Merge branch 'jetty-9.4.x' into jetty-10.0.x

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com> # Conflicts: # VERSION.txt # aggregates/jetty-all-compact3/pom.xml # aggregates/jetty-all/pom.xml # apache-jsp/pom.xml # apache-jstl/pom.xml # build-resources/pom.xml # examples/async-rest/async-rest-jar/pom.xml # examples/async-rest/async-rest-webapp/pom.xml # examples/async-rest/pom.xml # examples/embedded/pom.xml # examples/pom.xml # jetty-alpn/jetty-alpn-client/pom.xml # jetty-alpn/jetty-alpn-conscrypt-client/pom.xml # jetty-alpn/jetty-alpn-conscrypt-server/pom.xml # jetty-alpn/jetty-alpn-java-client/pom.xml # jetty-alpn/jetty-alpn-java-server/pom.xml # jetty-alpn/jetty-alpn-openjdk8-client/pom.xml # jetty-alpn/jetty-alpn-openjdk8-server/pom.xml # jetty-alpn/jetty-alpn-server/pom.xml # jetty-alpn/pom.xml # jetty-annotations/pom.xml # jetty-ant/pom.xml # jetty-bom/pom.xml # jetty-cdi/pom.xml # jetty-client/pom.xml # jetty-continuation/pom.xml # jetty-deploy/pom.xml # jetty-distribution/pom.xml # jetty-documentation/pom.xml # jetty-fcgi/fcgi-client/pom.xml # jetty-fcgi/fcgi-server/pom.xml # jetty-fcgi/pom.xml # jetty-gcloud/jetty-gcloud-session-manager/pom.xml # jetty-gcloud/pom.xml # jetty-hazelcast/pom.xml # jetty-home/pom.xml # jetty-http-spi/pom.xml # jetty-http/pom.xml # jetty-http2/http2-alpn-tests/pom.xml # jetty-http2/http2-client/pom.xml # jetty-http2/http2-common/pom.xml # jetty-http2/http2-hpack/pom.xml # jetty-http2/http2-http-client-transport/pom.xml # jetty-http2/http2-server/pom.xml # jetty-http2/pom.xml # jetty-infinispan/infinispan-common/pom.xml # jetty-infinispan/infinispan-embedded-query/pom.xml # jetty-infinispan/infinispan-embedded/pom.xml # jetty-infinispan/infinispan-remote-query/pom.xml # jetty-infinispan/infinispan-remote/pom.xml # jetty-infinispan/pom.xml # jetty-io/pom.xml # jetty-jaas/pom.xml # jetty-jaspi/pom.xml # jetty-jmx/pom.xml # jetty-jndi/pom.xml # jetty-jspc-maven-plugin/pom.xml # jetty-maven-plugin/pom.xml # jetty-memcached/jetty-memcached-sessions/pom.xml # jetty-memcached/pom.xml # jetty-nosql/pom.xml # jetty-openid/pom.xml # jetty-osgi/jetty-osgi-alpn/pom.xml # jetty-osgi/jetty-osgi-boot-jsp/pom.xml # jetty-osgi/jetty-osgi-boot-warurl/pom.xml # jetty-osgi/jetty-osgi-boot/pom.xml # jetty-osgi/jetty-osgi-httpservice/pom.xml # jetty-osgi/pom.xml # jetty-osgi/test-jetty-osgi-context/pom.xml # jetty-osgi/test-jetty-osgi-fragment/pom.xml # jetty-osgi/test-jetty-osgi-server/pom.xml # jetty-osgi/test-jetty-osgi-webapp/pom.xml # jetty-osgi/test-jetty-osgi/pom.xml # jetty-plus/pom.xml # jetty-proxy/pom.xml # jetty-quickstart/pom.xml # jetty-rewrite/pom.xml # jetty-runner/pom.xml # jetty-security/pom.xml # jetty-server/pom.xml # jetty-servlet/pom.xml # jetty-servlets/pom.xml # jetty-spring/pom.xml # jetty-start/pom.xml # jetty-unixsocket/pom.xml # jetty-util-ajax/pom.xml # jetty-util/pom.xml # jetty-webapp/pom.xml # jetty-websocket/javax-websocket-client/pom.xml # jetty-websocket/javax-websocket-server/pom.xml # jetty-websocket/jetty-websocket-api/pom.xml # jetty-websocket/jetty-websocket-common/pom.xml # jetty-websocket/jetty-websocket-server/pom.xml # jetty-websocket/jetty-websocket-tests/pom.xml # jetty-websocket/pom.xml # jetty-websocket/websocket-core/pom.xml # jetty-websocket/websocket-servlet/pom.xml # jetty-xml/pom.xml # pom.xml # tests/jetty-jmh/pom.xml # tests/pom.xml # tests/test-continuation/pom.xml # tests/test-distribution/pom.xml # tests/test-http-client-transport/pom.xml # tests/test-integration/pom.xml # tests/test-jmx/jmx-webapp-it/pom.xml # tests/test-jmx/jmx-webapp/pom.xml # tests/test-jmx/pom.xml # tests/test-loginservice/pom.xml # tests/test-quickstart/pom.xml # tests/test-sessions/pom.xml # tests/test-sessions/test-file-sessions/pom.xml # tests/test-sessions/test-gcloud-sessions/pom.xml # tests/test-sessions/test-hazelcast-sessions/pom.xml # tests/test-sessions/test-infinispan-sessions/pom.xml # tests/test-sessions/test-jdbc-sessions/pom.xml # tests/test-sessions/test-memcached-sessions/pom.xml # tests/test-sessions/test-mongodb-sessions/pom.xml # tests/test-sessions/test-sessions-common/pom.xml # tests/test-webapps/pom.xml # tests/test-webapps/test-cdi-common-webapp/pom.xml # tests/test-webapps/test-felix-webapp/pom.xml # tests/test-webapps/test-http2-webapp/pom.xml # tests/test-webapps/test-jaas-webapp/pom.xml # tests/test-webapps/test-jetty-webapp/pom.xml # tests/test-webapps/test-jndi-webapp/pom.xml # tests/test-webapps/test-mock-resources/pom.xml # tests/test-webapps/test-owb-cdi-webapp/pom.xml # tests/test-webapps/test-proxy-webapp/pom.xml # tests/test-webapps/test-servlet-spec/pom.xml # tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml # tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml # tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml # tests/test-webapps/test-simple-webapp/pom.xml # tests/test-webapps/test-webapp-rfc2616/pom.xml # tests/test-webapps/test-weld-cdi-webapp/pom.xml
2019-10-24 10:58:45 -05:00 · 2019-10-24 10:58:45 -05:00 · 65dc704d32
parent f6f423f558 9b3b174862
commit 65dc704d32
5 changed files with 114 additions and 228 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@ -1,228 +1,6 @@
 jetty-10.0.0-SNAPSHOT

-jetty-10.0.0.alpha1 - 03 October 2019
- + 113 Add support for NCSA Extended Log File Format
- + 114 Bring back overlay deployer
- + 132 ClientConnector abstraction
- + 207 Support javax.websocket version 1.1
- + 215 Add Conscrypt for native ALPN/TLS/SSL
- + 250 Implement HTTP CONNECT for HTTP/2
- + 300 Implement Deflater / Inflater Object Pool
- + 482 [jetty-osgi] The CCL while parsing the xml files should be set to a
-   combination of Jetty and Bundle-Classloader
- + 592 Support no-value Host header in HttpParser
- + 675 Slf4jLog.ignore() should produce at DEBUG level
- + 676 JavaUtilLog.ignore() should produce at DEBUG level
- + 677 Logging of .ignore() should indicate that it was an "Ignored Exception"
- + 746 Implement Servlet 4.0 Request.getMappings
- + 801 Jetty respond with status 200 instead of 304 while using Servlet 4.0
-   PushBuilder
- + 809 NPE in WebInfConfiguration for webapp deploy in osgi
- + 987 Can GzipHandler check if .gz file exists only by some paths?
- + 1135 Avoid allocations from Method.getParameterTypes() if possible
- + 1200 Use PathWatcher in DeploymentManager
- + 1350 Dynamic selection of the transport to use based on ALPN on the client
-   side
- + 1368 Need to support KeyStore/TrustStore with null passwords
- + 1384 Expose StatisticsServlet to webapp
- + 1468 Configure PKIX Revocation Checker for SslContextFactory
- + 1485 Add systemd service file
- + 1498 Add JRTResource to support future Java 9 classloader behaviors
- + 1499 ClasspathPattern needs MODULE ruleset to support future Java 9
-   classloader behaviors
- + 1503 IPv6 address needs normalization (without brackets) in
-   ForwardedRequestCustomizer
- + 1551 Move CookieCutter to jetty-http
- + 1571 Support Hazelcast session management in 9.4
- + 1591 JDBCSessionDataStore doesn't work with root context on Oracle DB
- + 1592 CompressedContentFormat.tagEquals() - incorrect comparison of entity
-   tag hashes
- + 1595 HTTP/2: Avoid sending unnecessary stream WINDOW_UPDATE frames
- + 1599 WebSocketCloseTest fails
- + 1600 Update jndi.mod and plus.mod
- + 1603 WebSocketServerFactory NPE in toString()
- + 1604 WebSocketContainer stop needs improvement
- + 1605 ContainerProvider.getWebSocketContainer() behavior is not to spec
- + 1615 Password defaults in jetty-ssl-context.xml should be removed
- + 1618 AsyncContext.dispatch() does not use raw/encoded URI
- + 1622 HeaderFilter doesn't work if the response has been committed
- + 1623 JettyRunMojo use dependencies from reactor (outputdirectory)
- + 1625 Support new IANA declared Websocket Close Status Codes
- + 1637 Thread per connection retained in HTTP/2
- + 1642 Using RewriteHandler with AsyncContext.dispatch() and
-   HttpServletRequestWrapper not possible
- + 1643 ProxyServlet always uses default number of selector threads -
-   constructor should allow to overwrite the default.
- + 1645 NotSerializableException: DoSFilter when using Non-Clustered Session
-   Management: File System
- + 1656 Improve configurability of ConnectionPools
- + 1671 Asymmetric usage of trailers in MetaData.Request
- + 1675 Session id should not be logged with INFO level in AbstractSessionCache
- + 1676 Remove Deprecated classes & methods
- + 1679 DeploymentManagerMBean not usable through JMX
- + 1682 Jetty-WarFragmentFolderPath directive has no effect in eclipse runtime
-   mode except for the first launch
- + 1692 Annotation scanning should ignore `module-info.class` files
- + 1698 Missing WWW-Authenticate from SpnegoAuthenticator when other
-   Authorization header provided
- + 1746 Remove LICENSE-CONTRIBUTOR?
- + 1836 Migrate Locker implementation to JVM ReentrantLock implementation
- + 1838 Servlet 4.0.0 artifact now available on central.maven.org
- + 1852 Fix quickstart generation for servlet 4.0
- + 1898 Request.getCookie() should ignore invalid cookies
- + 1956 Store and report build information of Jetty
- + 2075 Deprecating MultiException
- + 2095 Remove FastCGI multiplexing
- + 2103 Server should open connectors early in start sequence 
- + 2108 Update licence headers and plugin for 2018
- + 2172 Support javax.websocket 1.1
- + 2175 Refactor WebSocket close handling
- + 2191 JPMS Support
- + 2431 Upgrade to Junit 5
- + 2868 Adding SPNEGO authentication support for Jetty Client
- + 2901 Introduce HttpConnectionUpgrader as a conversation component in
-   HttpClient
- + 2909 Remove B64Code
- + 2948 Require JDK 11 for Jetty 10.x
- + 2978 Add module-info.java to relevant Jetty modules
- + 2983 Jetty 10 Configuration abstraction
- + 2985 Jetty 10 Configuration replacement algorithm incorrect
- + 2996 ContextHandler.setDefaultContextPath() not implemented for quickstart.
- + 3009 Update Jetty 10 to use non-LEGACY Compliance Modes
- + 3010 Move old MultiPart parsing implementation to jetty-http
- + 3011 Move HttpCompliance to HttpConfiguration
- + 3012 Refactor HttpCompliance and HttpComplianceSection to be friendlier to
-   customization
- + 3106 Websocket connection stats and request stats
- + 3129 javax-websocket-common pom.xml is wrong
- + 3139 NPE on
-   WebSocketServerContainerInitializer.configureContext(ServletContextHandler)
- + 3154 Add support for javax.net.ssl.HostnameVerifier to HttpClient
- + 3159 WebSocket permessage-deflate RSV1 validity check
- + 3162 Use Jetty specific Servlet API jar
- + 3167 JavaxWebSocketServerContainerInitializer always creates a HttpClient
- + 3170 WebSocket proxy PoC
- + 3182 Restore websocket example files
- + 3186 Jetty maven plugin - javax.annotation.jar picked up from jetty plugin
-   rather than from applications classpath
- + 3197 Use jetty specific websocket API jar
- + 3216 Autobahn WebSocketServer failures in jetty 10
- + 3225 Response.sendError should not set reason.
- + 3249 Update to apache jasper 9.0.14 for jetty-10
- + 3274 OSGi versions of java.base classes in
-   org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
- + 3279 WebSocket write may hang forever
- + 3288 Correct websocket artifactIds on jetty-10.0.x
- + 3290 async websocket onOpen, onError and onClose in 10.0.x
- + 3298 Review jetty-10 websocket CompletableFuture usage.
- + 3303 Update to jakarta ee javax artifacts for jetty-10
- + 3308 Remove deprecated methods from sessions
- + 3320 Review Jetty 10 module-info.java
- + 3333 Jetty 10 standalone cannot start on the module-path
- + 3340 Update PushCacheFilter to use Servlet 4.0 APIs
- + 3341 XmlBasedHttpClientProvider in Jetty 10
- + 3351 Restructure jetty-unixsocket module
- + 3374 JSR356 RemoteEndpoint.Async.setSendTimeout() logic invalid in Jetty
-   10.0.x
- + 3379 Tracking of WebSocket Sessions in WebSocket containers
- + 3380 WebSocket should support jetty-io Connection.Listener
- + 3382 Jetty WebSocket Session.suspend() not implemented
- + 3399 XmlConfiguration jetty.webapps.uri is the uri of the webapp not the
-   parent dir
- + 3412 problems with jetty 10 WebSocket session customizer
- + 3446 allow jetty WebSockets to be upgraded using WebSocketUpgradeFilter in
-   jetty-10
- + 3453 Removing moved Extension classes from jetty-websocket-api
- + 3458 ensure users of the jetty-websocket-api do not have to see
-   websocket-core classes
- + 3462 client validation of websocket upgrade response
- + 3465 websocket negotiation of extension configuration parameters
- + 3479 review and cleanup of jetty-websocket-api in jetty-10
- + 3484 ClassCastException when using websocket-core classes in
-   websocket-servlet
- + 3564 Update jetty-10.0.x to apache jsp 9.0.19
- + 3608 Reply with 400 Bad request to malformed WebSocket handshake
- + 3616 Backport WebSocket SessionTracker from Jetty 10
- + 3661 JettyWebSocketServerContainer exposes websocket common classes
- + 3666 WebSocket - Handling sent 1009 close frame.
- + 3696 Unwrap JavaxWebSocketClientContainer.connectToServer() exceptions
- + 3705 Review ClientUpgradeRequest exception handling
- + 3712 change maxIdleTime to idleTimeout in jetty-10 websockets
- + 3719 Clean up jetty-10 modules
- + 3726 Remove OSGi export uses of servlet-api from jetty-util
- + 3751 Modern Configure DTD / FPI is used inconsistently
- + 3787 Jetty client sometimes returns EOFException instead of
-   SSLHandshakeException on certificate errors.
- + 3789 XmlConfiguration set from property
- + 3804 Weld/CDI XML backwards compat?
- + 3809 sending WebSocket close frame with error StatusCode does not do a hard
-   close (Jetty-10)
- + 3839 JavaxWebSocketServletContainerInitializer fails
- + 3872 Review exposure of JavaxWebSocketServletContainerInitializer
- + 3952 Server configuration for direct/heap ByteBuffers
- + 4003 Quickstart broken in jetty-10
- + 4058 Review Locker
- + 4076 Restarting quickstarted webapp throws IllegalStateException:
-   ServletContainerInitializersStarter already exists
- + 4096 thread in ReservedThreadExecutor does not exit when stopped
- + 4104 frames are sent through ExtensionStack even if WebSocket Session is
-   closed
- + 4105 QueuedThreadPool should reuse oldest threads first, to allow idle
-   threads to expire
- + 4121 QueuedThreadPool should support ThreadFactory behaviors
- + 4122 QueuedThreadPool should reset thread interrupted on failed run
- + 4141 ClassCastException with non-async Servlet + async Filter +
-   HttpServletRequestWrapper
- + 4144 Naked cast to Request should be avoided
- + 4150 Module org.eclipse.jetty.alpn.client not found, required by
-   org.eclipse.jetty.proxy
-
-jetty-9.4.21.v20190926 - 26 September 2019
- + 97 Permanent UnavailableException thrown during servlet request handling
-   should cause servlet destroy
- + 137 Support OAuth
- + 155 No way to set keystore for JSR 356 websocket clients, needed for SSL
-   client authentication
- + 1036 Allow easy configuration of Scheduler-Threads and name them more
-   appropriate
- + 2815 HPack fields are opaque octets
- + 3040 Allow RFC6265 Cookies to include optional SameSite attribute
- + 3106 WebSocket connection stats and request stats
- + 3734 WebSocket suspend when input closed
- + 3747 Make Jetty Demo work with JPMS
- + 3806 Error Page handling Async race with ProxyServlet
- + 3913 Clustered HttpSession IllegalStateException: Invalid for read
- + 3936 Race condition when modifying session + sendRedirect()
- + 3956 Remove and warn on use of illegal HTTP/2 response headers
- + 3964 Improve efficiency of listeners
- + 3968 WebSocket sporadic ReadPendingException using suspend/resume
- + 3978 HTTP/2 fixes for robustly handling abnormal traffic and resource
-   exhaustion
- + 3983 JarFileResource incorrectly lists the contents of directories with
-   spaces
- + 3985 Improve lenient Cookie parsing
- + 3989 Inform custom ManagedSelector of dead selector via optional
-   onFailedSelect()
- + 4000 Add SameFileAliasChecker to help with FileSystem static file access
-   normalization on Mac and Windows
- + 4007 NullPointerException while trying to run jetty start.run on Windows
- + 4009 ServletContextHandler setSecurityHandler broke handler chain
- + 4020 Revert WebSocket ExtensionFactory change to interface
- + 4022 Servlet which is added by ServletRegistration can't be started
- + 4025 Provide more write-through behaviours for DefaultSessionCache
- + 4027 Ensure AbstractSessionDataStore cannot be used unless it is started
- + 4033 Ignore bad percent encodings in paths during
-   URIUtil.equalsIgnoreEncodings()
- + 4047 Gracefully stopped Jetty not flushing all response data
- + 4048 Multiple values in X-Forwarded-Port throw NumberFormatException
- + 4057 NullPointerException in o.e.j.h.HttpFields
- + 4064 NullPointerException initializing embedded servlet
- + 4075 Do not fail on servlet-mapping with url-pattern /On*
- + 4082 NullPointerExceptoin while Debug logging in client
- + 4084 Use of HttpConfiguration.setBlockingTimeout(long) in jetty.xml produces
-   warning on jetty-home startup
- + 4105 Cleanup of Idle thread count in QueuedThreadPool
- + 4113 HttpClient fails with JDK 13 and TLS 1.3 jetty-10.0.0-alpha0 - 11 July
+jetty-10.0.0-alpha0 - 11 July
   2019
 + 113 Add support for NCSA Extended Log File Format
 + 114 Bring back overlay deployer
@ -415,6 +193,98 @@ jetty-9.4.21.v20190926 - 26 September 2019
 + 3849 ClosedChannelException from jetty-test-webapp javax websocket chat
   example

+jetty-9.4.22.v20191022 - 22 October 2019
+ + 2429 HttpClient backpressure improved
+ + 3558 Error notifications can be received after a successful websocket
+ + 3787 Jetty client sometimes returns EOFException instead of
+   SSLHandshakeException on certificate errors.
+ + 3913 Clustered HttpSession IllegalStateException: Invalid for read
+ + 3989 Inform custom ManagedSelector of dead selector via optional
+   onFailedSelect()
+ + 4096 Thread in ReservedThreadExecutor does not exit when stopped
+ + 4104 Frames are sent through ExtensionStack even if WebSocket Session is
+   closed
+ + 4105 QueuedThreadPool increased thread usage and no idle thread decay
+ + 4115 Drop HTTP/2 pseudo headers
+ + 4121 QueuedThreadPool should support ThreadFactory behaviors
+ + 4122 QueuedThreadPool should reset thread interrupted on failed run
+ + 4128 OpenIdCredetials can't decode JWT ID token
+ + 4132 Should be possible to use OIDC without metadata
+ + 4141 ClassCastException with non-async Servlet + async Filter +
+   HttpServletRequestWrapper
+ + 4142 Configurable HTTP/2 RateControl
+ + 4144 Naked cast to Request should be avoided
+ + 4156 IllegalStateException when forwarding to jsp with new session
+ + 4158 Behaviour change in session handling in 9.4.21.v20190926
+ + 4170 Client-side alias selection based on SSLEngine
+ + 4174 ConcurrentModificationException when stopping jetty:run-war
+ + 4176 Should not set header if sendError has been called
+ + 4177 Configure HTTP proxy with SslContextFactory
+ + 4179 Improve HttpChannel$SendCallback references for GC
+ + 4183 Jetty considers bootstrap injected class to be a "server class"
+ + 4188 Spin in HttpOutput.close
+ + 4190 Jetty hangs after thread blocked in SharedBlockingCallback.block()
+   called by HttpOutput.close
+ + 4191 Increase GzipHandler minGzipSize default size
+ + 4193 InetAccessHandler - new includeConnectors/excludeConnectors not quite
+   correct anymore
+ + 4201 Throw SSLHandshakeException in case of TLS handshake failures
+ + 4203 Some Transfer-Encoding and Content-Length combinations do not result in
+   expected 400 Bad Request
+ + 4204 Transfer-Encoding behavior does not follow RFC7230
+ + 4208 Regression in Jetty 9.4.21: 304 response with Content-Length fails
+ + 4209 Unused TLS connection is not closed in Java 11
+ + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
+ + 4227 First authorization request produced by OIDC module fails due to
+   inclusion of sessionid
+
+jetty-9.4.21.v20190926 - 26 September 2019
+ + 97 Permanent UnavailableException thrown during servlet request handling
+   should cause servlet destroy
+ + 137 Support OAuth
+ + 155 No way to set keystore for JSR 356 websocket clients, needed for SSL
+   client authentication
+ + 1036 Allow easy configuration of Scheduler-Threads and name them more
+   appropriate
+ + 2815 HPack fields are opaque octets
+ + 3040 Allow RFC6265 Cookies to include optional SameSite attribute
+ + 3106 WebSocket connection stats and request stats
+ + 3734 WebSocket suspend when input closed
+ + 3747 Make Jetty Demo work with JPMS
+ + 3806 Error Page handling Async race with ProxyServlet
+ + 3913 Clustered HttpSession IllegalStateException: Invalid for read
+ + 3936 Race condition when modifying session + sendRedirect()
+ + 3956 Remove and warn on use of illegal HTTP/2 response headers
+ + 3964 Improve efficiency of listeners
+ + 3968 WebSocket sporadic ReadPendingException using suspend/resume
+ + 3978 HTTP/2 fixes for robustly handling abnormal traffic and resource
+   exhaustion
+ + 3983 JarFileResource incorrectly lists the contents of directories with
+   spaces
+ + 3985 Improve lenient Cookie parsing
+ + 3989 Inform custom ManagedSelector of dead selector via optional
+   onFailedSelect()
+ + 4000 Add SameFileAliasChecker to help with FileSystem static file access
+   normalization on Mac and Windows
+ + 4007 NullPointerException while trying to run jetty start.run on Windows
+ + 4009 ServletContextHandler setSecurityHandler broke handler chain
+ + 4020 Revert WebSocket ExtensionFactory change to interface
+ + 4022 Servlet which is added by ServletRegistration can't be started
+ + 4025 Provide more write-through behaviours for DefaultSessionCache
+ + 4027 Ensure AbstractSessionDataStore cannot be used unless it is started
+ + 4033 Ignore bad percent encodings in paths during
+   URIUtil.equalsIgnoreEncodings()
+ + 4047 Gracefully stopped Jetty not flushing all response data
+ + 4048 Multiple values in X-Forwarded-Port throw NumberFormatException
+ + 4057 NullPointerException in o.e.j.h.HttpFields
+ + 4064 NullPointerException initializing embedded servlet
+ + 4075 Do not fail on servlet-mapping with url-pattern /On*
+ + 4082 NullPointerExceptoin while Debug logging in client
+ + 4084 Use of HttpConfiguration.setBlockingTimeout(long) in jetty.xml produces
+   warning on jetty-home startup
+ + 4105 Cleanup of Idle thread count in QueuedThreadPool
+ + 4113 HttpClient fails with JDK 13 and TLS 1.3
+
 jetty-9.4.20.v20190813 - 13 August 2019
 + 300 Implement Deflater / Inflater Object Pool
 + 2061 WebSocket hangs in blockingWrite
--- a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
+++ b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
@ -246,6 +246,16 @@ public class OpenIdAuthenticator extends LoginAuthenticator

        try
        {
+            if (request.isRequestedSessionIdFromURL())
+            {
+                if (LOG.isDebugEnabled())
+                    LOG.debug("Session ID should be cookie for OpenID authentication to work");
+
+                int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
+                baseResponse.sendRedirect(redirectCode, URIUtil.addPaths(request.getContextPath(), _errorPage));
+                return Authentication.SEND_FAILURE;
+            }
+
            // Handle a request for authentication.
            if (isJSecurityCheck(uri))
            {
@ -288,7 +298,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator

                        response.setContentLength(0);
                        int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
-                        baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(nuri));
+                        baseResponse.sendRedirect(redirectCode, nuri);
                        return openIdAuth;
                    }
                }
@ -308,7 +318,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
                    if (LOG.isDebugEnabled())
                        LOG.debug("auth failed {}", _errorPage);
                    int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
-                    baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _errorPage)));
+                    baseResponse.sendRedirect(redirectCode, URIUtil.addPaths(request.getContextPath(), _errorPage));
                }

                return Authentication.SEND_FAILURE;
@ -399,7 +409,7 @@ public class OpenIdAuthenticator extends LoginAuthenticator
            if (LOG.isDebugEnabled())
                LOG.debug("challenge {}->{}", session.getId(), challengeUri);
            int redirectCode = (baseRequest.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
-            baseResponse.sendRedirect(redirectCode, response.encodeRedirectURL(challengeUri));
+            baseResponse.sendRedirect(redirectCode, challengeUri);

            return Authentication.SEND_CONTINUE;
        }
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
@ -25,6 +25,7 @@ import java.io.OutputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Locale;
@ -251,7 +252,11 @@ public class CGI extends HttpServlet
                String parameterName = names.nextElement();
                parameterMap.addValues(parameterName, req.getParameterValues(parameterName));
            }
-            bodyFormEncoded = UrlEncoded.encode(parameterMap, Charset.forName(req.getCharacterEncoding()), true);
+
+            String characterEncoding = req.getCharacterEncoding();
+            Charset charset = characterEncoding != null
+                ? Charset.forName(characterEncoding) : StandardCharsets.UTF_8;
+            bodyFormEncoded = UrlEncoded.encode(parameterMap, charset, true);
        }

        EnvList env = new EnvList(_env);
--- a/scripts/release-jetty.sh
+++ b/scripts/release-jetty.sh
@ -190,7 +190,7 @@ if proceedyn "Are you sure you want to release using above? (y/N)" n; then
    fi
    if proceedyn "Push git commits to remote $GIT_REMOTE_ID? (Y/n)" y; then
        git push $GIT_REMOTE_ID $GIT_BRANCH_ID
-        git push $GIT_REMOTE_ID --tags
+        git push $GIT_REMOTE_ID $TAG_NAME
    fi
 else
    echo "Not performing release"
--- a/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
@ -125,6 +125,7 @@
    <servlet-name>CGI</servlet-name>
    <servlet-class>org.eclipse.jetty.servlets.CGI</servlet-class>
    <load-on-startup>1</load-on-startup>
+    <async-supported>true</async-supported>
  </servlet>
  
  <servlet-mapping>