Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,419 Commits 73 Branches 465 Tags 362 MiB
Commit Graph

19419 Commits

Author SHA1 Message Date
Simone Bordet 5184c4ec3d Issue #3978 - HTTP/2 vulnerabilities. 
Small fixed after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-19 11:38:01 +02:00
olivier lamy 6f2a93d614 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-19 13:12:10 +10:00
Olivier Lamy 95f7fddc59
ServletContext#setSessionTrackingModes must throw IAE if SSL and another mode (#3976) 
* according to Javadoc and failing tck tests
ServletContext#setSessionTrackingModes
IllegalArgumentException - if sessionTrackingModes specifies a combination of SessionTrackingMode.SSL with a session tracking mode other than SessionTrackingMode.SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* test adding only SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fixes from Jan review

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix package order

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-19 12:54:05 +10:00
Greg Wilkins 5fc83c3d0c Issue #3978 HTTP2 Vulnerabilities 
Reduce the number of RateControl fields, instead using common field in
HeaderParser.

Avoid null checking rateControl by having a NO_RATE_CONTROL static

HPack does not emit field with empty header name.

Apply rate control to any header parsing issue resulting in
session/stream failure

Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-19 10:16:40 +10:00
Greg Wilkins 47fb8f4dea Issue #3978 HTTP2 Vulnerabilities 
Fixed race in WindowRateControl by only removing the event that we
just inspected.

Added an AtomicInteger to track the size to avoid iterating over the
linked list.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-19 10:11:28 +10:00
olivier lamy 4db5b38956 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-19 10:09:32 +10:00
Olivier Lamy 7c0266af4c
this is not supposed to return null (#3998) 
see https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/Part.html#getHeaders-java.lang.String-
this fix related tck test

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-19 10:08:21 +10:00
Greg Wilkins 764fcd63a1 Merge branch 'jetty-9.4.x' into jetty-9.4.x-3978-http2_vulnerabilities 2019-08-19 08:46:28 +10:00
Greg Wilkins 9fce1e8512
Merge pull request #3993 from barabadzhi/patch-1 
Add WebAssembly MIME type support
 2019-08-19 08:09:48 +10:00
Simone Bordet cfe1baa048 Issue #3978 - HTTP/2 vulnerabilities. 
Implemented rate control for HTTP/2 frames using a single RateControl
object to avoid that each individual vulnerability is within limits,
but combined they still overload the server.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-17 22:51:39 +02:00
Bogdan Arabadzhi f14abdd600 Add WebAssembly MIME type support 
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
 2019-08-17 12:02:03 +02:00
Joakim Erdfelt 1254f6eb67 Issue #3985 - Fixing RequestTest 
+ Moving overly bad cookie to CookieCutter_LenientTest
+ Changing expectation in RequestTest.testCookie()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:57:26 -05:00
Joakim Erdfelt 472ede48cd Issue #3983 - JarFileResource directory listing is invalid 
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:48:42 -05:00
Joakim Erdfelt f65e59cadf Issue #3983 - Modernizing JarResourceTest 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:13:53 -05:00
Joakim Erdfelt fba010d33d Issue #3985 - Updates to CookieCutter to reject no-equal cookies 
* If a cookie has no value it is rejected and not stored.
  - `name` is rejected
  - `name=` is accepted, with empty value

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 13:11:40 -05:00
Joakim Erdfelt eaf2263053 Issue #3985 - Testcase for CookieCutter parsing issue of bad cookie 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-15 17:58:53 -05:00
Chris Walker 5c5cefcd62 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-15 10:56:15 -04:00
Chris Walker d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722 2019-08-15 10:55:12 -04:00
Joakim Erdfelt 0e9bd3ae5a Merge branch `jetty-9.4.x` into `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

# Conflicts:
#	VERSION.txt
#	aggregates/jetty-all-compact3/pom.xml
#	aggregates/jetty-all/pom.xml
#	apache-jsp/pom.xml
#	apache-jstl/pom.xml
#	build-resources/pom.xml
#	examples/async-rest/async-rest-jar/pom.xml
#	examples/async-rest/async-rest-webapp/pom.xml
#	examples/async-rest/pom.xml
#	examples/embedded/pom.xml
#	examples/pom.xml
#	jetty-alpn/jetty-alpn-client/pom.xml
#	jetty-alpn/jetty-alpn-conscrypt-client/pom.xml
#	jetty-alpn/jetty-alpn-conscrypt-server/pom.xml
#	jetty-alpn/jetty-alpn-java-client/pom.xml
#	jetty-alpn/jetty-alpn-java-server/pom.xml
#	jetty-alpn/jetty-alpn-openjdk8-client/pom.xml
#	jetty-alpn/jetty-alpn-openjdk8-server/pom.xml
#	jetty-alpn/jetty-alpn-server/pom.xml
#	jetty-alpn/pom.xml
#	jetty-annotations/pom.xml
#	jetty-ant/pom.xml
#	jetty-bom/pom.xml
#	jetty-cdi/pom.xml
#	jetty-client/pom.xml
#	jetty-continuation/pom.xml
#	jetty-deploy/pom.xml
#	jetty-distribution/pom.xml
#	jetty-documentation/pom.xml
#	jetty-fcgi/fcgi-client/pom.xml
#	jetty-fcgi/fcgi-server/pom.xml
#	jetty-fcgi/pom.xml
#	jetty-gcloud/jetty-gcloud-session-manager/pom.xml
#	jetty-gcloud/pom.xml
#	jetty-hazelcast/pom.xml
#	jetty-home/pom.xml
#	jetty-http-spi/pom.xml
#	jetty-http/pom.xml
#	jetty-http2/http2-alpn-tests/pom.xml
#	jetty-http2/http2-client/pom.xml
#	jetty-http2/http2-common/pom.xml
#	jetty-http2/http2-hpack/pom.xml
#	jetty-http2/http2-http-client-transport/pom.xml
#	jetty-http2/http2-server/pom.xml
#	jetty-http2/pom.xml
#	jetty-infinispan/infinispan-common/pom.xml
#	jetty-infinispan/infinispan-embedded-query/pom.xml
#	jetty-infinispan/infinispan-embedded/pom.xml
#	jetty-infinispan/infinispan-remote-query/pom.xml
#	jetty-infinispan/infinispan-remote/pom.xml
#	jetty-infinispan/pom.xml
#	jetty-io/pom.xml
#	jetty-jaas/pom.xml
#	jetty-jaspi/pom.xml
#	jetty-jmx/pom.xml
#	jetty-jndi/pom.xml
#	jetty-jspc-maven-plugin/pom.xml
#	jetty-maven-plugin/pom.xml
#	jetty-memcached/jetty-memcached-sessions/pom.xml
#	jetty-memcached/pom.xml
#	jetty-nosql/pom.xml
#	jetty-osgi/jetty-osgi-alpn/pom.xml
#	jetty-osgi/jetty-osgi-boot-jsp/pom.xml
#	jetty-osgi/jetty-osgi-boot-warurl/pom.xml
#	jetty-osgi/jetty-osgi-boot/pom.xml
#	jetty-osgi/jetty-osgi-httpservice/pom.xml
#	jetty-osgi/pom.xml
#	jetty-osgi/test-jetty-osgi-context/pom.xml
#	jetty-osgi/test-jetty-osgi-fragment/pom.xml
#	jetty-osgi/test-jetty-osgi-server/pom.xml
#	jetty-osgi/test-jetty-osgi-webapp/pom.xml
#	jetty-osgi/test-jetty-osgi/pom.xml
#	jetty-plus/pom.xml
#	jetty-proxy/pom.xml
#	jetty-quickstart/pom.xml
#	jetty-rewrite/pom.xml
#	jetty-runner/pom.xml
#	jetty-security/pom.xml
#	jetty-server/pom.xml
#	jetty-servlet/pom.xml
#	jetty-servlets/pom.xml
#	jetty-spring/pom.xml
#	jetty-start/pom.xml
#	jetty-unixsocket/pom.xml
#	jetty-util-ajax/pom.xml
#	jetty-util/pom.xml
#	jetty-webapp/pom.xml
#	jetty-websocket/javax-websocket-common/pom.xml
#	jetty-websocket/javax-websocket-server/pom.xml
#	jetty-websocket/jetty-websocket-api/pom.xml
#	jetty-websocket/jetty-websocket-common/pom.xml
#	jetty-websocket/jetty-websocket-server/pom.xml
#	jetty-websocket/jetty-websocket-tests/pom.xml
#	jetty-websocket/pom.xml
#	jetty-websocket/websocket-core/pom.xml
#	jetty-websocket/websocket-servlet/pom.xml
#	jetty-xml/pom.xml
#	pom.xml
#	tests/jetty-jmh/pom.xml
#	tests/pom.xml
#	tests/test-continuation/pom.xml
#	tests/test-distribution/pom.xml
#	tests/test-http-client-transport/pom.xml
#	tests/test-integration/pom.xml
#	tests/test-jmx/jmx-webapp-it/pom.xml
#	tests/test-jmx/jmx-webapp/pom.xml
#	tests/test-jmx/pom.xml
#	tests/test-loginservice/pom.xml
#	tests/test-quickstart/pom.xml
#	tests/test-sessions/pom.xml
#	tests/test-sessions/test-file-sessions/pom.xml
#	tests/test-sessions/test-gcloud-sessions/pom.xml
#	tests/test-sessions/test-hazelcast-sessions/pom.xml
#	tests/test-sessions/test-infinispan-sessions/pom.xml
#	tests/test-sessions/test-jdbc-sessions/pom.xml
#	tests/test-sessions/test-memcached-sessions/pom.xml
#	tests/test-sessions/test-mongodb-sessions/pom.xml
#	tests/test-sessions/test-sessions-common/pom.xml
#	tests/test-webapps/pom.xml
#	tests/test-webapps/test-cdi-common-webapp/pom.xml
#	tests/test-webapps/test-felix-webapp/pom.xml
#	tests/test-webapps/test-http2-webapp/pom.xml
#	tests/test-webapps/test-jaas-webapp/pom.xml
#	tests/test-webapps/test-jetty-webapp/pom.xml
#	tests/test-webapps/test-jndi-webapp/pom.xml
#	tests/test-webapps/test-mock-resources/pom.xml
#	tests/test-webapps/test-owb-cdi-webapp/pom.xml
#	tests/test-webapps/test-proxy-webapp/pom.xml
#	tests/test-webapps/test-servlet-spec/pom.xml
#	tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml
#	tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml
#	tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml
#	tests/test-webapps/test-simple-webapp/pom.xml
#	tests/test-webapps/test-webapp-rfc2616/pom.xml
#	tests/test-webapps/test-weld-cdi-webapp/pom.xml
 2019-08-15 08:09:36 -05:00
Joakim Erdfelt 50b524bb6b Merge branch `release-9.4.20` into `jetty-9.4.x` 2019-08-15 07:27:25 -05:00
Jan Bartel c9c59e71b6 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x 2019-08-15 13:47:58 +10:00
Jan Bartel af6c675023
Issue #3913 Fix races in session request reference counting (#3947) 
* Issue #3913 Fix races in session request reference counting

Signed-off-by: Jan Bartel <janb@webtide.com>
 2019-08-15 12:27:18 +10:00
Lachlan Roberts 7d7d932288 Issue #3968 - remove public from methods in ReadState 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-15 09:16:05 +10:00
Greg Wilkins 9ba9df1495 fixed merge for CDITests 
Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-15 08:13:02 +10:00
Lachlan Roberts 11d1ad6504 disable flaky test WebSocketConnectionStatsTest 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-15 08:04:57 +10:00
olivier lamy 7e961b2c99 javadoc:aggregate-jar cannot run on jetty-10 because of bug in javadoc plugin or javadoc in jdk still need to figure out.. 
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-15 07:12:30 +10:00
Joakim Erdfelt a11f6a0304 Merging build-resources from `jetty-9.4.x` to `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-14 09:40:46 -05:00
Joakim Erdfelt 3544283865 Merge branch `jetty-9.4.x` into `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

# Conflicts:
#	Jenkinsfile
#	jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
#	jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/AbstractWebSocketConnection.java
#	jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/ReadState.java
#	jetty-websocket/websocket-common/src/test/java/org/eclipse/jetty/websocket/common/io/ReadStateTest.java
#	tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/CDITests.java
 2019-08-14 09:39:06 -05:00
Chris Walker 47759b3f9b
Updated security documentation with latest CVEs. Resolves #3980 2019-08-14 10:23:22 -04:00
Lachlan 2a109dccbc
Issue #3968 - prevent ReadPending and ISE from AbstractWebSocketConnection (#3979) 
* Issue #3968 - websocket suspend fix and cleanups

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #3968 - fixed race conditions when using websocket ReadState

combine the previous ReadMode into ReadState by using ReadState.Action
which is returned from ReadState.getAction(ByteBuffer) where an atomic
decision is made of what action to do

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-14 21:28:35 +10:00
olivier lamy bf5f4c860c do not try to deploy this one 
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-14 20:43:28 +10:00
Olivier Lamy 8761b345b5
Jetty 9.4.x timeout to build only do not include time to get node (#3975) 
* fix timeout to apply on build time not on getting node time

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix typo

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-14 20:30:54 +10:00
Joakim Erdfelt f1efc99918 Updating to version 9.4.21-SNAPSHOT 2019-08-13 17:34:20 -05:00
Joakim Erdfelt 84700530e6 Updating to version 9.4.20.v20190813 2019-08-13 16:13:21 -05:00
Joakim Erdfelt cbe34d9bc2 Revert "Jetty 9.4.x release faster (no need of triggering plugins already triggered) (#3944)" 
+ Breaks the release build.
  javadoc and source artifacts lack gpg signatures

This reverts commit 50aa1cf786.
 2019-08-13 16:05:35 -05:00
Joakim Erdfelt 982717cc77
Merge pull request #3972 from eclipse/jetty-9.4.x-3969-forwarded-headers-testing 
Fixes #3969 - Fixing X-Forwarded-Port header setter
 2019-08-13 16:01:32 -05:00
Joakim Erdfelt fec01a4628 Fixes #3969 - Changing TYPE to class from PR review 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-13 16:00:18 -05:00
Joakim Erdfelt 3940baea9c Fixes #3969 - Adding comments from PR review 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-13 15:56:11 -05:00
Joakim Erdfelt 72c05bc8ba Fixes #3969 - Fixing X-Forwarded-Port header setter 
+ Fixing ForwardedRequestCustomizer.getForwardedPortHeader()
+ Fixing ForwardedRequestCustomizer.setForwardedPortHeader(String)
+ Refactoring unit tests:
  + Tests default ForwardedRequestCustomizer behavior
    on one Connector
  + Tests header configured ForwardedRequestCustomizer behavior
    on different Connector

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-13 12:39:30 -05:00
Simone Bordet a700907522
Issue #250 - Implement HTTP CONNECT for HTTP/2. (#3539) 
Fixes #250 - Implement HTTP CONNECT for HTTP/2.

Modified HTTP/2 implementation to support the CONNECT method.
Implemented semantic defined by RFC 8441.
Implemented section 8.3 of RFC 7540.
Introduced HTTP2Client.streamIdleTimeout.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-13 19:07:04 +03:00
Joakim Erdfelt d10fea9b7e
Merge pull request #3970 from eclipse/jetty-9.4.x-3969-xforwarded-host 
Issue #3969 - adding testcase to verify Host & X-Forwarded behavior
 2019-08-13 09:16:08 -05:00
Joakim Erdfelt e4b4a30c4c
Merge pull request #3961 from eclipse/jetty-9.4.x-3804-Decoration-Fixes 
Fixed decoration changes for #3804
 2019-08-13 09:15:31 -05:00
Joakim Erdfelt 4b17d28cb0 Issue #3969 - adding testcase to verify behavior 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-13 07:30:14 -05:00
olivier lamy 518906f464 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-13 16:36:52 +10:00
olivier lamy cfd01d6bbc remove non needed file 
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-13 16:36:24 +10:00
Lachlan Roberts ee40006a5e remove NullMessage from websocket jetty-9.4.x merge 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-13 15:28:20 +10:00
Lachlan Roberts 279c382a1f Merge remote-tracking branch 'eclipse/jetty-9.4.x' into jetty-10.0.x 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-13 15:00:38 +10:00
Lachlan d3bc0b931a
Issue #3957 - fix bad usage of MethodHandles.lookup() (#3962) 
* Issue #3957 - fix bad usage of MethodHandles.lookup()

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #3957 CustomRequestLog remove unnecessary local string variables

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-13 14:47:39 +10:00
Greg Wilkins 8c4dd7ab05 Fixed decoration changes for #3804 
Fixed bad names in OWB webapp.
Don't have the owb jetty-web.xml on by default.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-13 11:14:44 +10:00
olivier lamy 072de1ba3c Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-13 10:22:25 +10:00