a95fe3bfb8
Improvements & bug fixes from testing
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
3a6a3e094d
Use MetaData instead of HttpFields for QPACK
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
da50072cc8
The QpackEncoder should be able to use PreEncodedHttpFields.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
bdf44b8e22
Work through examples B.1. and B.2. from spec and fix bugs.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
7abb1e62f2
Issue #7160- Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-11-30 16:51:58 +11:00
ec221865b6
Merge pull request #6978 from eclipse/jetty-10.0.x-4275-ambiguousparam
...
Improve #4275 ambiguous URIs (#6939 )
2021-10-21 17:48:33 +11:00
866f4517db
Improve #4275 ambiguous URIs ( #6939 )
...
* Improve #4275 ambiguous URIs
A URI like `/foo/%2e%2e;/bar` should be ambiguous both because of the encoded dots and because of the parameters. This means that the default setting of jetty-9 is a bit more secure as this path is considered ambiguous if either Violation.SEGMENT or Violation.PARAM is set.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-10-12 18:22:12 +11:00
cfc67f86d2
Updating to version 10.0.8-SNAPSHOT
2021-10-06 14:51:32 -05:00
da8a4553af
Updating to version 10.0.7
2021-10-06 14:32:37 -05:00
0412bdc3d9
Fixes #6938 - module-info.java file do not use the canonical order for the elements
...
Changed order of entries in module-info.java to be canonical
(cherry picked from commit 02691171d5
2021-10-01 09:25:55 +02:00
51d44a3401
use dependencyManagement for internal dependencies ( #6940 )
...
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-09-30 16:57:19 +10:00
b44dde6098
Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 ( #6755 )
...
* Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0
Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer ) from 3.0.0-M3 to 3.0.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases )
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.0.0-M3...enforcer-3.0.0 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix some upper bound issues and exclude more javax
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
* fix upperbound dependencies issue with enforcer plugin upgrade
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
* exclude this wrong which makes enforcer plugin fail and btw it's not used
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
* fix last enforcer upperbound issues
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-09-14 06:10:48 +10:00
0a78b9845d
Merge pull request #6657 from eclipse/jetty-10.0.x-6642-WebSocketConnectionHeaders
...
Issue #6642 - WebSocket handling of Connection: upgrade,close.
2021-08-31 14:25:47 +10:00
949aa6c342
Issue #6642 - move shutdown logic into HttpChannelOverHTTP and HttpConnection
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-27 11:53:54 +10:00
fa316fc20d
Issue #6642 - never shutdown output after generating a request.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-26 13:09:36 +10:00
cb9a8d4060
Issue #6642 - change HttpGenerator state to END before returning
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-25 11:27:56 +10:00
f7d9d8fcf8
Issue #6642 - prevent connection close after websocket upgrade
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-24 19:39:34 +10:00
5dcc14b114
Merge pull request #6551 from eclipse/jetty-10.0.x-6545-refresh-mimetypes
...
Issue #6545 - Add more mime-types
2021-07-28 05:47:36 -05:00
bd11d6f682
#6491 add defensive check and introduce HttpParser.isTerminated()
...
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2021-07-28 10:14:19 +02:00
8971ea991f
Issue #6545 - Add more mime-types
...
+ Adding webp + avif + apng based on current
`Accept` header offerings from current browsers.
Firefox 90.0
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8`
Chrome 92.0.4515.107
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9`
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-07-27 11:48:39 -05:00
92b6f336b6
Merge pull request #6503 from eclipse/release-10.0.6
...
Merge Release 10.0.6
2021-07-07 08:21:20 -05:00
8945a58ffc
Reduce header cache memory usage on non persistent requests ( #6494 )
...
Delay creating a header cache until a second request on a parser.
Refactored cache code into subclass
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2021-07-07 12:51:06 +10:00
259f9af9c9
Merge pull request #6490 from eclipse/jetty-10.0.x-6489-UriCompliance
...
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
2021-07-06 15:58:51 +10:00
76ab749aca
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:52:07 +10:00
b82b46243d
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:27:17 +10:00
c245a70893
Updating to version 10.0.7-SNAPSHOT
2021-06-29 10:51:22 -05:00
37e7731b4b
Updating to version 10.0.6
2021-06-29 10:27:56 -05:00
3c32afa05c
Issue #6473 - canonicalPath refactor & fix alias check in PathResource (Jetty-10) ( #6478 )
...
Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-29 15:42:39 +02:00
bc0fbbb5c1
Revert logic in Request.setMetaData, clear emptySegment on HttpUri.clear() ( #6468 )
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Manually merged as ECA checks are broken
2021-06-24 17:18:49 +10:00
4673846635
Compliance modes documentation ( #6312 )
...
Added doco on compliance modes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-06-24 15:20:05 +10:00
d233f3be02
Issue #6447 - Deprecate support for UTF16 encoding in URIs ( #6457 )
...
Deprecate support for UTF16 encoding in URIs.
Add compliance mode to allow UTF16 encodings.
Improve testing.
2021-06-23 22:58:49 +10:00
9d2d1e29b7
Updating to version 10.0.6-SNAPSHOT
2021-06-11 09:42:42 -05:00
dc21b2d73c
Updating to version 10.0.5
2021-06-11 09:18:00 -05:00
b4d7e5117d
Issue #6302 - Treat empty path segments as ambiguous. ( #6304 )
...
Issue #6302 - Treat empty path segments are ambiguous.
* Fix false empty segments being reported.
* Add HttpUriTests for the empty segment as ambiguous
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-10 15:12:59 +02:00
987066aac1
Updating to version 10.0.5-SNAPSHOT
2021-06-04 13:28:47 -05:00
5523480c54
Updating to version 10.0.4
2021-06-04 13:09:44 -05:00
9ace21992e
Updated POM versions to 10.0.4-SNAPSHOT.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-05-21 17:07:46 +02:00
f58dbedcd0
Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
...
Review URI encoding in ConcatServlet & WelcomeFilter and improve testing.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-05-12 17:14:43 +02:00
4c98990cd9
Create FileBufferedResponseHandler to buffer responses into a file. ( #6010 )
...
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-04-19 11:02:44 +10:00
b56edf511a
UriCompliance mode improvements #6132 ( #6137 )
...
Resolve #6132
Improve configuration of ambiguous URI handling.
Added NON_CANONICAL_AMBIGUOUS_PATHS
2021-04-08 12:03:30 +10:00
e3c87fc2af
Changed exception check by JUnit API usage ( #6133 )
2021-04-06 08:51:50 +10:00
a0796d1055
Updating to version 10.0.3-SNAPSHOT
2021-03-26 06:31:31 +00:00
7bd207b309
Updating to version 10.0.2
2021-03-26 06:13:42 +00:00
d27363fa55
back to 10.0.2-SNAPSHOT
...
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-03-26 06:10:47 +00:00
7a9e01ac56
Updating to version 10.0.3-SNAPSHOT
2021-03-25 10:38:15 -05:00
aac6bfbd48
Updating to version 10.0.2
2021-03-25 10:21:44 -05:00
6fca106160
Reverted version to 10.0.2-SNAPSHOT.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-03-25 16:02:45 +01:00
3d0574d64c
Updating to version 10.0.3-SNAPSHOT
2021-03-25 04:10:39 +00:00
ab235ad687
Updating to version 10.0.2
2021-03-25 03:57:25 +00:00
06e1a7e88d
URI compliance modes for #6001 ( #6006 )
...
* Fix #4275 separate compliance modes for ambiguous URI segments and separators
default modes allows both ambiguous separators and segments, but still forbids ambiguous parameters
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-03-02 11:59:16 +01:00
Lachlan Roberts
Joakim Erdfelt
Simone Bordet
Olivier Lamy
dependabot[bot]
Ludovic Orban
Greg Wilkins
Guilherme Amaral
Jesse McConnell