Update Version.txt with CVEs (#6014)

Adds CVEs to Version.txt
This commit is contained in:
Chris Walker 2021-02-25 14:56:11 -06:00 committed by GitHub
parent 2001f9f963
commit ff8cf93efd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 16 deletions

View File

@ -67,7 +67,7 @@ jetty-10.0.0 - 02 December 2020
+ 5555 NPE for servlet with no mapping
+ 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod
+ 5605 java.io.IOException: unconsumed input during http request parsing
+ 5605 java.io.IOException: unconsumed input during http request parsing - Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority
+ 5679 Distro argument --list-all-modules does not work
+ 5680 No way to see which modules are enabled for the distro
@ -91,7 +91,7 @@ jetty-10.0.0.beta3 - 21 October 2020
+ 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer
+ 5448 Request.isSecure() returns false for `https` schemes in Jetty 10
+ 5451 Improve Working Directory creation
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
@ -136,8 +136,8 @@ jetty-9.4.35.v20201120 - 20 November 2020
+ 5539 StatisticsServlet output is not valid
+ 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod
+ 5605 CVE-2020-27218 java.io.IOException: unconsumed input during http
request parsing
+ 5605 java.io.IOException: unconsumed input during http
request parsing - Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority
jetty-9.4.34.v20201102 - 02 November 2020
@ -161,7 +161,7 @@ jetty-9.4.33.v20201020 - 20 October 2020
produced by ForwardedHeader
+ 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer
+ 5451 Improve Working Directory creation
+ 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
@ -394,7 +394,7 @@ jetty-9.4.30.v20200611 - 11 June 2020
+ 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
before
+ 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
+ 4936 Response header overflow leads to buffer corruptions
+ 4936 Response header overflow leads to buffer corruptions - Resolves CVE-2019-17638
jetty-9.4.29.v20200521 - 21 May 2020
+ 2188 Lock contention creating HTTP/2 streams
@ -531,7 +531,7 @@ jetty-9.4.24.v20191120 - 20 November 2019
+ 3083 The ini-template for jetty.console-capture.dir does not match the
default value
+ 4128 OpenIdCredetials can't decode JWT ID token
+ 4334 Better test ErrorHandler changes
+ 4334 Better test ErrorHandler changes - Resolves CVE-2019-17632
jetty-9.4.23.v20191118 - 18 November 2019
+ 1485 Add systemd service file
@ -621,6 +621,7 @@ jetty-9.4.22.v20191022 - 22 October 2019
inclusion of sessionid
jetty-9.4.21.v20190926 - 26 September 2019
+ Includes fixes for CVE-2019-9511, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, and CVE-2019-9518
+ 97 Permanent UnavailableException thrown during servlet request handling
should cause servlet destroy
+ 137 Support OAuth
@ -766,8 +767,8 @@ jetty-9.4.18.v20190429 - 29 April 2019
jetty-9.4.17.v20190418 - 18 April 2019
+ 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions
+ 3464 Split SslContextFactory into Client and Server
+ 3549 Directory Listing on Windows reveals Resource Base path
+ 3555 DefaultHandler Reveals Base Resource Path of each Context
+ 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.4.16.v20190411 - 11 April 2019
+ 1861 Limit total bytes pooled by ByteBufferPools
@ -775,7 +776,7 @@ jetty-9.4.16.v20190411 - 11 April 2019
+ 3159 WebSocket permessage-deflate RSV1 validity check
+ 3274 OSGi versions of java.base classes in
org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
+ 3319 Modernize Directory Listing: HTML5 and Sorting
+ 3319 Modernize Directory Listing: HTML5 and Sorting - Resolves CVE-2019-10241
+ 3361 HandlerCollection.addHandler is lacking synchronization
+ 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder
+ 3389 Websockets jsr356 willDecode not invoked during decoding
@ -848,8 +849,8 @@ jetty-9.3.28.v20191105 - 05 November 2019
+ 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
jetty-9.3.27.v20190418 - 18 April 2019
+ 3549 Directory Listing on Windows reveals Resource Base path
+ 3555 DefaultHandler Reveals Base Resource Path of each Context
+ 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.3.26.v20190403 - 03 April 2019
+ 2954 Improve cause reporting for HttpClient failures
@ -857,17 +858,17 @@ jetty-9.3.26.v20190403 - 03 April 2019
org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
+ 3302 Support host:port in X-Forwarded-For header in
ForwardedRequestCustomizer
+ 3319 Allow reverse sort for directory listed files
+ 3319 Allow reverse sort for directory listed files - Resolves CVE-2019-10241
jetty-9.2.29.v20191105 - 05 November 2019
+ 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
jetty-9.2.28.v20190418 - 18 April 2019
+ 3549 Directory Listing on Windows reveals Resource Base path
+ 3555 DefaultHandler Reveals Base Resource Path of each Context
+ 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.2.27.v20190403 - 03 April 2019
+ 3319 Refactored Directory Listing to modernize and avoid XSS
+ 3319 Refactored Directory Listing to modernize and avoid XSS - Resolves CVE-2019-10241
jetty-9.4.14.v20181114 - 14 November 2018
+ 3097 Duplicated programmatic Servlet Listeners causing duplicate calls