Merge remote-tracking branch 'origin/jetty-9.3.x' into jetty-9.4.x

2025-03-02 20:09:21 +00:00 · 2017-09-20 14:46:13 -07:00 · 2017-09-20 14:46:13 -07:00 · 5fc0167003
commit 5fc0167003
parent d77ba8203a bcd6ed9267
2 changed files with 92 additions and 12 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@ -124,26 +124,59 @@ jetty-9.4.6.v20170531 - 31 May 2017
 + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy
 + 1579 NPE in Quoted Quality CSV

-jetty-9.2.22.v20170606 - 06 June 2017
- + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar
- + 1108 Please improve logging in SslContextFactory when there are no approved
-   cipher suites
+jetty-9.3.21.v20170918 - 18 September 2017
+ + 487 JDK 9 build compatibility
+ + 1116 Support empty HTTP header values
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
- + 1469 IllegalStateException in RolloverFileOutputStream
- + 1507 Negative delay Timer.schedule exception due to mismatched local and
-   _logTimeZone values
- + 1532 RolloverFileOutputStream can't handle multiple instances
- + 1523 Update ALPN support for Java 8u131
- + 1556 A timing channel in Password.java
- + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+
+ + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled
+ + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception
+ + 1513 RolloverFileOutputStream: can't handle multiple instances
+ + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior
+ + 1556 Remove a timing channel in Password matching
+ + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones
+ + 1655 Improve extensibility of ServerConnector
+ + 1661 AbstractProxyServlet onProxyResponseFailure Error
+ + 1664 IPAccessHandler CIDR IP range check is incorrect
+ + 1685 Update ALPN support for Java 8u141
+ + 1687 HTTP2: Correcting missing callback notification when channel not found
+ + 1702 Update ALPN support for Java 8u144
+ + 1703 Improve HttpInput failure logging
+ + 1719 HTTP/2: Improve handling of queued requests
+ + 1741 Java 9 javadoc failure in build
+ + 1749 Dump HttpDestination exchange queue
+ + 1750 PoolingHttpDestination creates ConnectionPool twice
+ + 1759 HTTP/2: producer can block in onReset
+ + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint
+ + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy
+   with CONNECT

-jetty-9.3.20.v20170531 - 31 May 2017
+jetty-9.4.6.v20170531 - 31 May 2017
 + 523 TLS close behaviour breaking session resumption
 + 1108 Please improve logging in SslContextFactory when there are no approved
   cipher suites
+ + 1505 Adding jetty.base.uri and jetty.home.uri
+ + 1514 websocket dump badly formatted
+ + 1516 Delay starting of WebSocketClient until an attempt to connect is made
+ + 1520 PropertyUserStore should extract packed config file
+ + 1526 MongoSessionDataStore old session scavenging is broken due to the
+   missing $ sign in "and" operation
 + 1527 Jetty BOM should not depend on jetty-parent
+ + 1528 Internal HttpClient usages should have common configurable technique
+ + 1536 Jetty BOM should include more artifacts
+ + 1538 NPE in Response.putHeaders
+ + 1539 JarFileResource mishandles paths with spaces
+ + 1544 Disabling JSR-356 doesn't indicate context it was disabled for
+ + 1546 Improve handling of quotes in cookies
+ + 1553 X509.isCertSign() can throw ArrayIndexOutOfBoundsException on
+   non-standard implementations
 + 1556 A timing channel in Password.java
+ + 1558 When creating WebAppContext without session-config and with NO_SESSIONS
+   throws NPE
 + 1567 XmlConfiguration will start the same object multiple times
+ + 1568 ServletUpgradeRequest mangles query strings containing percent-escapes
+   by re-escaping them
+ + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy
+ + 1579 NPE in Quoted Quality CSV

 jetty-9.4.5.v20170502 - 02 May 2017
 + 304 Review dead code - StringUtil.sidBytesToString
@ -177,6 +210,27 @@ jetty-9.4.5.v20170502 - 02 May 2017
 + 1521 Prevent copy of jetty jars to lib/gcloud
 + 1523 Update ALPN support for Java 8u131

+jetty-9.3.20.v20170531 - 31 May 2017
+ + 523 TLS close behaviour breaking session resumption
+ + 1108 Please improve logging in SslContextFactory when there are no approved
+   cipher suites
+ + 1527 Jetty BOM should not depend on jetty-parent
+ + 1556 A timing channel in Password.java
+ + 1567 XmlConfiguration will start the same object multiple times
+
+jetty-9.2.22.v20170606 - 06 June 2017
+ + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar
+ + 1108 Please improve logging in SslContextFactory when there are no approved
+   cipher suites
+ + 1357 RolloverFileOutputStream: No rollout performed at midnight
+ + 1469 IllegalStateException in RolloverFileOutputStream
+ + 1507 Negative delay Timer.schedule exception due to mismatched local and
+   _logTimeZone values
+ + 1532 RolloverFileOutputStream can't handle multiple instances
+ + 1523 Update ALPN support for Java 8u131
+ + 1556 A timing channel in Password.java
+ + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+
+
 jetty-9.3.19.v20170502 - 02 May 2017
 + 877 Programmatic servlet mappings cannot override mappings from
   webdefault.xml using quickstart
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
@ -151,6 +151,32 @@ public class RequestTest
        assertTrue(responses.startsWith("HTTP/1.1 200"));
    }

+    @Test
+    public void testParamExtraction_BadSequence() throws Exception
+    {
+        _handler._checker = new RequestTester()
+        {
+            @Override
+            public boolean check(HttpServletRequest request,HttpServletResponse response)
+            {
+                Map<String, String[]> map = request.getParameterMap();
+                // should have thrown a BadMessageException
+                return false;
+            }
+        };
+
+        //Send a request with query string with illegal hex code to cause
+        //an exception parsing the params
+        String request="GET /?test_%e0%x8%81=missing HTTP/1.1\r\n"+
+                "Host: whatever\r\n"+
+                "Content-Type: text/html;charset=utf8\n"+
+                "Connection: close\n"+
+                "\n";
+
+        String responses=_connector.getResponses(request);
+        assertThat("Responses", responses, startsWith("HTTP/1.1 400"));
+    }
+
    @Test
    public void testEmptyHeaders() throws Exception
    {