Simone Bordet
cfe1baa048
Issue #3978 - HTTP/2 vulnerabilities.
...
Implemented rate control for HTTP/2 frames using a single RateControl
object to avoid that each individual vulnerability is within limits,
but combined they still overload the server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-17 22:51:39 +02:00
Bogdan Arabadzhi
f14abdd600
Add WebAssembly MIME type support
...
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
2019-08-17 12:02:03 +02:00
Joakim Erdfelt
1254f6eb67
Issue #3985 - Fixing RequestTest
...
+ Moving overly bad cookie to CookieCutter_LenientTest
+ Changing expectation in RequestTest.testCookie()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:57:26 -05:00
Joakim Erdfelt
472ede48cd
Issue #3983 - JarFileResource directory listing is invalid
...
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:48:42 -05:00
Joakim Erdfelt
f65e59cadf
Issue #3983 - Modernizing JarResourceTest
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 15:13:53 -05:00
Joakim Erdfelt
fba010d33d
Issue #3985 - Updates to CookieCutter to reject no-equal cookies
...
* If a cookie has no value it is rejected and not stored.
- `name` is rejected
- `name=` is accepted, with empty value
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-16 13:11:40 -05:00
Joakim Erdfelt
eaf2263053
Issue #3985 - Testcase for CookieCutter parsing issue of bad cookie
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-15 17:58:53 -05:00
Chris Walker
d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722
2019-08-15 10:55:12 -04:00
Joakim Erdfelt
50b524bb6b
Merge branch `release-9.4.20` into `jetty-9.4.x`
2019-08-15 07:27:25 -05:00
Jan Bartel
af6c675023
Issue #3913 Fix races in session request reference counting ( #3947 )
...
* Issue #3913 Fix races in session request reference counting
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-15 12:27:18 +10:00
Lachlan Roberts
7d7d932288
Issue #3968 - remove public from methods in ReadState
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 09:16:05 +10:00
Lachlan Roberts
11d1ad6504
disable flaky test WebSocketConnectionStatsTest
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 08:04:57 +10:00
Chris Walker
47759b3f9b
Updated security documentation with latest CVEs. Resolves #3980
2019-08-14 10:23:22 -04:00
Lachlan
2a109dccbc
Issue #3968 - prevent ReadPending and ISE from AbstractWebSocketConnection ( #3979 )
...
* Issue #3968 - websocket suspend fix and cleanups
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3968 - fixed race conditions when using websocket ReadState
combine the previous ReadMode into ReadState by using ReadState.Action
which is returned from ReadState.getAction(ByteBuffer) where an atomic
decision is made of what action to do
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-14 21:28:35 +10:00
Olivier Lamy
8761b345b5
Jetty 9.4.x timeout to build only do not include time to get node ( #3975 )
...
* fix timeout to apply on build time not on getting node time
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* fix typo
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-14 20:30:54 +10:00
Joakim Erdfelt
f1efc99918
Updating to version 9.4.21-SNAPSHOT
2019-08-13 17:34:20 -05:00
Joakim Erdfelt
84700530e6
Updating to version 9.4.20.v20190813
2019-08-13 16:13:21 -05:00
Joakim Erdfelt
cbe34d9bc2
Revert "Jetty 9.4.x release faster (no need of triggering plugins already triggered) ( #3944 )"
...
+ Breaks the release build.
javadoc and source artifacts lack gpg signatures
This reverts commit 50aa1cf786
.
2019-08-13 16:05:35 -05:00
Joakim Erdfelt
982717cc77
Merge pull request #3972 from eclipse/jetty-9.4.x-3969-forwarded-headers-testing
...
Fixes #3969 - Fixing X-Forwarded-Port header setter
2019-08-13 16:01:32 -05:00
Joakim Erdfelt
fec01a4628
Fixes #3969 - Changing TYPE to class from PR review
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 16:00:18 -05:00
Joakim Erdfelt
3940baea9c
Fixes #3969 - Adding comments from PR review
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 15:56:11 -05:00
Joakim Erdfelt
72c05bc8ba
Fixes #3969 - Fixing X-Forwarded-Port header setter
...
+ Fixing ForwardedRequestCustomizer.getForwardedPortHeader()
+ Fixing ForwardedRequestCustomizer.setForwardedPortHeader(String)
+ Refactoring unit tests:
+ Tests default ForwardedRequestCustomizer behavior
on one Connector
+ Tests header configured ForwardedRequestCustomizer behavior
on different Connector
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 12:39:30 -05:00
Joakim Erdfelt
d10fea9b7e
Merge pull request #3970 from eclipse/jetty-9.4.x-3969-xforwarded-host
...
Issue #3969 - adding testcase to verify Host & X-Forwarded behavior
2019-08-13 09:16:08 -05:00
Joakim Erdfelt
e4b4a30c4c
Merge pull request #3961 from eclipse/jetty-9.4.x-3804-Decoration-Fixes
...
Fixed decoration changes for #3804
2019-08-13 09:15:31 -05:00
Joakim Erdfelt
4b17d28cb0
Issue #3969 - adding testcase to verify behavior
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 07:30:14 -05:00
olivier lamy
cfd01d6bbc
remove non needed file
...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 16:36:24 +10:00
Lachlan
d3bc0b931a
Issue #3957 - fix bad usage of MethodHandles.lookup() ( #3962 )
...
* Issue #3957 - fix bad usage of MethodHandles.lookup()
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3957 CustomRequestLog remove unnecessary local string variables
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-13 14:47:39 +10:00
Greg Wilkins
8c4dd7ab05
Fixed decoration changes for #3804
...
Fixed bad names in OWB webapp.
Don't have the owb jetty-web.xml on by default.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-13 11:14:44 +10:00
Olivier Lamy
02c247be5f
include test sources in checkstyle report ( #3948 )
...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 10:20:55 +10:00
Simone Bordet
46e1896322
Fixes #3960 - Fix HttpConfiguration copy constructor.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:42:54 +02:00
Simone Bordet
76612ea7ca
Updated dependency to h2spec to 0.6.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:38:34 +02:00
Greg Wilkins
699f832632
Fixed test for symlinked directory
...
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-12 17:21:49 +10:00
Joakim Erdfelt
e7a1978556
Merge pull request #3946 from eclipse/jetty-9.4.x-3804-Decoration-rename
...
Issue #3804 CDI integration rename
2019-08-09 08:43:07 -05:00
Simone Bordet
27c0ae605f
Issue #3804 - CDI integration rename.
...
Fixed javadocs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-09 11:25:00 +02:00
Olivier Lamy
50aa1cf786
Jetty 9.4.x release faster (no need of triggering plugins already triggered) ( #3944 )
...
* source:jar javadoc:jar are already triggered by eclipse-release profile so no need to call directly as it add more jars to deploy :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* no need of sources jar in release profile as it is already part of normal build, and use jar-no-fork in normal to avoid forking another lifecycle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* no need of triggering gpg plugin again as it is part of the release-jetty.sh script
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-09 11:24:31 +10:00
Greg Wilkins
093b39be09
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 09:23:17 +10:00
Greg Wilkins
bf1ece938f
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 08:20:27 +10:00
Joakim Erdfelt
bcb4c59ab2
Issue #3804 - cleanup of CDITest arguments
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-08 10:21:12 -05:00
Olivier Lamy
503a52273e
Jetty 9.4.x fix some part of the code assuming cast to HttpServletRequest is possible ( #3945 )
...
* code assume request is HttpServletRequest whereas it can be ServletRequestWrapper, this fix some failing tck tests
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* return directly if the instance is already HttpServlet*Wrapper
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* changes after review
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle and cleanup import
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-08 20:46:19 +10:00
Greg Wilkins
eb4be618ee
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 19:03:59 +10:00
Lachlan
3f34301660
do not echo part content in MultiPartTest ( #3942 )
...
* sanitize xml from multipart upload in MultiPartTest
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* no longer echoing back part content
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-08 17:55:31 +10:00
Greg Wilkins
516fdd45cb
Issue #3804
...
improved javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 16:11:02 +10:00
Greg Wilkins
9d497084d4
Issue #3804
...
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 15:21:06 +10:00
Greg Wilkins
70fcd3d145
Issue #3804 CDI integration
...
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 12:24:41 +10:00
Greg Wilkins
dc939d753a
Issue #3804 - Update Decorator integration for various CDI implementations ( #3838 )
...
* Jetty Issue #3804 WELD-2587
Support CDI integration:
+ cdi2 module exposes jetty APIs
+ cdi module uses DecorationListener
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Jetty Issue #3804 WELD-2587
Remove DecoratingListener tests from test-jetty-webapp
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improve CDI test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Jetty Issue #3804 WELD-2587
Reverted test to use released CDI and cdi2 module for now.
To test new mechanism, you need to build the weld snapshot locally,
rebuild and switch to cdi module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* remove cdi2 webapp references
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* document attribute
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improved documentation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* logging
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improved javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixed version
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Reverted to also provide the DecoratingListener in the decorate module.
Renamed cdi-demo to weld-cdi-demo
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* revert from Weld SNAPSHOT
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* test all 3 weld integrations
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updated destory implementation to release creationalcontext
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* reverted to released Weld version
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3804 CDI integration
dispose and release context in destroy
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Improved CDI module documentation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* WIP on OWB
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Updates from review
Parameterised CDITests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* share webapp resources for cdi webapp test
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Initialize OWB with a SCI so that listeners can be decorated
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Added OwbDecorator so that cdi2 module can be tested with OWB
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Lookup attribute name
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanups
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Don't do lazy bindings
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Treat partial CDI same as no CDI
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fix maven it test no more need of weld-servlet
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* cleanup it parent pom removing non needed weld servlet
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgraded to Weld 3.1.2.Final
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 04:04:07 +02:00
Joakim Erdfelt
259ef7cf7a
Merge pull request #3943 from eclipse/jetty-9.4.x-checkstyle-remove-abbrev-name
...
Removing `AbbreviationAsWordInName` module
2019-08-07 18:11:40 -05:00
Joakim Erdfelt
3b5543b575
Removing `AbbreviationAsWordInName` module
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-07 18:08:07 -05:00
Simone Bordet
2e2cde69e9
Merge pull request #3899 from eclipse/jetty-9.4.x-3856-maxForm_contentLength_behavior
...
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
2019-08-07 19:46:49 +03:00
Simone Bordet
632c916608
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
...
Removed duplicated, unused, code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 17:35:10 +02:00
Joakim Erdfelt
cb87d7049e
Merge pull request #3923 from eclipse/jetty-9.4.x-3906-seekablebytechannel-fallback
...
Issue #3906 - Handling SeekableByteChannel.position(long) Exception
2019-08-07 07:43:16 -05:00