Merge pull request #6136 from eclipse/jetty-10.0.x-update-versiontxt-cves
Update VERSION.txt
This commit is contained in:
commit
25b96faa86
44
VERSION.txt
44
VERSION.txt
|
@ -27,13 +27,13 @@ jetty-10.0.2 - 26 March 2021
|
||||||
+ 6037 Review logging modules for j.u.l.
|
+ 6037 Review logging modules for j.u.l.
|
||||||
+ 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
|
+ 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
|
||||||
+ 6063 Allow override of hazelcast version when using module
|
+ 6063 Allow override of hazelcast version when using module
|
||||||
+ 6072 jetty server high CPU when client send data length > 17408
|
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165
|
||||||
+ 6076 Embedded Jetty throws null pointer exception
|
+ 6076 Embedded Jetty throws null pointer exception
|
||||||
+ 6082 SslConnection compacting
|
+ 6082 SslConnection compacting
|
||||||
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
|
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
|
||||||
Message
|
Message
|
||||||
+ 6101 Normalise ambiguous URIs
|
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
|
||||||
+ 6102 Exclude webapps directory from deployment scan
|
+ 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163
|
||||||
|
|
||||||
jetty-10.0.1 - 19 February 2021
|
jetty-10.0.1 - 19 February 2021
|
||||||
+ 1673 jetty-demo/etc/keystore should not be distributed
|
+ 1673 jetty-demo/etc/keystore should not be distributed
|
||||||
|
@ -133,8 +133,22 @@ jetty-10.0.0.beta3 - 21 October 2020
|
||||||
+ 5475 Update to spifly 1.3.2 and asm 9
|
+ 5475 Update to spifly 1.3.2 and asm 9
|
||||||
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
|
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
|
||||||
|
|
||||||
|
jetty-9.4.39.v20210325 - 25 March 2021
|
||||||
|
+ 6034 SslContextFactory may select a wildcard certificate during SNI
|
||||||
|
selection when a more specific SSL certificate is present
|
||||||
|
+ 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
|
||||||
|
+ 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
|
||||||
|
work on Android
|
||||||
|
+ 6063 Allow override of hazelcast version when using module
|
||||||
|
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165
|
||||||
|
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
|
||||||
|
Message
|
||||||
|
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
|
||||||
|
+ 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163
|
||||||
|
|
||||||
jetty-9.4.38.v20210224 - 24 February 2021
|
jetty-9.4.38.v20210224 - 24 February 2021
|
||||||
+ 4275 Path Normalization/Traversal - Context Matching
|
+ 4275 Path Normalization/Traversal - Context Matching
|
||||||
|
+ 5963 Improve QuotedQualityCSV for CVE-2020-27223
|
||||||
+ 5977 Cache-Control header set by a filter is override by the value from
|
+ 5977 Cache-Control header set by a filter is override by the value from
|
||||||
DefaultServlet configuration
|
DefaultServlet configuration
|
||||||
+ 5994 QueuedThreadPool "free" threads
|
+ 5994 QueuedThreadPool "free" threads
|
||||||
|
@ -158,7 +172,7 @@ jetty-9.4.37.v20210219 - 19 February 2021
|
||||||
+ 5979 Configurable gzip Etag extension
|
+ 5979 Configurable gzip Etag extension
|
||||||
|
|
||||||
jetty-9.4.36.v20210114 - 14 January 2021
|
jetty-9.4.36.v20210114 - 14 January 2021
|
||||||
+ 5310 Jetty Http2 client discards the response fames when there is GOAWAY and
|
+ 5310 Jetty Http2 client discards the response frames when there is GOAWAY and
|
||||||
sends RST_STREAM
|
sends RST_STREAM
|
||||||
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
|
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
|
||||||
+ 5633 Allow to configure HttpClient request authority
|
+ 5633 Allow to configure HttpClient request authority
|
||||||
|
@ -420,7 +434,6 @@ jetty-9.4.31.v20200723 - 23 July 2020
|
||||||
+ 5057 `javax.servlet.include.context_path` attribute on root context. should
|
+ 5057 `javax.servlet.include.context_path` attribute on root context. should
|
||||||
be empty string, but is `"/"`
|
be empty string, but is `"/"`
|
||||||
+ 5064 NotSerializableException for OpenIdConfiguration
|
+ 5064 NotSerializableException for OpenIdConfiguration
|
||||||
+ 5069 HttpClientTimeoutTests can occasionally fail due to unreachable network
|
|
||||||
|
|
||||||
jetty-9.4.30.v20200611 - 11 June 2020
|
jetty-9.4.30.v20200611 - 11 June 2020
|
||||||
+ 4776 Incorrect path matching for WebSocket using PathMappings
|
+ 4776 Incorrect path matching for WebSocket using PathMappings
|
||||||
|
@ -723,10 +736,8 @@ jetty-9.4.20.v20190813 - 13 August 2019
|
||||||
+ 3648 javax.websocket client container incorrectly creates Server
|
+ 3648 javax.websocket client container incorrectly creates Server
|
||||||
SslContextFactory
|
SslContextFactory
|
||||||
+ 3698 Missing WebSocket ServerContainer after server restart
|
+ 3698 Missing WebSocket ServerContainer after server restart
|
||||||
+ 3700 stackoverflow in WebAppClassLoaderUrlStreamTest
|
|
||||||
+ 3708 Swap various java.lang.String replace() methods for better performant
|
+ 3708 Swap various java.lang.String replace() methods for better performant
|
||||||
ones
|
ones
|
||||||
+ 3731 Add testing of CDI behaviors
|
|
||||||
+ 3736 NPE from WebAppClassLoader during CDI
|
+ 3736 NPE from WebAppClassLoader during CDI
|
||||||
+ 3746 ClassCastException in WriteFlusher.java - IdleState cannot be cast to
|
+ 3746 ClassCastException in WriteFlusher.java - IdleState cannot be cast to
|
||||||
FailedState
|
FailedState
|
||||||
|
@ -928,7 +939,6 @@ jetty-9.2.27.v20190403 - 03 April 2019
|
||||||
|
|
||||||
jetty-9.4.14.v20181114 - 14 November 2018
|
jetty-9.4.14.v20181114 - 14 November 2018
|
||||||
+ 3097 Duplicated programmatic Servlet Listeners causing duplicate calls
|
+ 3097 Duplicated programmatic Servlet Listeners causing duplicate calls
|
||||||
+ 3103 HttpClientLoadTest reports a leak in byte buffer
|
|
||||||
+ 3104 Align jetty-schemas version within apache-jsp module as well
|
+ 3104 Align jetty-schemas version within apache-jsp module as well
|
||||||
|
|
||||||
jetty-9.4.13.v20181111 - 11 November 2018
|
jetty-9.4.13.v20181111 - 11 November 2018
|
||||||
|
@ -992,8 +1002,6 @@ jetty-9.4.12.v20180830 - 30 August 2018
|
||||||
Runtimes
|
Runtimes
|
||||||
+ 2075 Deprecating MultiException
|
+ 2075 Deprecating MultiException
|
||||||
+ 2135 Android 8.1 needs direct buffers for SSL/TLS to work
|
+ 2135 Android 8.1 needs direct buffers for SSL/TLS to work
|
||||||
+ 2233 JDK9 Test failure:
|
|
||||||
org.eclipse.jetty.server.ThreadStarvationTest.testWriteStarvation[https/ssl/tls]
|
|
||||||
+ 2342 File Descriptor Leak: Conscrypt: "Too many open files"
|
+ 2342 File Descriptor Leak: Conscrypt: "Too many open files"
|
||||||
+ 2349 HTTP/2 max streams enforcement
|
+ 2349 HTTP/2 max streams enforcement
|
||||||
+ 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
|
+ 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
|
||||||
|
@ -1003,9 +1011,6 @@ jetty-9.4.12.v20180830 - 30 August 2018
|
||||||
+ 2530 Client waits forever for cancelled large uploads
|
+ 2530 Client waits forever for cancelled large uploads
|
||||||
+ 2560 Review PathResource exception handling
|
+ 2560 Review PathResource exception handling
|
||||||
+ 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
|
+ 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
|
||||||
+ 2592 Failing test on Windows:
|
|
||||||
ServerTimeoutsTest.testAsyncWriteIdleTimeoutFires[transport: HTTP]
|
|
||||||
+ 2597 Failing tests on windows UnixSocketTest
|
|
||||||
+ 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
|
+ 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
|
||||||
HEAD Requests to resources referencing large body contents
|
HEAD Requests to resources referencing large body contents
|
||||||
+ 2648 LdapLoginModule fails with forceBinding=true under Java 9
|
+ 2648 LdapLoginModule fails with forceBinding=true under Java 9
|
||||||
|
@ -1067,7 +1072,6 @@ jetty-9.4.12.v20180830 - 30 August 2018
|
||||||
hot redeploy on Windows
|
hot redeploy on Windows
|
||||||
+ 2836 Sequential HTTPS requests may not reuse the same connection
|
+ 2836 Sequential HTTPS requests may not reuse the same connection
|
||||||
+ 2844 Clean up webdefault.xml and DefaultServlet doc
|
+ 2844 Clean up webdefault.xml and DefaultServlet doc
|
||||||
+ 2846 add unit test for ldap module
|
|
||||||
+ 2847 Wrap Connection.Listener invocations in try/catch
|
+ 2847 Wrap Connection.Listener invocations in try/catch
|
||||||
+ 2860 Leakage of HttpDestinations in HttpClient
|
+ 2860 Leakage of HttpDestinations in HttpClient
|
||||||
+ 2871 Server reads -1 after client resets HTTP/2 stream
|
+ 2871 Server reads -1 after client resets HTTP/2 stream
|
||||||
|
@ -1426,7 +1430,6 @@ jetty-9.4.7.v20170914 - 14 September 2017
|
||||||
+ 1759 HTTP/2: producer can block in onReset
|
+ 1759 HTTP/2: producer can block in onReset
|
||||||
+ 1766 JettyClientContainerProvider does not actually use common objects
|
+ 1766 JettyClientContainerProvider does not actually use common objects
|
||||||
correctly
|
correctly
|
||||||
+ 1789 PropertyUserStoreTest failures in Windows
|
|
||||||
+ 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint
|
+ 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint
|
||||||
+ 1792 Accept ISO-8859-1 characters in response reason
|
+ 1792 Accept ISO-8859-1 characters in response reason
|
||||||
+ 1794 Config properties typos in session-store-cache.mod
|
+ 1794 Config properties typos in session-store-cache.mod
|
||||||
|
@ -1439,8 +1442,6 @@ jetty-9.4.7.v20170914 - 14 September 2017
|
||||||
+ 1809 NPE: StandardDescriptorProcessor.visitSecurityConstraint() with null/no
|
+ 1809 NPE: StandardDescriptorProcessor.visitSecurityConstraint() with null/no
|
||||||
security manager
|
security manager
|
||||||
+ 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
|
+ 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
|
||||||
+ 1816 HttpClientTest.testClientCannotValidateServerCertificate() hangs with
|
|
||||||
JDK 9
|
|
||||||
+ 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with
|
+ 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with
|
||||||
CONNECT
|
CONNECT
|
||||||
|
|
||||||
|
@ -1662,11 +1663,8 @@ jetty-9.4.3.v20170317 - 17 March 2017
|
||||||
jetty-9.3.17.v20170317 - 17 March 2017
|
jetty-9.3.17.v20170317 - 17 March 2017
|
||||||
+ 329 Javadoc for HttpTester and ServletTester needs to reference limited HTTP
|
+ 329 Javadoc for HttpTester and ServletTester needs to reference limited HTTP
|
||||||
version scope
|
version scope
|
||||||
+ 609 websocket ClientCloseTest testServerNoCloseHandshake is failing
|
|
||||||
+ 1015 Ensure jetty-distribution excludes git / temp files
|
+ 1015 Ensure jetty-distribution excludes git / temp files
|
||||||
+ 1047 ReadPendingException and then thread death
|
+ 1047 ReadPendingException and then thread death
|
||||||
+ 1049 test-jetty-osgi test exits/crashes the surefire forked JVM
|
|
||||||
+ 1282 ByteArrayEndPointTest.testIdle() failure
|
|
||||||
+ 1296 Introduce HTTP parser "content complete" event
|
+ 1296 Introduce HTTP parser "content complete" event
|
||||||
+ 1326 Jetty shutdown command got NullPointerException (http2 module added to
|
+ 1326 Jetty shutdown command got NullPointerException (http2 module added to
|
||||||
start)
|
start)
|
||||||
|
@ -1686,7 +1684,6 @@ jetty-9.3.17.v20170317 - 17 March 2017
|
||||||
+ 1390 HashLoginService and "this.web-inf.url" property are incompatible
|
+ 1390 HashLoginService and "this.web-inf.url" property are incompatible
|
||||||
+ 1394 Default OS Locale/Encoding/Charset can cause test failures
|
+ 1394 Default OS Locale/Encoding/Charset can cause test failures
|
||||||
+ 1396 Set-Cookie produced by Jetty is invalid for RFC6265 and Chrome
|
+ 1396 Set-Cookie produced by Jetty is invalid for RFC6265 and Chrome
|
||||||
+ 1399 SlowClientTest is failing on CI
|
|
||||||
+ 1401 HttpOutput.recycle() does not clear the write listener
|
+ 1401 HttpOutput.recycle() does not clear the write listener
|
||||||
|
|
||||||
jetty-9.4.2.v20170220 - 20 February 2017
|
jetty-9.4.2.v20170220 - 20 February 2017
|
||||||
|
@ -1790,9 +1787,6 @@ jetty-9.3.16.v20170120 - 20 January 2017
|
||||||
+ 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
|
+ 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
|
||||||
with WEB-INF/lib/jetty-http.jar present
|
with WEB-INF/lib/jetty-http.jar present
|
||||||
+ 1234 onBadMessage called from with handled message
|
+ 1234 onBadMessage called from with handled message
|
||||||
+ 1259 HostnameVerificationTest.simpleGetWithHostnameVerificationEnabledTest
|
|
||||||
is broken
|
|
||||||
+ 1261 Intermittent H2C test failure AsyncIOServletTest.testAsyncReadEarlyEOF
|
|
||||||
+ 1262 BufferUtil.isMappedBuffer() uses reflection on private JDK fields
|
+ 1262 BufferUtil.isMappedBuffer() uses reflection on private JDK fields
|
||||||
+ 1265 JAXB not available in JDK 9
|
+ 1265 JAXB not available in JDK 9
|
||||||
+ 1267 Request.getRemoteUser can throw undeclared IllegalStateException via
|
+ 1267 Request.getRemoteUser can throw undeclared IllegalStateException via
|
||||||
|
@ -1806,7 +1800,6 @@ jetty-9.3.16.v20170120 - 20 January 2017
|
||||||
+ 1275 Get rid of Mockito
|
+ 1275 Get rid of Mockito
|
||||||
+ 1276 Remove org.eclipse.jetty.websocket.server.WebSocketServerFactory from
|
+ 1276 Remove org.eclipse.jetty.websocket.server.WebSocketServerFactory from
|
||||||
SPI
|
SPI
|
||||||
+ 1277 http2 alpn test error
|
|
||||||
|
|
||||||
jetty-9.2.21.v20170120 - 20 January 2017
|
jetty-9.2.21.v20170120 - 20 January 2017
|
||||||
+ 592 Support no-value Host header in HttpParser
|
+ 592 Support no-value Host header in HttpParser
|
||||||
|
@ -1842,7 +1835,6 @@ jetty-9.3.15.v20161220 - 20 December 2016
|
||||||
+ 1099 PushCacheFilter pushes POST requests
|
+ 1099 PushCacheFilter pushes POST requests
|
||||||
+ 1108 Please improve logging in SslContextFactory when there are no approved
|
+ 1108 Please improve logging in SslContextFactory when there are no approved
|
||||||
cipher suites
|
cipher suites
|
||||||
+ 1114 Add testcase for WSUF for stop/start of the Server
|
|
||||||
+ 1118 Filter.destroy() conflicts with ContainerLifeCycle.destroy() in
|
+ 1118 Filter.destroy() conflicts with ContainerLifeCycle.destroy() in
|
||||||
WebSocketUpgradeFilter
|
WebSocketUpgradeFilter
|
||||||
+ 1123 Broken lifecycle for WebSocket's mappings
|
+ 1123 Broken lifecycle for WebSocket's mappings
|
||||||
|
|
Loading…
Reference in New Issue