Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Version.txt with CVEs (#6014) 

Adds CVEs to Version.txt
This commit is contained in:
Chris Walker 2021-02-25 14:56:11 -06:00 committed by GitHub
parent 2001f9f963
commit ff8cf93efd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
VERSION.txt
View File

@ -67,7 +67,7 @@ jetty-10.0.0 - 02 December 2020
+ 5555 NPE for servlet with no mapping + 5555 NPE for servlet with no mapping
+ 5562 ArrayTernaryTrie consumes too much memory + 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod + 5575 Add SEARCH as a known HttpMethod
+ 5605 java.io.IOException: unconsumed input during http request parsing + 5605 java.io.IOException: unconsumed input during http request parsing - Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority + 5633 Allow to configure HttpClient request authority
+ 5679 Distro argument --list-all-modules does not work + 5679 Distro argument --list-all-modules does not work
+ 5680 No way to see which modules are enabled for the distro + 5680 No way to see which modules are enabled for the distro
@ -91,7 +91,7 @@ jetty-10.0.0.beta3 - 21 October 2020
+ 5443 Request without Host header fails with NullPointerException in + 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer ForwardedRequestCustomizer
+ 5448 Request.isSecure() returns false for `https` schemes in Jetty 10 + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10
+ 5451 Improve Working Directory creation + 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset + 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9 + 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
@ -136,8 +136,8 @@ jetty-9.4.35.v20201120 - 20 November 2020
+ 5539 StatisticsServlet output is not valid + 5539 StatisticsServlet output is not valid
+ 5562 ArrayTernaryTrie consumes too much memory + 5562 ArrayTernaryTrie consumes too much memory
+ 5575 Add SEARCH as a known HttpMethod + 5575 Add SEARCH as a known HttpMethod
+ 5605 CVE-2020-27218 java.io.IOException: unconsumed input during http + 5605 java.io.IOException: unconsumed input during http
request parsing request parsing - Resolves CVE-2020-27218
+ 5633 Allow to configure HttpClient request authority + 5633 Allow to configure HttpClient request authority
jetty-9.4.34.v20201102 - 02 November 2020 jetty-9.4.34.v20201102 - 02 November 2020
@ -161,7 +161,7 @@ jetty-9.4.33.v20201020 - 20 October 2020
produced by ForwardedHeader produced by ForwardedHeader
+ 5443 Request without Host header fails with NullPointerException in + 5443 Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer ForwardedRequestCustomizer
+ 5451 Improve Working Directory creation + 5451 Improve Working Directory creation - Resolves CVE-2020-27216
+ 5454 Request error context is not reset + 5454 Request error context is not reset
+ 5475 Update to spifly 1.3.2 and asm 9 + 5475 Update to spifly 1.3.2 and asm 9
+ 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
@ -394,7 +394,7 @@ jetty-9.4.30.v20200611 - 11 June 2020
+ 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
before before
+ 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
+ 4936 Response header overflow leads to buffer corruptions + 4936 Response header overflow leads to buffer corruptions - Resolves CVE-2019-17638
jetty-9.4.29.v20200521 - 21 May 2020 jetty-9.4.29.v20200521 - 21 May 2020
+ 2188 Lock contention creating HTTP/2 streams + 2188 Lock contention creating HTTP/2 streams
@ -531,7 +531,7 @@ jetty-9.4.24.v20191120 - 20 November 2019
+ 3083 The ini-template for jetty.console-capture.dir does not match the + 3083 The ini-template for jetty.console-capture.dir does not match the
default value default value
+ 4128 OpenIdCredetials can't decode JWT ID token + 4128 OpenIdCredetials can't decode JWT ID token
+ 4334 Better test ErrorHandler changes + 4334 Better test ErrorHandler changes - Resolves CVE-2019-17632
jetty-9.4.23.v20191118 - 18 November 2019 jetty-9.4.23.v20191118 - 18 November 2019
+ 1485 Add systemd service file + 1485 Add systemd service file
@ -621,6 +621,7 @@ jetty-9.4.22.v20191022 - 22 October 2019
inclusion of sessionid inclusion of sessionid
jetty-9.4.21.v20190926 - 26 September 2019 jetty-9.4.21.v20190926 - 26 September 2019
+ Includes fixes for CVE-2019-9511, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, and CVE-2019-9518
+ 97 Permanent UnavailableException thrown during servlet request handling + 97 Permanent UnavailableException thrown during servlet request handling
should cause servlet destroy should cause servlet destroy
+ 137 Support OAuth + 137 Support OAuth
@ -766,8 +767,8 @@ jetty-9.4.18.v20190429 - 29 April 2019
jetty-9.4.17.v20190418 - 18 April 2019 jetty-9.4.17.v20190418 - 18 April 2019
+ 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions + 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions
+ 3464 Split SslContextFactory into Client and Server + 3464 Split SslContextFactory into Client and Server
+ 3549 Directory Listing on Windows reveals Resource Base path + 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.4.16.v20190411 - 11 April 2019 jetty-9.4.16.v20190411 - 11 April 2019
+ 1861 Limit total bytes pooled by ByteBufferPools + 1861 Limit total bytes pooled by ByteBufferPools
@ -775,7 +776,7 @@ jetty-9.4.16.v20190411 - 11 April 2019
+ 3159 WebSocket permessage-deflate RSV1 validity check + 3159 WebSocket permessage-deflate RSV1 validity check
+ 3274 OSGi versions of java.base classes in + 3274 OSGi versions of java.base classes in
org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
+ 3319 Modernize Directory Listing: HTML5 and Sorting + 3319 Modernize Directory Listing: HTML5 and Sorting - Resolves CVE-2019-10241
+ 3361 HandlerCollection.addHandler is lacking synchronization + 3361 HandlerCollection.addHandler is lacking synchronization
+ 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder + 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder
+ 3389 Websockets jsr356 willDecode not invoked during decoding + 3389 Websockets jsr356 willDecode not invoked during decoding
@ -848,8 +849,8 @@ jetty-9.3.28.v20191105 - 05 November 2019
+ 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
jetty-9.3.27.v20190418 - 18 April 2019 jetty-9.3.27.v20190418 - 18 April 2019
+ 3549 Directory Listing on Windows reveals Resource Base path + 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.3.26.v20190403 - 03 April 2019 jetty-9.3.26.v20190403 - 03 April 2019
+ 2954 Improve cause reporting for HttpClient failures + 2954 Improve cause reporting for HttpClient failures
@ -857,17 +858,17 @@ jetty-9.3.26.v20190403 - 03 April 2019
org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+ org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
+ 3302 Support host:port in X-Forwarded-For header in + 3302 Support host:port in X-Forwarded-For header in
ForwardedRequestCustomizer ForwardedRequestCustomizer
+ 3319 Allow reverse sort for directory listed files + 3319 Allow reverse sort for directory listed files - Resolves CVE-2019-10241
jetty-9.2.29.v20191105 - 05 November 2019 jetty-9.2.29.v20191105 - 05 November 2019
+ 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
jetty-9.2.28.v20190418 - 18 April 2019 jetty-9.2.28.v20190418 - 18 April 2019
+ 3549 Directory Listing on Windows reveals Resource Base path + 3549 Directory Listing on Windows reveals Resource Base path - Resolves CVE-2019-10246
+ 3555 DefaultHandler Reveals Base Resource Path of each Context + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves CVE-2019-10247
jetty-9.2.27.v20190403 - 03 April 2019 jetty-9.2.27.v20190403 - 03 April 2019
+ 3319 Refactored Directory Listing to modernize and avoid XSS + 3319 Refactored Directory Listing to modernize and avoid XSS - Resolves CVE-2019-10241
jetty-9.4.14.v20181114 - 14 November 2018 jetty-9.4.14.v20181114 - 14 November 2018
+ 3097 Duplicated programmatic Servlet Listeners causing duplicate calls + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls