  • #9210 - Jetty 12 - Review Pool and Pool.Entry
  • #9207 - Jetty 12 - Fixing simple @named virtualhost configuration
  • #9205 - Jetty 12 - New HTTP Cookie interface
  • #9202 - Jetty 12 - Add and allow plural form of existing start.jar args.
  • #9201 - Jetty 12 - Cleanup Shutdown classes
  • #9191 - Jetty-12 Remove usage of HandlerList and reduce usage of Handler.Collection
  • #9189 - Uncomment websocket deps for ee9 jetty maven plugin
  • #9187 - Jetty 12.0.x Documentation: Logging section in operations manual (@gregpoulos)
  • #9182 - Jetty 12 - Public version of JakartaWebSocketServerContainer
  • #9174 - Jetty 12 - Introduce GracefulShutdownHandler and Test
  • #9173 - Configuring SameSite on a per-cookie basis in Jetty 12
  • #9171 - Jetty 12 - Fix for HttpParser quick HTTP Version lookahead
  • #9166 - Jetty 12: review/remove ByteBufferPool (@kohlschuetter)
  • #9165 - Jetty 12 - Javadoc cleanup & new inspection profile
  • #9159 - Jetty 12 simplify Retainable.canRetain usage
  • #9158 - Jetty 12.0.x 9131 remove path watcher
  • #9156 - Ensure all eeX versions of the plugin use prefix "jetty"
  • #9153 - Jetty 12 temp directory cleanup
  • #9152 - For consistency, convert "JETTY_HOME" attribute to "jetty-home" (@gregpoulos)
  • #9151 - Jetty 12.0.x document modules (@gregpoulos)
  • #9149 - Jetty 12 - Add tests in util/resource for alternate FileSystem implementations
  • #9145 - Failure when running add-module for openid, websocket, and stats modules
  • #9141 - Thread-safe Content.Chunk#slice
  • #9136 - util: Add support for GraalVM Native-Image resource:-URIs and Paths (@kohlschuetter)
  • #9127 - Reorganization of jetty-client classes.
  • #9115 - Use method references instead of reflection in TypeUtil (@kohlschuetter)
  • #9096 - Jetty 12.0.x documentation (@gregpoulos)
  • #9090 - keep matching exception to found errorpage
  • #9077 - Jetty 12.0.x h2c perf improvement: implement equals/hashcode in Stream
  • #9075 - Simpler TreeTrie.isEmpty() method
  • #9074 - TCK: Dispatch forward and includes attributes do not meet the spec
  • #9068 - Jetty 12.0.x osgi
  • #9067 - TCK DefaultServlet handling of dispatch include incorrect
  • #9066 - TCK multipart not set as request parameter
  • #9061 - Async not supported without wrappers
  • #9058 - Enable all jetty-deploy tests
  • #9057 - Jetty 12.0.x ee10 convert cookie
  • #9051 - Review Jetty-12 DelayedHandler
  • #9048 - Test for ee10 response commit
  • #9046 - Fix jetty-12 tck tests com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionTest and com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionxTest
  • #9043 - Create StaticHttpContentFactory and other cleanups
  • #9037 - response#getWriter should throw UnsupportedEncodingException in case of bad character encoding used
  • #9035 - Jetty 12 handler as boolean processor
  • #9033 - Merge Release 12.0.0.alpha3
  • #9027 - Fix lag in pom versions.
  • #8993 - Content.Chunk.isTerminal() cannot discriminate EOF from chunks containing a pooled empty buffer
  • #8991 - Review naming of FrameHandler.isDemanding() in Jetty 12
  • #8984 - Jetty 12 - Attributes dump is not working
  • #8981 - Rework client content listeners
  • #8069 - Jetty 12 is missing a way to record server latencies

11.0.14

27 Feb 18:53
Compare
Choose a tag to compare

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #9344 - Cleanup Multipart handling for CVE-2023-26048
  • #9343 - URI Host Mismatch with optional Compliance modes
  • #9339 - Cleanup Cookie Cutter handling for CVE-2023-26049
  • #9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (@jluehe)
  • #9334 - Better support for Cookie RFC 2965 compliance
  • #9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain
  • #9283 - Configurable Unsafe Host Header Behaviors
  • #9188 - Log as info exceptions from server after sending stop with StopMojo.
  • #9183 - ConnectHandler may close the connection instead of sending 200 OK
  • #9181 java.lang.NullPointerException in SessionHandler.checkRequestedSessionId()
  • #9128 - Do not execute any phase for maven plugin :start (@pzygielo)
  • #9119 - Wrong value of javax.servlet.forward.context_path attribute
  • #9092 - Use ASM Bom
  • #9059 - IteratingCallback not serializing close() and failed()
  • #9055 - PathMappings optimizations
  • #7650 - QueuedThreadPool: Stopped without executing or closing null (@dzoech)

Dependencies

  • #9271 - Bump infinispan-bom to 11.0.17.Final
  • #9359 - Bump maven.version to 3.9.0
  • #9375 - Bump jakarta.servlet.jsp-api to 3.1.1
  • #9102 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.6
  • #9098 - Bump org.eclipse.osgi to 3.18.200
  • #9106 - Bump org.eclipse.osgi.services to 3.11.100
  • #9097 - Bump protostream to 4.6.0.Final
  • #9367 - Bump tycho-p2-repository-plugin to 3.0.2

10.0.14

27 Feb 18:53
Compare
Choose a tag to compare

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #9344 - Cleanup Multipart handling for CVE-2023-26048
  • #9343 - URI Host Mismatch with optional Compliance modes
  • #9339 - Cleanup Cookie Cutter handling for CVE-2023-26049
  • #9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (@jluehe)
  • #9334 - Better support for Cookie RFC 2965 compliance
  • #9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain
  • #9283 - Configurable Unsafe Host Header Behaviors
  • #9188 - Log as info exceptions from server after sending stop with StopMojo.
  • #9183 - ConnectHandler may close the connection instead of sending 200 OK
  • #9128 - Do not execute any phase for maven plugin :start (@pzygielo)
  • #9119 - Wrong value of javax.servlet.forward.context_path attribute
  • #9092 - Use ASM Bom
  • #9059 - IteratingCallback not serializing close() and failed()
  • #9055 - PathMappings optimizations
  • #7650 - QueuedThreadPool: Stopped without executing or closing null (@dzoech)

Dependencies

  • #9242 - Bump infinispan-bom to 11.0.17.Final
  • #9359 - Bump maven.version to 3.9.0
  • #9102 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.6
  • #9098 - Bump org.eclipse.osgi to 3.18.200
  • #9106 - Bump org.eclipse.osgi.services to 3.11.100
  • #9097 - Bump protostream to 4.6.0.Final
  • #9367 - Bump tycho-p2-repository-plugin to 3.0.2