Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #346614 (HttpConnection.handle() spins in case of SSL truncation attacks). 

SslSelectChannelEndPoint has been modified to not override shutdownInput() (so behavior is that of the base class, like it should), and when it detects a remote close, it calls SSLEngine.closeInbound(), which throws in case of a truncation attack. The exception is handled and the endpoint closed.

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3225 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Simone Bordet 2011-05-20 13:47:21 +00:00
parent fc6ea06106
commit f7d6bcad50
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
VERSION.txt
View File

@ -6,10 +6,11 @@ jetty-7.4.2-SNAPSHOT
+ 345873 Update jetty-ssl.xml to new style
+ 345900 Handle ipv6 with default port
+ 346014 Fixed full HttpGenerator
+ 346124 ServletContext resources paths not resolved correctly when using UNC shares
+ 346124 ServletContext resources paths not resolved correctly when using UNC shares
+ 346179 o.e.j.util.ScannerTest fails on MacOS X platform
+ 346181 o.e.j.server.StressTest stalls on MacOS X platform
+ JETTY-1342 Recreate selector if wakeup throws JVM bug
+ 346614 HttpConnection.handle() spins in case of SSL truncation attacks
jetty-7.4.1.v20110513
+ 288563 remove unsupported and deprecated --secure option