Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,533 Commits 69 Branches 465 Tags 359 MiB
Commit Graph

19533 Commits

Author SHA1 Message Date
Joakim Erdfelt 30bd3914cf Issue #4000 - SameFileAliasChecker to help with NFD/NFC 
+ Adding SameFileAliasChecker to help with environments
  where the Alias and the Path point to the same file,
  by relying on the FileSystem and Path implementation
  to make the determination if the two Path references
  truly point to the same file.
+ Minor cleanup of FileSystemResourceTest
+ Additional DefaultServletTest for this UTF-8 differences

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-21 12:21:04 -05:00
Simone Bordet 32fe4e5ca8 Issue #3978 - HTTP/2 vulnerabilities. 
Fixed load test that required `RateControl.NO_RATE_CONTROL`.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-21 11:36:06 +02:00
Greg Wilkins d04c5f1e2a Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x 
Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-20 16:23:09 +10:00
Bruce a1bb3b4491 fix formatting and change comment flags to attributes 
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
 2019-08-20 15:12:03 +10:00
Bruce 6ad148c8f9 parse samesite from cookie comment flag utility functions 
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
 2019-08-20 15:12:03 +10:00
Bruce 2e5f6fca4b parse SameSite specifier from cookie comment and move HttpOnly comment parsing to org.eclipse.jetty.http.HttpCookie 
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
 2019-08-20 15:12:03 +10:00
Bruce 7c691acbbe use null instead of EXCLUDED to indicate no SameSite attribute should be sent 
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
 2019-08-20 15:12:03 +10:00
Bruce 216f71469b Issue #3040 - Allow RFC6265 Cookies to include optional SameSite attribute 
Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
 2019-08-20 15:12:03 +10:00
Lachlan Roberts eabae232e5 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-20 12:59:31 +10:00
Lachlan 44986be6c0
fix flaky test ClientCloseTest.testStopLifecycle() in jetty 9.4.x (#3990) 
* fix flaky test ClientCloseTest.testStopLifecycle() in 9.4.x

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* test code cleanups in ClientCloseTest

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-20 12:49:52 +10:00
Joakim Erdfelt ef3f696a11 Issue #4000 - PathResource alias detection work around alt UTF-8 style 
+ OSX File is `swedish-å.txt`
+ OSX has NFD form UTF-8 characters. `swedish-a%CC%8A.txt`
+ HTTP uses normal form UTF-8. `swedish-%C3%A5.txt`
+ A HTTP GET request should work against the resource
  being requested, regardless of UTF-8 style used.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-19 13:52:22 -05:00
Joakim Erdfelt 407b564320 Issue #4000 - adding unit test for raw Resource access for unicode file. 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-19 12:52:43 -05:00
Simone Bordet 5184c4ec3d Issue #3978 - HTTP/2 vulnerabilities. 
Small fixed after review.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-19 11:38:01 +02:00
olivier lamy 6f2a93d614 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-19 13:12:10 +10:00
Olivier Lamy 95f7fddc59
ServletContext#setSessionTrackingModes must throw IAE if SSL and another mode (#3976) 
* according to Javadoc and failing tck tests
ServletContext#setSessionTrackingModes
IllegalArgumentException - if sessionTrackingModes specifies a combination of SessionTrackingMode.SSL with a session tracking mode other than SessionTrackingMode.SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* test adding only SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fixes from Jan review

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix package order

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-19 12:54:05 +10:00
Greg Wilkins 5fc83c3d0c Issue #3978 HTTP2 Vulnerabilities 
Reduce the number of RateControl fields, instead using common field in
HeaderParser.

Avoid null checking rateControl by having a NO_RATE_CONTROL static

HPack does not emit field with empty header name.

Apply rate control to any header parsing issue resulting in
session/stream failure

Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-19 10:16:40 +10:00
Greg Wilkins 47fb8f4dea Issue #3978 HTTP2 Vulnerabilities 
Fixed race in WindowRateControl by only removing the event that we
just inspected.

Added an AtomicInteger to track the size to avoid iterating over the
linked list.

Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-19 10:11:28 +10:00
olivier lamy 4db5b38956 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-19 10:09:32 +10:00
Olivier Lamy 7c0266af4c
this is not supposed to return null (#3998) 
see https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/Part.html#getHeaders-java.lang.String-
this fix related tck test

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-19 10:08:21 +10:00
Greg Wilkins 764fcd63a1 Merge branch 'jetty-9.4.x' into jetty-9.4.x-3978-http2_vulnerabilities 2019-08-19 08:46:28 +10:00
Greg Wilkins 9fce1e8512
Merge pull request #3993 from barabadzhi/patch-1 
Add WebAssembly MIME type support
 2019-08-19 08:09:48 +10:00
Simone Bordet cfe1baa048 Issue #3978 - HTTP/2 vulnerabilities. 
Implemented rate control for HTTP/2 frames using a single RateControl
object to avoid that each individual vulnerability is within limits,
but combined they still overload the server.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2019-08-17 22:51:39 +02:00
Bogdan Arabadzhi f14abdd600 Add WebAssembly MIME type support 
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
 2019-08-17 12:02:03 +02:00
Joakim Erdfelt 1254f6eb67 Issue #3985 - Fixing RequestTest 
+ Moving overly bad cookie to CookieCutter_LenientTest
+ Changing expectation in RequestTest.testCookie()

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:57:26 -05:00
Joakim Erdfelt 472ede48cd Issue #3983 - JarFileResource directory listing is invalid 
+ Correcting encoded path searching
+ Adding more unit tests to ensure no regression

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:48:42 -05:00
Joakim Erdfelt f65e59cadf Issue #3983 - Modernizing JarResourceTest 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 15:13:53 -05:00
Joakim Erdfelt fba010d33d Issue #3985 - Updates to CookieCutter to reject no-equal cookies 
* If a cookie has no value it is rejected and not stored.
  - `name` is rejected
  - `name=` is accepted, with empty value

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-16 13:11:40 -05:00
Joakim Erdfelt eaf2263053 Issue #3985 - Testcase for CookieCutter parsing issue of bad cookie 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-15 17:58:53 -05:00
Chris Walker 5c5cefcd62 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2019-08-15 10:56:15 -04:00
Chris Walker d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722 2019-08-15 10:55:12 -04:00
Joakim Erdfelt 0e9bd3ae5a Merge branch `jetty-9.4.x` into `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

# Conflicts:
#	VERSION.txt
#	aggregates/jetty-all-compact3/pom.xml
#	aggregates/jetty-all/pom.xml
#	apache-jsp/pom.xml
#	apache-jstl/pom.xml
#	build-resources/pom.xml
#	examples/async-rest/async-rest-jar/pom.xml
#	examples/async-rest/async-rest-webapp/pom.xml
#	examples/async-rest/pom.xml
#	examples/embedded/pom.xml
#	examples/pom.xml
#	jetty-alpn/jetty-alpn-client/pom.xml
#	jetty-alpn/jetty-alpn-conscrypt-client/pom.xml
#	jetty-alpn/jetty-alpn-conscrypt-server/pom.xml
#	jetty-alpn/jetty-alpn-java-client/pom.xml
#	jetty-alpn/jetty-alpn-java-server/pom.xml
#	jetty-alpn/jetty-alpn-openjdk8-client/pom.xml
#	jetty-alpn/jetty-alpn-openjdk8-server/pom.xml
#	jetty-alpn/jetty-alpn-server/pom.xml
#	jetty-alpn/pom.xml
#	jetty-annotations/pom.xml
#	jetty-ant/pom.xml
#	jetty-bom/pom.xml
#	jetty-cdi/pom.xml
#	jetty-client/pom.xml
#	jetty-continuation/pom.xml
#	jetty-deploy/pom.xml
#	jetty-distribution/pom.xml
#	jetty-documentation/pom.xml
#	jetty-fcgi/fcgi-client/pom.xml
#	jetty-fcgi/fcgi-server/pom.xml
#	jetty-fcgi/pom.xml
#	jetty-gcloud/jetty-gcloud-session-manager/pom.xml
#	jetty-gcloud/pom.xml
#	jetty-hazelcast/pom.xml
#	jetty-home/pom.xml
#	jetty-http-spi/pom.xml
#	jetty-http/pom.xml
#	jetty-http2/http2-alpn-tests/pom.xml
#	jetty-http2/http2-client/pom.xml
#	jetty-http2/http2-common/pom.xml
#	jetty-http2/http2-hpack/pom.xml
#	jetty-http2/http2-http-client-transport/pom.xml
#	jetty-http2/http2-server/pom.xml
#	jetty-http2/pom.xml
#	jetty-infinispan/infinispan-common/pom.xml
#	jetty-infinispan/infinispan-embedded-query/pom.xml
#	jetty-infinispan/infinispan-embedded/pom.xml
#	jetty-infinispan/infinispan-remote-query/pom.xml
#	jetty-infinispan/infinispan-remote/pom.xml
#	jetty-infinispan/pom.xml
#	jetty-io/pom.xml
#	jetty-jaas/pom.xml
#	jetty-jaspi/pom.xml
#	jetty-jmx/pom.xml
#	jetty-jndi/pom.xml
#	jetty-jspc-maven-plugin/pom.xml
#	jetty-maven-plugin/pom.xml
#	jetty-memcached/jetty-memcached-sessions/pom.xml
#	jetty-memcached/pom.xml
#	jetty-nosql/pom.xml
#	jetty-osgi/jetty-osgi-alpn/pom.xml
#	jetty-osgi/jetty-osgi-boot-jsp/pom.xml
#	jetty-osgi/jetty-osgi-boot-warurl/pom.xml
#	jetty-osgi/jetty-osgi-boot/pom.xml
#	jetty-osgi/jetty-osgi-httpservice/pom.xml
#	jetty-osgi/pom.xml
#	jetty-osgi/test-jetty-osgi-context/pom.xml
#	jetty-osgi/test-jetty-osgi-fragment/pom.xml
#	jetty-osgi/test-jetty-osgi-server/pom.xml
#	jetty-osgi/test-jetty-osgi-webapp/pom.xml
#	jetty-osgi/test-jetty-osgi/pom.xml
#	jetty-plus/pom.xml
#	jetty-proxy/pom.xml
#	jetty-quickstart/pom.xml
#	jetty-rewrite/pom.xml
#	jetty-runner/pom.xml
#	jetty-security/pom.xml
#	jetty-server/pom.xml
#	jetty-servlet/pom.xml
#	jetty-servlets/pom.xml
#	jetty-spring/pom.xml
#	jetty-start/pom.xml
#	jetty-unixsocket/pom.xml
#	jetty-util-ajax/pom.xml
#	jetty-util/pom.xml
#	jetty-webapp/pom.xml
#	jetty-websocket/javax-websocket-common/pom.xml
#	jetty-websocket/javax-websocket-server/pom.xml
#	jetty-websocket/jetty-websocket-api/pom.xml
#	jetty-websocket/jetty-websocket-common/pom.xml
#	jetty-websocket/jetty-websocket-server/pom.xml
#	jetty-websocket/jetty-websocket-tests/pom.xml
#	jetty-websocket/pom.xml
#	jetty-websocket/websocket-core/pom.xml
#	jetty-websocket/websocket-servlet/pom.xml
#	jetty-xml/pom.xml
#	pom.xml
#	tests/jetty-jmh/pom.xml
#	tests/pom.xml
#	tests/test-continuation/pom.xml
#	tests/test-distribution/pom.xml
#	tests/test-http-client-transport/pom.xml
#	tests/test-integration/pom.xml
#	tests/test-jmx/jmx-webapp-it/pom.xml
#	tests/test-jmx/jmx-webapp/pom.xml
#	tests/test-jmx/pom.xml
#	tests/test-loginservice/pom.xml
#	tests/test-quickstart/pom.xml
#	tests/test-sessions/pom.xml
#	tests/test-sessions/test-file-sessions/pom.xml
#	tests/test-sessions/test-gcloud-sessions/pom.xml
#	tests/test-sessions/test-hazelcast-sessions/pom.xml
#	tests/test-sessions/test-infinispan-sessions/pom.xml
#	tests/test-sessions/test-jdbc-sessions/pom.xml
#	tests/test-sessions/test-memcached-sessions/pom.xml
#	tests/test-sessions/test-mongodb-sessions/pom.xml
#	tests/test-sessions/test-sessions-common/pom.xml
#	tests/test-webapps/pom.xml
#	tests/test-webapps/test-cdi-common-webapp/pom.xml
#	tests/test-webapps/test-felix-webapp/pom.xml
#	tests/test-webapps/test-http2-webapp/pom.xml
#	tests/test-webapps/test-jaas-webapp/pom.xml
#	tests/test-webapps/test-jetty-webapp/pom.xml
#	tests/test-webapps/test-jndi-webapp/pom.xml
#	tests/test-webapps/test-mock-resources/pom.xml
#	tests/test-webapps/test-owb-cdi-webapp/pom.xml
#	tests/test-webapps/test-proxy-webapp/pom.xml
#	tests/test-webapps/test-servlet-spec/pom.xml
#	tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml
#	tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml
#	tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml
#	tests/test-webapps/test-simple-webapp/pom.xml
#	tests/test-webapps/test-webapp-rfc2616/pom.xml
#	tests/test-webapps/test-weld-cdi-webapp/pom.xml
 2019-08-15 08:09:36 -05:00
Joakim Erdfelt 50b524bb6b Merge branch `release-9.4.20` into `jetty-9.4.x` 2019-08-15 07:27:25 -05:00
Jan Bartel c9c59e71b6 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x 2019-08-15 13:47:58 +10:00
Jan Bartel af6c675023
Issue #3913 Fix races in session request reference counting (#3947) 
* Issue #3913 Fix races in session request reference counting

Signed-off-by: Jan Bartel <janb@webtide.com>
 2019-08-15 12:27:18 +10:00
Lachlan Roberts 7d7d932288 Issue #3968 - remove public from methods in ReadState 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-15 09:16:05 +10:00
Greg Wilkins 9ba9df1495 fixed merge for CDITests 
Signed-off-by: Greg Wilkins <gregw@webtide.com>
 2019-08-15 08:13:02 +10:00
Lachlan Roberts 11d1ad6504 disable flaky test WebSocketConnectionStatsTest 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-15 08:04:57 +10:00
olivier lamy 7e961b2c99 javadoc:aggregate-jar cannot run on jetty-10 because of bug in javadoc plugin or javadoc in jdk still need to figure out.. 
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-15 07:12:30 +10:00
Joakim Erdfelt a11f6a0304 Merging build-resources from `jetty-9.4.x` to `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-14 09:40:46 -05:00
Joakim Erdfelt 3544283865 Merge branch `jetty-9.4.x` into `jetty-10.0.x` 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

# Conflicts:
#	Jenkinsfile
#	jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
#	jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/AbstractWebSocketConnection.java
#	jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/io/ReadState.java
#	jetty-websocket/websocket-common/src/test/java/org/eclipse/jetty/websocket/common/io/ReadStateTest.java
#	tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/CDITests.java
 2019-08-14 09:39:06 -05:00
Chris Walker 47759b3f9b
Updated security documentation with latest CVEs. Resolves #3980 2019-08-14 10:23:22 -04:00
Simone Bordet 985d98296b Merged branch 'jetty-10.0.x' into 'jetty-10.0.x-3952-server_direct_heap_bytebuffers'. 2019-08-14 15:45:49 +02:00
Lachlan 2a109dccbc
Issue #3968 - prevent ReadPending and ISE from AbstractWebSocketConnection (#3979) 
* Issue #3968 - websocket suspend fix and cleanups

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

* Issue #3968 - fixed race conditions when using websocket ReadState

combine the previous ReadMode into ReadState by using ReadState.Action
which is returned from ReadState.getAction(ByteBuffer) where an atomic
decision is made of what action to do

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2019-08-14 21:28:35 +10:00
olivier lamy bf5f4c860c do not try to deploy this one 
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-14 20:43:28 +10:00
Olivier Lamy 8761b345b5
Jetty 9.4.x timeout to build only do not include time to get node (#3975) 
* fix timeout to apply on build time not on getting node time

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix typo

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
 2019-08-14 20:30:54 +10:00
Joakim Erdfelt f1efc99918 Updating to version 9.4.21-SNAPSHOT 2019-08-13 17:34:20 -05:00
Joakim Erdfelt 84700530e6 Updating to version 9.4.20.v20190813 2019-08-13 16:13:21 -05:00
Joakim Erdfelt cbe34d9bc2 Revert "Jetty 9.4.x release faster (no need of triggering plugins already triggered) (#3944)" 
+ Breaks the release build.
  javadoc and source artifacts lack gpg signatures

This reverts commit 50aa1cf786.
 2019-08-13 16:05:35 -05:00
Joakim Erdfelt 982717cc77
Merge pull request #3972 from eclipse/jetty-9.4.x-3969-forwarded-headers-testing 
Fixes #3969 - Fixing X-Forwarded-Port header setter
 2019-08-13 16:01:32 -05:00
Joakim Erdfelt fec01a4628 Fixes #3969 - Changing TYPE to class from PR review 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2019-08-13 16:00:18 -05:00