Update VERSION.txt (from releases in jetty-9.4.x)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
parent
92b6f336b6
commit
8ef9e0a24f
242
VERSION.txt
242
VERSION.txt
|
@ -211,114 +211,6 @@ jetty-10.0.0.beta3 - 21 October 2020
|
|||
+ 5475 Update to spifly 1.3.2 and asm 9
|
||||
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
|
||||
|
||||
jetty-9.4.41.v20210516 - 16 May 2021
|
||||
+ 6099 Cipher preference may break SNI if certificates have different key
|
||||
types
|
||||
+ 6186 Add Null Protection on Log / Logger
|
||||
+ 6205 OpenIdAuthenticator may use incorrect redirect
|
||||
+ 6208 HTTP/2 max local stream count exceeded
|
||||
+ 6227 Better resolve race between `AsyncListener.onTimeout` and
|
||||
`AsyncContext.dispatch`
|
||||
+ 6254 Total timeout not enforced for queued requests
|
||||
+ 6263 Review URI encoding in ConcatServlet & WelcomeFilter
|
||||
+ 6277 Better handle exceptions thrown from session destroy listener
|
||||
+ 6280 Copy ServletHolder class/instance properly during startWebapp
|
||||
|
||||
jetty-9.4.39.v20210325 - 25 March 2021
|
||||
+ 6034 SslContextFactory may select a wildcard certificate during SNI
|
||||
selection when a more specific SSL certificate is present
|
||||
+ 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
|
||||
+ 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
|
||||
work on Android
|
||||
+ 6063 Allow override of hazelcast version when using module
|
||||
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves
|
||||
CVE-2021-28165
|
||||
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
|
||||
Message
|
||||
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
|
||||
+ 6102 Exclude webapps directory from deployment scan - Resolves
|
||||
CVE-2021-28163
|
||||
|
||||
jetty-9.4.38.v20210224 - 24 February 2021
|
||||
+ 4275 Path Normalization/Traversal - Context Matching
|
||||
+ 5963 Improve QuotedQualityCSV for CVE-2020-27223
|
||||
+ 5977 Cache-Control header set by a filter is override by the value from
|
||||
DefaultServlet configuration
|
||||
+ 5994 QueuedThreadPool "free" threads
|
||||
+ 5999 HttpURI ArrayIndexOutOfBounds
|
||||
+ 6001 Ambiguous URI legacy compliance mode
|
||||
|
||||
jetty-9.4.37.v20210219 - 19 February 2021
|
||||
+ 4275 Path Normalization/Traversal - Context Matching
|
||||
+ 5492 Add ability to manage start modules by java feature
|
||||
+ 5605 Blocked IO Thread not woken
|
||||
+ 5787 Make ManagedSelector report better JMX data
|
||||
+ 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
|
||||
+ 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
|
||||
+ 5909 Cannot disable HTTP OPTIONS Method
|
||||
+ 5937 Unnecessary blocking in ResourceService
|
||||
+ 5950 Deadlock due to logging inside classloaders
|
||||
+ 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
|
||||
+ 5973 Proxy client TLS authentication example
|
||||
+ 5977 Cache-Control header set by a filter is override by the value from
|
||||
DefaultServlet configuration
|
||||
+ 5979 Configurable gzip Etag extension
|
||||
|
||||
jetty-9.4.36.v20210114 - 14 January 2021
|
||||
+ 5310 Jetty Http2 client discards the response frames when there is GOAWAY
|
||||
and sends RST_STREAM
|
||||
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
|
||||
+ 5633 Allow to configure HttpClient request authority
|
||||
+ 5689 Jetty ssl keystorePath doesn't work with absolute path
|
||||
+ 5755 Cannot configure maxDynamicTableSize on HTTP2Client
|
||||
+ 5783 Fix ConnectionStatistics.*Rate() methods
|
||||
+ 5785 Reduce log level for WebSocket connections closed by clients
|
||||
+ 5794 ServerConnector leaks closed sockets which can lead to file descriptor
|
||||
exhaustion
|
||||
+ 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
|
||||
+ 5830 Jetty-util contains wrong Import-Package
|
||||
+ 5844 download flag to jetty-start causes NullPointerException
|
||||
+ 5845 Use UTF-8 encoding for client basic auth if requested
|
||||
+ 5855 HttpClient may not send queued requests
|
||||
+ 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
|
||||
due to URI case comparison bug
|
||||
|
||||
jetty-9.4.35.v20201120 - 20 November 2020
|
||||
+ 4711 Reset trailers on recycled response
|
||||
+ 5486 PropertyFileLoginModule retains PropertyUserStores
|
||||
+ 5539 StatisticsServlet output is not valid
|
||||
+ 5562 ArrayTernaryTrie consumes too much memory
|
||||
+ 5575 Add SEARCH as a known HttpMethod
|
||||
+ 5605 java.io.IOException: unconsumed input during http request parsing -
|
||||
Resolves CVE-2020-27218
|
||||
+ 5633 Allow to configure HttpClient request authority
|
||||
|
||||
jetty-9.4.34.v20201102 - 02 November 2020
|
||||
+ 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
|
||||
web application causes ClassCastException
|
||||
+ 5488 jetty-dir.css not found when using JPMS
|
||||
+ 5498 ServletHolder lifecycle correctness
|
||||
+ 5521 ResourceCollection NPE in list()
|
||||
+ 5535 Support regex in SslContextFactory include/exclude of protocols
|
||||
+ 5555 NPE for servlet with no mapping
|
||||
|
||||
jetty-9.4.33.v20201020 - 20 October 2020
|
||||
+ 5022 Cleanup ServletHandler, specifically with respect to making filter
|
||||
chains more extensible
|
||||
+ 5368 WebSocket text event execute in same thread as running binary event and
|
||||
destroy Threadlocal
|
||||
+ 5378 Filter/Servlet/Listener Holders are not started if added during
|
||||
STARTING state.
|
||||
+ 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
|
||||
+ 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
|
||||
produced by ForwardedHeader
|
||||
+ 5443 Request without Host header fails with NullPointerException in
|
||||
ForwardedRequestCustomizer
|
||||
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
|
||||
+ 5454 Request error context is not reset
|
||||
+ 5475 Update to spifly 1.3.2 and asm 9
|
||||
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
|
||||
|
||||
jetty-10.0.0.beta2 - 02 October 2020
|
||||
+ 1337 MultiPart Part.write(String fileName) - Write method used unexpected
|
||||
path
|
||||
|
@ -453,6 +345,140 @@ jetty-10.0.0.beta1 - 10 July 2020
|
|||
+ 5000 NPE from Server.dump of FilterMapping
|
||||
+ 5018 WebSocketClient upgrade request timeout not configurable
|
||||
|
||||
jetty-9.4.43.v20210629 - 30 June 2021
|
||||
+ 6379 Reduce contention in all `ByteBufferPool` implementations
|
||||
+ 6382 HttpClient TimeoutException message reports transient values
|
||||
+ 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout
|
||||
+ 6425 Update to asm 9.1
|
||||
+ 6447 Deprecate support for UTF16 encoding in URIs
|
||||
+ 6470 java.nio.ReadOnlyBufferException
|
||||
+ 6473 Improve alias checking in PathResource
|
||||
|
||||
jetty-9.4.42.v20210604 - 04 June 2021
|
||||
+ 5379 Better handling for wrong SNI
|
||||
+ 5931 SslConnection should implement getBytesIn()/getBytesOut()
|
||||
+ 6118 Display a warning when Hazelcast configuration does not contain Jetty
|
||||
session serializer
|
||||
+ 6276 Support non-standard domains in SNI and X509
|
||||
+ 6287 Class loading broken for WebSocketClient used inside webapp
|
||||
+ 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
|
||||
with timeouts are sent
|
||||
|
||||
jetty-9.4.41.v20210516 - 16 May 2021
|
||||
+ 6099 Cipher preference may break SNI if certificates have different key
|
||||
types
|
||||
+ 6186 Add Null Protection on Log / Logger
|
||||
+ 6205 OpenIdAuthenticator may use incorrect redirect
|
||||
+ 6208 HTTP/2 max local stream count exceeded
|
||||
+ 6227 Better resolve race between `AsyncListener.onTimeout` and
|
||||
`AsyncContext.dispatch`
|
||||
+ 6254 Total timeout not enforced for queued requests
|
||||
+ 6263 Review URI encoding in ConcatServlet & WelcomeFilter (Resolved
|
||||
CVE-2021-28169)
|
||||
+ 6277 Better handle exceptions thrown from session destroy listener
|
||||
+ 6280 Copy ServletHolder class/instance properly during startWebapp
|
||||
|
||||
jetty-9.4.40.v20210413 - 13 April 2021
|
||||
+ 6082 SslConnection compacting
|
||||
+ 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
|
||||
+ 6148 Jetty start.jar always reports jetty.tag.version as `master`
|
||||
+ 6168 Improve handling of unconsumed content
|
||||
|
||||
jetty-9.4.39.v20210325 - 25 March 2021
|
||||
+ 6034 SslContextFactory may select a wildcard certificate during SNI
|
||||
selection when a more specific SSL certificate is present
|
||||
+ 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
|
||||
+ 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
|
||||
work on Android
|
||||
+ 6063 Allow override of hazelcast version when using module
|
||||
+ 6072 jetty server high CPU when client send data length > 17408 - Resolves
|
||||
CVE-2021-28165
|
||||
+ 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
|
||||
Message
|
||||
+ 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
|
||||
+ 6102 Exclude webapps directory from deployment scan - Resolves
|
||||
CVE-2021-28163
|
||||
|
||||
jetty-9.4.38.v20210224 - 24 February 2021
|
||||
+ 4275 Path Normalization/Traversal - Context Matching
|
||||
+ 5963 Improve QuotedQualityCSV for CVE-2020-27223
|
||||
+ 5977 Cache-Control header set by a filter is override by the value from
|
||||
DefaultServlet configuration
|
||||
+ 5994 QueuedThreadPool "free" threads
|
||||
+ 5999 HttpURI ArrayIndexOutOfBounds
|
||||
+ 6001 Ambiguous URI legacy compliance mode
|
||||
|
||||
jetty-9.4.37.v20210219 - 19 February 2021
|
||||
+ 4275 Path Normalization/Traversal - Context Matching
|
||||
+ 5492 Add ability to manage start modules by java feature
|
||||
+ 5605 Blocked IO Thread not woken
|
||||
+ 5787 Make ManagedSelector report better JMX data
|
||||
+ 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
|
||||
+ 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
|
||||
+ 5909 Cannot disable HTTP OPTIONS Method
|
||||
+ 5937 Unnecessary blocking in ResourceService
|
||||
+ 5950 Deadlock due to logging inside classloaders
|
||||
+ 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
|
||||
+ 5973 Proxy client TLS authentication example
|
||||
+ 5977 Cache-Control header set by a filter is override by the value from
|
||||
DefaultServlet configuration
|
||||
+ 5979 Configurable gzip Etag extension
|
||||
|
||||
jetty-9.4.36.v20210114 - 14 January 2021
|
||||
+ 5310 Jetty Http2 client discards the response frames when there is GOAWAY
|
||||
and sends RST_STREAM
|
||||
+ 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
|
||||
+ 5633 Allow to configure HttpClient request authority
|
||||
+ 5689 Jetty ssl keystorePath doesn't work with absolute path
|
||||
+ 5755 Cannot configure maxDynamicTableSize on HTTP2Client
|
||||
+ 5783 Fix ConnectionStatistics.*Rate() methods
|
||||
+ 5785 Reduce log level for WebSocket connections closed by clients
|
||||
+ 5794 ServerConnector leaks closed sockets which can lead to file descriptor
|
||||
exhaustion
|
||||
+ 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
|
||||
+ 5830 Jetty-util contains wrong Import-Package
|
||||
+ 5844 download flag to jetty-start causes NullPointerException
|
||||
+ 5845 Use UTF-8 encoding for client basic auth if requested
|
||||
+ 5855 HttpClient may not send queued requests
|
||||
+ 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
|
||||
due to URI case comparison bug
|
||||
|
||||
jetty-9.4.35.v20201120 - 20 November 2020
|
||||
+ 4711 Reset trailers on recycled response
|
||||
+ 5486 PropertyFileLoginModule retains PropertyUserStores
|
||||
+ 5539 StatisticsServlet output is not valid
|
||||
+ 5562 ArrayTernaryTrie consumes too much memory
|
||||
+ 5575 Add SEARCH as a known HttpMethod
|
||||
+ 5605 java.io.IOException: unconsumed input during http request parsing -
|
||||
Resolves CVE-2020-27218
|
||||
+ 5633 Allow to configure HttpClient request authority
|
||||
|
||||
jetty-9.4.34.v20201102 - 02 November 2020
|
||||
+ 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
|
||||
web application causes ClassCastException
|
||||
+ 5488 jetty-dir.css not found when using JPMS
|
||||
+ 5498 ServletHolder lifecycle correctness
|
||||
+ 5521 ResourceCollection NPE in list()
|
||||
+ 5535 Support regex in SslContextFactory include/exclude of protocols
|
||||
+ 5555 NPE for servlet with no mapping
|
||||
|
||||
jetty-9.4.33.v20201020 - 20 October 2020
|
||||
+ 5022 Cleanup ServletHandler, specifically with respect to making filter
|
||||
chains more extensible
|
||||
+ 5368 WebSocket text event execute in same thread as running binary event and
|
||||
destroy Threadlocal
|
||||
+ 5378 Filter/Servlet/Listener Holders are not started if added during
|
||||
STARTING state.
|
||||
+ 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
|
||||
+ 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
|
||||
produced by ForwardedHeader
|
||||
+ 5443 Request without Host header fails with NullPointerException in
|
||||
ForwardedRequestCustomizer
|
||||
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
|
||||
+ 5454 Request error context is not reset
|
||||
+ 5475 Update to spifly 1.3.2 and asm 9
|
||||
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
|
||||
|
||||
jetty-9.4.32.v20200930 - 30 September 2020
|
||||
+ 2796 HTTP/2 max local stream count exceeded when request fails
|
||||
+ 3766 Introduce HTTP/2 API to batch frames
|
||||
|
|
Loading…
Reference in New Issue