Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,576 Commits 69 Branches 462 Tags 354 MiB
Commit Graph

28576 Commits

Author SHA1 Message Date
Joakim Erdfelt 4768745849
Updating to version 12.0.1 2023-08-29 16:38:20 -05:00
Joakim Erdfelt 33e91427e2
Fixing release-jetty.sh 2023-08-29 16:31:54 -05:00
Simone Bordet c638753b8d Fixes #10293 - Improve documentation on how to write a response body in Jetty 12. 
Updated documentation about:
* Content.Source
* Content.Sink
* Handler
* Request/Response

Updated few APIs to make easier to write applications.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-29 22:07:42 +02:00
Greg Wilkins d3cd69be68
Fix #10411 default environment (#10415) 
Implemented a simpler default environment algorithm where an application that does not specify an environment is always attempted in the default.

Updated documentation.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-29 18:34:21 +02:00
Ludovic Orban 67ecd9f4a3 #9900 handle review comments 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 17:11:07 +02:00
Ludovic Orban 4757333ed5 #9900 accurate implementation of Request.getBeginNanoTime() for FCGI 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 17:11:07 +02:00
Olivier Lamy 7b13687514
need to be in a PR to use pullRequest field (#10430) 
Signed-off-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 13:48:40 +02:00
Greg Wilkins d6a0226866
Fix #9169 refine idle timeout and failure (#10418) 
Only fail request callback if a failure has not been otherwise notified.
Slight optimisation for failing idle timeouts by avoiding double lock.
Always create a failure if failing the callback.
 2023-08-29 20:44:40 +10:00
Jan Bartel 5808a62660
Issue #10356 Update Weld integration (#10359) 
* Issue #10356 Update Weld integration

Signed-off-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 11:00:50 +02:00
Ludovic Orban 155137605a #10226 disable client leak tracking for H1 transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 8ae62e3a95 #10226 disable client leak tracking for all transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban f3a21cec6f #10226 fix heap dump 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 159238471b #10226 handle review comments 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban a4e33a019f #10226 disable leak tracking only for client/server or impacted transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 18797fad57 #10226 add ability to disable leak tracking and disable currently known leaky threads 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Olivier Lamy 45b6523d13 if build-all-tests label use -Dmaven.test.failure.ignore=true 
Signed-off-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 44aa6036b3 #10226 assert using awaitility and fix heap dump cleanup when a leak is detected 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 01f8812dbb #10226 improve testDownloadWithCloseMiddleOfContent debuggability by helping to discriminate the buffers by their content 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban eece4b0fde #10226 dump the heap when a buffer leak is detected 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 83ee6387b8 #10226 improve Tracking.Buffer dump 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 174c59e9a1 #10226 assert using awaitility 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban bbb994f96d #10226 improve ArrayByteBufferPool.Tracking 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 2fcccef0c4 #10226 fix GZIPContentDecoder buffer leak of zero-capacity buffers 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 7083fa3927 #10226 restore leak tracking in tests 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Lachlan 76cc130d17
Merge pull request #10420 from eclipse/jetty-12.0.x-10402-ServletChannelRecycle 
Issue #10402 - do not recycle ServletChannel if aborted
 2023-08-29 15:00:34 +10:00
Lachlan Roberts 0a2cfab4a8 Issue #10402 - rename ServletChannelState open() to openOutput() 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-29 14:59:59 +10:00
Greg Wilkins e3ee84a5ad
Fix #10416 Do not copy ee9 response headers (#10417) 
Use the core response HttpFields directly as the ee9 response headers to avoid copy and retain persistent field behaviour.
Fix #10416 EE9 Response headers
Added EE9 test to show that Persistent fields can be modified
Updated fix for #10339 so that persistent fields revert to original values after a clear operation
 2023-08-29 08:31:02 +10:00
Simone Bordet 5a8c5bc8c7
Fixes #10353 - Questions about porting WebSocket APIs to jetty-core 12 (#10354) 
* Added direct WebSocket upgrade in the Jetty core WebSocket APIs.
* Updated the WebSocket documentation.
* Optimized WebSocketMappings.getMatchedNegotiator() to avoid allocating a lambda for every invocation.
* Cleaned up core.server.WebSocketUpgradeHandler.
* Expanded websocket docs to mention how the demand mechanism works.
* Fixed code examples with correct demand handling.
* Javadocs for api.Callback.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-28 17:46:12 +02:00
Lachlan Roberts 1c1cc0296b remove debugging printlns 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:50:14 +10:00
Lachlan Roberts 27d0c7a181 Issue #10402 - do not recycle ServletChannel if aborted 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:48:29 +10:00
Joakim Erdfelt 5946503ee0
Merge pull request #10407 from eclipse/fix/12.0.x/transitive-dep-warnings 
Address transitive dependencies with open CVEs
 2023-08-27 05:27:31 -05:00
Simone Bordet 86c245d069
Fixes #10158 - Deploy Jetty context XML file needs environment 
Updated the documentation; a better fix is coming with #10411.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 17:01:21 +02:00
Simone Bordet 2bf25969a0 Improved Handler javadocs. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 12:32:47 +02:00
Greg Wilkins 8ed56b3466
Implement containsLast in HttpFields (#10340) 
Fully implement list iterator so that we can efficiently check for the last item in a multi header list.

---------

Signed-off-by: gregw <gregw@webtide.com>
 2023-08-26 10:05:29 +10:00
Joakim Erdfelt 053d44e52c
Bump jetty-setuid to 2.0.1 (#10406) 
* Bump jetty-setuid to 2.0.1
 2023-08-25 13:47:50 -05:00
Joakim Erdfelt 6683cc3654
Provides transitive vulnerable dependency maven:xalan:xalan:2.7.2 
CVE-2022-34169 7.5 INCORRECT CONVERSION BETWEEN NUMERIC TYPES IN XALAN:XALAN
 2023-08-25 11:36:52 -05:00
Joakim Erdfelt b8ce9db729
Old version of apache-avro uses old jackson. 
Provides transitive vulnerable dependency maven:org.codehaus.jackson:jackson-core-asl:1.9.13
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
 2023-08-25 11:22:28 -05:00
Joakim Erdfelt 6e96f2c4d7
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.4.1 
CVE-2018-11771 5.5 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability pending CVSS allocation
CVE-2021-35515 7.5 Excessive Iteration vulnerability pending CVSS allocation
CVE-2021-35516 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-35517 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-36090 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
 2023-08-25 11:11:38 -05:00
Joakim Erdfelt ae71b40acf
Provides transitive vulnerable dependency maven:org.wildfly.security:wildfly-elytron-credential:1.12.1.Final 
CVE-2022-3143 7.4 Observable Discrepancy vulnerability pending CVSS allocation
 2023-08-25 11:10:03 -05:00
Joakim Erdfelt ca95d3f222
Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.58.Final 
CVE-2021-37136 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2021-37137 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-41915 6.5 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability pending CVSS allocation
 2023-08-25 11:03:28 -05:00
Joakim Erdfelt 87839d3350
Bump transitive vulnerable dependency maven:com.google.protobuf:protobuf-java:3.21.6 
CVE-2022-3171 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
CVE-2022-3509 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-3510 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
 2023-08-25 10:56:08 -05:00
Simone Bordet eeee3ca8ac
Added well-known HTTP/3 servers. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 15:33:46 +02:00
Simone Bordet 0eb4f1b7e3 Updated the documentation about HttpChannel events (they don't exist anymore replaced by `EventsHandler`). 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 12:44:48 +02:00
Lachlan be11dfdbab
Merge PR #10400 to 12.0.x for InetAccessHandler (#10403) 
Issue #10388 - fix InetAccessHandler module

Add DistributionTest for InetAccessHandler
Removed deprecated method from InetAccessHandler.
Fixed InetAccessHandler DistributionTests for 12.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 11:32:46 +02:00
Lachlan acb4ed7174
Merge pull request #10342 from eclipse/jetty-12.0.x-FixSizeLimitHandler 
Issue #10337 - fixes for SizeLimitHandler
 2023-08-25 18:15:29 +10:00
Lachlan ff02d3b086
Merge pull request #10394 from eclipse/jetty-12.0.x-10383-AsyncListenerTest 
Issue #10383 - suppress stack traces from AsyncListenerTest
 2023-08-25 18:14:41 +10:00
Lachlan Roberts 67404f96ce use HttpStatus for 413 and 500 codes in SizeLimitHandler 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 16:24:31 +10:00
Lachlan Roberts be83eb94ad Merge remote-tracking branch 'origin/jetty-12.0.x' into jetty-12.0.x-FixSizeLimitHandler 2023-08-25 16:21:45 +10:00
Lachlan 5c7a222697
Merge pull request #10313 from eclipse/jetty-12.0.x-10295-formAuthDispatch 
Issue #10295 - implement EE10 FormAuthenticator with dispatch option
 2023-08-25 16:14:40 +10:00
Lachlan Roberts a4055a21b0 revert change to stopTimeout in AsyncListenerTest 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 16:09:47 +10:00