5fc83c3d0c
Issue #3978 HTTP2 Vulnerabilities
...
Reduce the number of RateControl fields, instead using common field in
HeaderParser.
Avoid null checking rateControl by having a NO_RATE_CONTROL static
HPack does not emit field with empty header name.
Apply rate control to any header parsing issue resulting in
session/stream failure
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-19 10:16:40 +10:00
47fb8f4dea
Issue #3978 HTTP2 Vulnerabilities
...
Fixed race in WindowRateControl by only removing the event that we
just inspected.
Added an AtomicInteger to track the size to avoid iterating over the
linked list.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-19 10:11:28 +10:00
764fcd63a1
Merge branch 'jetty-9.4.x' into jetty-9.4.x-3978-http2_vulnerabilities
2019-08-19 08:46:28 +10:00
9fce1e8512
Merge pull request #3993 from barabadzhi/patch-1
...
Add WebAssembly MIME type support
2019-08-19 08:09:48 +10:00
cfe1baa048
Issue #3978 - HTTP/2 vulnerabilities.
...
Implemented rate control for HTTP/2 frames using a single RateControl
object to avoid that each individual vulnerability is within limits,
but combined they still overload the server.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-17 22:51:39 +02:00
f14abdd600
Add WebAssembly MIME type support
...
Signed-off-by: Bogdan Arabadzhi <bogdan.today@gmail.com>
2019-08-17 12:02:03 +02:00
d6bd6e6e32
Updated security reports for HTTP/2 fix in #2722
2019-08-15 10:55:12 -04:00
50b524bb6b
Merge branch `release-9.4.20` into `jetty-9.4.x`
2019-08-15 07:27:25 -05:00
af6c675023
Issue #3913 Fix races in session request reference counting ( #3947 )
...
* Issue #3913 Fix races in session request reference counting
Signed-off-by: Jan Bartel <janb@webtide.com>
2019-08-15 12:27:18 +10:00
7d7d932288
Issue #3968 - remove public from methods in ReadState
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 09:16:05 +10:00
11d1ad6504
disable flaky test WebSocketConnectionStatsTest
...
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-15 08:04:57 +10:00
47759b3f9b
Updated security documentation with latest CVEs. Resolves #3980
2019-08-14 10:23:22 -04:00
2a109dccbc
Issue #3968 - prevent ReadPending and ISE from AbstractWebSocketConnection ( #3979 )
...
* Issue #3968 - websocket suspend fix and cleanups
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3968 - fixed race conditions when using websocket ReadState
combine the previous ReadMode into ReadState by using ReadState.Action
which is returned from ReadState.getAction(ByteBuffer) where an atomic
decision is made of what action to do
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-14 21:28:35 +10:00
8761b345b5
Jetty 9.4.x timeout to build only do not include time to get node ( #3975 )
...
* fix timeout to apply on build time not on getting node time
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* fix typo
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-14 20:30:54 +10:00
f1efc99918
Updating to version 9.4.21-SNAPSHOT
2019-08-13 17:34:20 -05:00
84700530e6
Updating to version 9.4.20.v20190813
2019-08-13 16:13:21 -05:00
cbe34d9bc2
Revert "Jetty 9.4.x release faster (no need of triggering plugins already triggered) ( #3944 )"
...
+ Breaks the release build.
javadoc and source artifacts lack gpg signatures
This reverts commit 50aa1cf786
2019-08-13 16:05:35 -05:00
982717cc77
Merge pull request #3972 from eclipse/jetty-9.4.x-3969-forwarded-headers-testing
...
Fixes #3969 - Fixing X-Forwarded-Port header setter
2019-08-13 16:01:32 -05:00
fec01a4628
Fixes #3969 - Changing TYPE to class from PR review
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 16:00:18 -05:00
3940baea9c
Fixes #3969 - Adding comments from PR review
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 15:56:11 -05:00
72c05bc8ba
Fixes #3969 - Fixing X-Forwarded-Port header setter
...
+ Fixing ForwardedRequestCustomizer.getForwardedPortHeader()
+ Fixing ForwardedRequestCustomizer.setForwardedPortHeader(String)
+ Refactoring unit tests:
+ Tests default ForwardedRequestCustomizer behavior
on one Connector
+ Tests header configured ForwardedRequestCustomizer behavior
on different Connector
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 12:39:30 -05:00
d10fea9b7e
Merge pull request #3970 from eclipse/jetty-9.4.x-3969-xforwarded-host
...
Issue #3969 - adding testcase to verify Host & X-Forwarded behavior
2019-08-13 09:16:08 -05:00
e4b4a30c4c
Merge pull request #3961 from eclipse/jetty-9.4.x-3804-Decoration-Fixes
...
Fixed decoration changes for #3804
2019-08-13 09:15:31 -05:00
4b17d28cb0
Issue #3969 - adding testcase to verify behavior
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-13 07:30:14 -05:00
cfd01d6bbc
remove non needed file
...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 16:36:24 +10:00
d3bc0b931a
Issue #3957 - fix bad usage of MethodHandles.lookup() ( #3962 )
...
* Issue #3957 - fix bad usage of MethodHandles.lookup()
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Issue #3957 CustomRequestLog remove unnecessary local string variables
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-13 14:47:39 +10:00
8c4dd7ab05
Fixed decoration changes for #3804
...
Fixed bad names in OWB webapp.
Don't have the owb jetty-web.xml on by default.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-13 11:14:44 +10:00
02c247be5f
include test sources in checkstyle report ( #3948 )
...
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-13 10:20:55 +10:00
46e1896322
Fixes #3960 - Fix HttpConfiguration copy constructor.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:42:54 +02:00
76612ea7ca
Updated dependency to h2spec to 0.6.
...
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-12 17:38:34 +02:00
699f832632
Fixed test for symlinked directory
...
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-12 17:21:49 +10:00
e7a1978556
Merge pull request #3946 from eclipse/jetty-9.4.x-3804-Decoration-rename
...
Issue #3804 CDI integration rename
2019-08-09 08:43:07 -05:00
27c0ae605f
Issue #3804 - CDI integration rename.
...
Fixed javadocs.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-09 11:25:00 +02:00
50aa1cf786
Jetty 9.4.x release faster (no need of triggering plugins already triggered) ( #3944 )
...
* source:jar javadoc:jar are already triggered by eclipse-release profile so no need to call directly as it add more jars to deploy :)
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* no need of sources jar in release profile as it is already part of normal build, and use jar-no-fork in normal to avoid forking another lifecycle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* no need of triggering gpg plugin again as it is part of the release-jetty.sh script
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-09 11:24:31 +10:00
093b39be09
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 09:23:17 +10:00
bf1ece938f
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-09 08:20:27 +10:00
bcb4c59ab2
Issue #3804 - cleanup of CDITest arguments
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-08 10:21:12 -05:00
503a52273e
Jetty 9.4.x fix some part of the code assuming cast to HttpServletRequest is possible ( #3945 )
...
* code assume request is HttpServletRequest whereas it can be ServletRequestWrapper, this fix some failing tck tests
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* return directly if the instance is already HttpServlet*Wrapper
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* changes after review
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* checkstyle and cleanup import
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
2019-08-08 20:46:19 +10:00
eb4be618ee
Issue #3804
...
more review changes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 19:03:59 +10:00
3f34301660
do not echo part content in MultiPartTest ( #3942 )
...
* sanitize xml from multipart upload in MultiPartTest
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* no longer echoing back part content
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2019-08-08 17:55:31 +10:00
516fdd45cb
Issue #3804
...
improved javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 16:11:02 +10:00
9d497084d4
Issue #3804
...
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 15:21:06 +10:00
70fcd3d145
Issue #3804 CDI integration
...
Rename attributes and classes to have a more regular pattern.
The DecoratingListener is now extened by the
CdiDecoratingListener which is used by the cdi-decorate module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 12:24:41 +10:00
dc939d753a
Issue #3804 - Update Decorator integration for various CDI implementations ( #3838 )
...
* Jetty Issue #3804 WELD-2587
Support CDI integration:
+ cdi2 module exposes jetty APIs
+ cdi module uses DecorationListener
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Jetty Issue #3804 WELD-2587
Remove DecoratingListener tests from test-jetty-webapp
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improve CDI test
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Jetty Issue #3804 WELD-2587
Reverted test to use released CDI and cdi2 module for now.
To test new mechanism, you need to build the weld snapshot locally,
rebuild and switch to cdi module
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* remove cdi2 webapp references
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* document attribute
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improved documentation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* logging
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* improved javadoc
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Fixed version
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Reverted to also provide the DecoratingListener in the decorate module.
Renamed cdi-demo to weld-cdi-demo
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* revert from Weld SNAPSHOT
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* test all 3 weld integrations
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* updated destory implementation to release creationalcontext
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* reverted to released Weld version
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #3804 CDI integration
dispose and release context in destroy
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Improved CDI module documentation
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* WIP on OWB
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Updates from review
Parameterised CDITests
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* share webapp resources for cdi webapp test
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Initialize OWB with a SCI so that listeners can be decorated
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Added OwbDecorator so that cdi2 module can be tested with OWB
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Lookup attribute name
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanups
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Don't do lazy bindings
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Treat partial CDI same as no CDI
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* fix maven it test no more need of weld-servlet
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* cleanup it parent pom removing non needed weld servlet
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgraded to Weld 3.1.2.Final
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Cleanup from Review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-08-08 04:04:07 +02:00
259ef7cf7a
Merge pull request #3943 from eclipse/jetty-9.4.x-checkstyle-remove-abbrev-name
...
Removing `AbbreviationAsWordInName` module
2019-08-07 18:11:40 -05:00
3b5543b575
Removing `AbbreviationAsWordInName` module
...
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2019-08-07 18:08:07 -05:00
2e2cde69e9
Merge pull request #3899 from eclipse/jetty-9.4.x-3856-maxForm_contentLength_behavior
...
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
2019-08-07 19:46:49 +03:00
632c916608
Fixes #3856 - Different behaviour with maxFormContentSize=0 if Content-Length header is present/missing.
...
Removed duplicated, unused, code.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2019-08-07 17:35:10 +02:00
cb87d7049e
Merge pull request #3923 from eclipse/jetty-9.4.x-3906-seekablebytechannel-fallback
...
Issue #3906 - Handling SeekableByteChannel.position(long) Exception
2019-08-07 07:43:16 -05:00
e64e3309d3
Merge pull request #3908 from eclipse/jetty-9.4.x-3601-http2_stall_on_reset_stream
...
Fixes #3601 - HTTP2 stall on reset streams.
2019-08-07 14:49:55 +03:00
Greg Wilkins
Simone Bordet
Bogdan Arabadzhi
Chris Walker
Joakim Erdfelt
Jan Bartel
Lachlan Roberts
Olivier Lamy