Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,555 Commits 59 Branches 460 Tags 355 MiB
Commit Graph

28555 Commits

Author SHA1 Message Date
Ludovic Orban bbb994f96d #10226 improve ArrayByteBufferPool.Tracking 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 2fcccef0c4 #10226 fix GZIPContentDecoder buffer leak of zero-capacity buffers 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 7083fa3927 #10226 restore leak tracking in tests 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Lachlan 76cc130d17
Merge pull request #10420 from eclipse/jetty-12.0.x-10402-ServletChannelRecycle 
Issue #10402 - do not recycle ServletChannel if aborted
 2023-08-29 15:00:34 +10:00
Lachlan Roberts 0a2cfab4a8 Issue #10402 - rename ServletChannelState open() to openOutput() 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-29 14:59:59 +10:00
Greg Wilkins e3ee84a5ad
Fix #10416 Do not copy ee9 response headers (#10417) 
Use the core response HttpFields directly as the ee9 response headers to avoid copy and retain persistent field behaviour.
Fix #10416 EE9 Response headers
Added EE9 test to show that Persistent fields can be modified
Updated fix for #10339 so that persistent fields revert to original values after a clear operation
 2023-08-29 08:31:02 +10:00
Simone Bordet 5a8c5bc8c7
Fixes #10353 - Questions about porting WebSocket APIs to jetty-core 12 (#10354) 
* Added direct WebSocket upgrade in the Jetty core WebSocket APIs.
* Updated the WebSocket documentation.
* Optimized WebSocketMappings.getMatchedNegotiator() to avoid allocating a lambda for every invocation.
* Cleaned up core.server.WebSocketUpgradeHandler.
* Expanded websocket docs to mention how the demand mechanism works.
* Fixed code examples with correct demand handling.
* Javadocs for api.Callback.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-28 17:46:12 +02:00
Lachlan Roberts 1c1cc0296b remove debugging printlns 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:50:14 +10:00
Lachlan Roberts 27d0c7a181 Issue #10402 - do not recycle ServletChannel if aborted 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:48:29 +10:00
Joakim Erdfelt 5946503ee0
Merge pull request #10407 from eclipse/fix/12.0.x/transitive-dep-warnings 
Address transitive dependencies with open CVEs
 2023-08-27 05:27:31 -05:00
Simone Bordet 86c245d069
Fixes #10158 - Deploy Jetty context XML file needs environment 
Updated the documentation; a better fix is coming with #10411.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 17:01:21 +02:00
Simone Bordet 2bf25969a0 Improved Handler javadocs. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 12:32:47 +02:00
Greg Wilkins 8ed56b3466
Implement containsLast in HttpFields (#10340) 
Fully implement list iterator so that we can efficiently check for the last item in a multi header list.

---------

Signed-off-by: gregw <gregw@webtide.com>
 2023-08-26 10:05:29 +10:00
Joakim Erdfelt 053d44e52c
Bump jetty-setuid to 2.0.1 (#10406) 
* Bump jetty-setuid to 2.0.1
 2023-08-25 13:47:50 -05:00
Joakim Erdfelt 6683cc3654
Provides transitive vulnerable dependency maven:xalan:xalan:2.7.2 
CVE-2022-34169 7.5 INCORRECT CONVERSION BETWEEN NUMERIC TYPES IN XALAN:XALAN
 2023-08-25 11:36:52 -05:00
Joakim Erdfelt b8ce9db729
Old version of apache-avro uses old jackson. 
Provides transitive vulnerable dependency maven:org.codehaus.jackson:jackson-core-asl:1.9.13
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
 2023-08-25 11:22:28 -05:00
Joakim Erdfelt 6e96f2c4d7
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.4.1 
CVE-2018-11771 5.5 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability pending CVSS allocation
CVE-2021-35515 7.5 Excessive Iteration vulnerability pending CVSS allocation
CVE-2021-35516 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-35517 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-36090 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
 2023-08-25 11:11:38 -05:00
Joakim Erdfelt ae71b40acf
Provides transitive vulnerable dependency maven:org.wildfly.security:wildfly-elytron-credential:1.12.1.Final 
CVE-2022-3143 7.4 Observable Discrepancy vulnerability pending CVSS allocation
 2023-08-25 11:10:03 -05:00
Joakim Erdfelt ca95d3f222
Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.58.Final 
CVE-2021-37136 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2021-37137 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-41915 6.5 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability pending CVSS allocation
 2023-08-25 11:03:28 -05:00
Joakim Erdfelt 87839d3350
Bump transitive vulnerable dependency maven:com.google.protobuf:protobuf-java:3.21.6 
CVE-2022-3171 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
CVE-2022-3509 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-3510 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
 2023-08-25 10:56:08 -05:00
Simone Bordet eeee3ca8ac
Added well-known HTTP/3 servers. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 15:33:46 +02:00
Simone Bordet 0eb4f1b7e3 Updated the documentation about HttpChannel events (they don't exist anymore replaced by `EventsHandler`). 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 12:44:48 +02:00
Lachlan be11dfdbab
Merge PR #10400 to 12.0.x for InetAccessHandler (#10403) 
Issue #10388 - fix InetAccessHandler module

Add DistributionTest for InetAccessHandler
Removed deprecated method from InetAccessHandler.
Fixed InetAccessHandler DistributionTests for 12.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 11:32:46 +02:00
Lachlan acb4ed7174
Merge pull request #10342 from eclipse/jetty-12.0.x-FixSizeLimitHandler 
Issue #10337 - fixes for SizeLimitHandler
 2023-08-25 18:15:29 +10:00
Lachlan ff02d3b086
Merge pull request #10394 from eclipse/jetty-12.0.x-10383-AsyncListenerTest 
Issue #10383 - suppress stack traces from AsyncListenerTest
 2023-08-25 18:14:41 +10:00
Lachlan Roberts 67404f96ce use HttpStatus for 413 and 500 codes in SizeLimitHandler 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 16:24:31 +10:00
Lachlan Roberts be83eb94ad Merge remote-tracking branch 'origin/jetty-12.0.x' into jetty-12.0.x-FixSizeLimitHandler 2023-08-25 16:21:45 +10:00
Lachlan 5c7a222697
Merge pull request #10313 from eclipse/jetty-12.0.x-10295-formAuthDispatch 
Issue #10295 - implement EE10 FormAuthenticator with dispatch option
 2023-08-25 16:14:40 +10:00
Lachlan Roberts a4055a21b0 revert change to stopTimeout in AsyncListenerTest 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 16:09:47 +10:00
Lachlan 9e0cd71b31
Merge pull request #10391 from eclipse/jetty-12.0.x-10385-GzipDefaultServletTest 
Issue #10385 - fix NPE in GzipDefaultServletTest
 2023-08-25 15:46:24 +10:00
Lachlan Roberts b9e915b70e Issue #10383 - Modify ServletChannelState to not warn on QuietExceptions 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 15:40:41 +10:00
gregw 93d31193fa Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x 
# Conflicts:
#	jetty-core/jetty-util/src/test/java/org/eclipse/jetty/util/CharsetStringBuilderTest.java
 2023-08-25 14:55:30 +10:00
gregw c3cf2565cb Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x 2023-08-25 14:52:12 +10:00
Greg Wilkins 3aaf39dff5
Fix #10397 CharsetStringBuilder end vs length (#10399) 
Fix #10397 CharsetStringBuilder needs to convert length parameter to an end index.

Signed-off-by: gregw <gregw@webtide.com>
 2023-08-25 14:50:53 +10:00
Joakim Erdfelt fbe4dd8e2a
Make JettyHomeTester more resilient to blank mavenLocalRepository input (#10364) 2023-08-25 06:17:38 +02:00
Greg Wilkins 4086c7ee47
Persistent HttpFields (#10339) 
Use a marked field rather than freeze/thaw, to support fields that cannot be removed.
 2023-08-25 13:02:32 +10:00
Olivier Lamy ff2e36e239
Jetty 12.0.x fix cache issue with maven invoker (#10393) 
---------

Signed-off-by: Olivier Lamy <olamy@apache.org>
 2023-08-25 01:34:41 +02:00
Simone Bordet 4b28b9156d
Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 19:57:43 +02:00
Simone Bordet cf97e58121
Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 19:53:43 +02:00
Simone Bordet 0411e1f19f
Removed unnecessary stale dependency on the javadoc artifact. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 19:49:27 +02:00
Simone Bordet 946b047cde
Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 19:45:09 +02:00
Simone Bordet 5cc4a9da09
Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 19:41:57 +02:00
Olivier Lamy 2ea646bacd
Issue #10312 Remove cyclic dependencies between jetty-home and jetty-documentation. Add new module jetty-documentation (#10348) 
* cleanup jetty home build extracting jetty-documentation
* Issue #10312 Remove cyclic dependencies between jetty-home and jetty-documentation

Signed-off-by: Olivier Lamy <olamy@apache.org>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
 2023-08-24 19:41:17 +02:00
Simone Bordet 4c32dfc4d8
Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:56:21 +02:00
Simone Bordet b6a298f089
Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:47:30 +02:00
Lachlan c55363d43f
cleanups of DateCache (#10176) 
* improve the formatting for precise ms in DateCache
* return original format string with DateCache.getFormatString
* calculate index in tick constructor because format strings can be different size
* use two ticks so that switching between seconds is less likely going to have cache miss
* use boolean instead of index to denote if sub second is needed
* remove formatWithoutCache and replace with doFormat as it doesn't work with sub second time
* allow the option of not having sub second precision
* use two separate formatters for the prefix/suffix around the SSS format code
* use a simple class to store both ticks in DateCache
* rename DateCache.Tick.getString(long) to format()

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-24 18:43:46 +02:00
Simone Bordet 8d997cef74
Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:37:42 +02:00
Simone Bordet 90aa433f32
Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:37:00 +02:00
Simone Bordet 3a85b66ee4
Updated JaCoCo to 0.8.10 to support Java 21. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:36:29 +02:00
Simone Bordet 4646ef50f9 Fixes #10327 - Jetty (embedded) rejected warning logs 
Added documentation about the fact that the QTP queue should be unbounded.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-24 18:29:54 +02:00