Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,578 Commits 65 Branches 460 Tags 355 MiB
Commit Graph

28578 Commits

Author SHA1 Message Date
Joakim Erdfelt ef51c4277e
Adding <extraArtifacts> for jetty-ee9-maven-plugin integration tests 
+ jetty-slf4j-impl needed by IT specific maven repo
 2023-08-31 15:08:18 -05:00
Joakim Erdfelt 1d226403da
Updating to version 12.0.2-SNAPSHOT 2023-08-29 16:55:36 -05:00
Joakim Erdfelt 4768745849
Updating to version 12.0.1 2023-08-29 16:38:20 -05:00
Joakim Erdfelt 33e91427e2
Fixing release-jetty.sh 2023-08-29 16:31:54 -05:00
Simone Bordet c638753b8d Fixes #10293 - Improve documentation on how to write a response body in Jetty 12. 
Updated documentation about:
* Content.Source
* Content.Sink
* Handler
* Request/Response

Updated few APIs to make easier to write applications.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-29 22:07:42 +02:00
Greg Wilkins d3cd69be68
Fix #10411 default environment (#10415) 
Implemented a simpler default environment algorithm where an application that does not specify an environment is always attempted in the default.

Updated documentation.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-29 18:34:21 +02:00
Ludovic Orban 67ecd9f4a3 #9900 handle review comments 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 17:11:07 +02:00
Ludovic Orban 4757333ed5 #9900 accurate implementation of Request.getBeginNanoTime() for FCGI 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 17:11:07 +02:00
Olivier Lamy 7b13687514
need to be in a PR to use pullRequest field (#10430) 
Signed-off-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 13:48:40 +02:00
Greg Wilkins d6a0226866
Fix #9169 refine idle timeout and failure (#10418) 
Only fail request callback if a failure has not been otherwise notified.
Slight optimisation for failing idle timeouts by avoiding double lock.
Always create a failure if failing the callback.
 2023-08-29 20:44:40 +10:00
Jan Bartel 5808a62660
Issue #10356 Update Weld integration (#10359) 
* Issue #10356 Update Weld integration

Signed-off-by: Olivier Lamy <olamy@apache.org>
Co-authored-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 11:00:50 +02:00
Ludovic Orban 155137605a #10226 disable client leak tracking for H1 transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 8ae62e3a95 #10226 disable client leak tracking for all transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban f3a21cec6f #10226 fix heap dump 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 159238471b #10226 handle review comments 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban a4e33a019f #10226 disable leak tracking only for client/server or impacted transports 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 18797fad57 #10226 add ability to disable leak tracking and disable currently known leaky threads 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Olivier Lamy 45b6523d13 if build-all-tests label use -Dmaven.test.failure.ignore=true 
Signed-off-by: Olivier Lamy <olamy@apache.org>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 44aa6036b3 #10226 assert using awaitility and fix heap dump cleanup when a leak is detected 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 01f8812dbb #10226 improve testDownloadWithCloseMiddleOfContent debuggability by helping to discriminate the buffers by their content 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban eece4b0fde #10226 dump the heap when a buffer leak is detected 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 83ee6387b8 #10226 improve Tracking.Buffer dump 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 174c59e9a1 #10226 assert using awaitility 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban bbb994f96d #10226 improve ArrayByteBufferPool.Tracking 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 2fcccef0c4 #10226 fix GZIPContentDecoder buffer leak of zero-capacity buffers 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Ludovic Orban 7083fa3927 #10226 restore leak tracking in tests 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
 2023-08-29 09:58:39 +02:00
Lachlan 76cc130d17
Merge pull request #10420 from eclipse/jetty-12.0.x-10402-ServletChannelRecycle 
Issue #10402 - do not recycle ServletChannel if aborted
 2023-08-29 15:00:34 +10:00
Lachlan Roberts 0a2cfab4a8 Issue #10402 - rename ServletChannelState open() to openOutput() 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-29 14:59:59 +10:00
Greg Wilkins e3ee84a5ad
Fix #10416 Do not copy ee9 response headers (#10417) 
Use the core response HttpFields directly as the ee9 response headers to avoid copy and retain persistent field behaviour.
Fix #10416 EE9 Response headers
Added EE9 test to show that Persistent fields can be modified
Updated fix for #10339 so that persistent fields revert to original values after a clear operation
 2023-08-29 08:31:02 +10:00
Simone Bordet 5a8c5bc8c7
Fixes #10353 - Questions about porting WebSocket APIs to jetty-core 12 (#10354) 
* Added direct WebSocket upgrade in the Jetty core WebSocket APIs.
* Updated the WebSocket documentation.
* Optimized WebSocketMappings.getMatchedNegotiator() to avoid allocating a lambda for every invocation.
* Cleaned up core.server.WebSocketUpgradeHandler.
* Expanded websocket docs to mention how the demand mechanism works.
* Fixed code examples with correct demand handling.
* Javadocs for api.Callback.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-28 17:46:12 +02:00
Lachlan Roberts 1c1cc0296b remove debugging printlns 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:50:14 +10:00
Lachlan Roberts 27d0c7a181 Issue #10402 - do not recycle ServletChannel if aborted 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-28 15:48:29 +10:00
Joakim Erdfelt 5946503ee0
Merge pull request #10407 from eclipse/fix/12.0.x/transitive-dep-warnings 
Address transitive dependencies with open CVEs
 2023-08-27 05:27:31 -05:00
Simone Bordet 86c245d069
Fixes #10158 - Deploy Jetty context XML file needs environment 
Updated the documentation; a better fix is coming with #10411.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 17:01:21 +02:00
Simone Bordet 2bf25969a0 Improved Handler javadocs. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-26 12:32:47 +02:00
Greg Wilkins 8ed56b3466
Implement containsLast in HttpFields (#10340) 
Fully implement list iterator so that we can efficiently check for the last item in a multi header list.

---------

Signed-off-by: gregw <gregw@webtide.com>
 2023-08-26 10:05:29 +10:00
Joakim Erdfelt 053d44e52c
Bump jetty-setuid to 2.0.1 (#10406) 
* Bump jetty-setuid to 2.0.1
 2023-08-25 13:47:50 -05:00
Joakim Erdfelt 6683cc3654
Provides transitive vulnerable dependency maven:xalan:xalan:2.7.2 
CVE-2022-34169 7.5 INCORRECT CONVERSION BETWEEN NUMERIC TYPES IN XALAN:XALAN
 2023-08-25 11:36:52 -05:00
Joakim Erdfelt b8ce9db729
Old version of apache-avro uses old jackson. 
Provides transitive vulnerable dependency maven:org.codehaus.jackson:jackson-core-asl:1.9.13
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2019-10202 9.8 Deserialization of Untrusted Data vulnerability pending CVSS allocation
 2023-08-25 11:22:28 -05:00
Joakim Erdfelt 6e96f2c4d7
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.4.1 
CVE-2018-11771 5.5 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability pending CVSS allocation
CVE-2021-35515 7.5 Excessive Iteration vulnerability pending CVSS allocation
CVE-2021-35516 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-35517 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
CVE-2021-36090 7.5 Improper Handling of Length Parameter Inconsistency vulnerability pending CVSS allocation
 2023-08-25 11:11:38 -05:00
Joakim Erdfelt ae71b40acf
Provides transitive vulnerable dependency maven:org.wildfly.security:wildfly-elytron-credential:1.12.1.Final 
CVE-2022-3143 7.4 Observable Discrepancy vulnerability pending CVSS allocation
 2023-08-25 11:10:03 -05:00
Joakim Erdfelt ca95d3f222
Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.58.Final 
CVE-2021-37136 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2021-37137 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-41915 6.5 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability pending CVSS allocation
 2023-08-25 11:03:28 -05:00
Joakim Erdfelt 87839d3350
Bump transitive vulnerable dependency maven:com.google.protobuf:protobuf-java:3.21.6 
CVE-2022-3171 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
CVE-2022-3509 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
CVE-2022-3510 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
 2023-08-25 10:56:08 -05:00
Simone Bordet eeee3ca8ac
Added well-known HTTP/3 servers. 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 15:33:46 +02:00
Simone Bordet 0eb4f1b7e3 Updated the documentation about HttpChannel events (they don't exist anymore replaced by `EventsHandler`). 
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 12:44:48 +02:00
Lachlan be11dfdbab
Merge PR #10400 to 12.0.x for InetAccessHandler (#10403) 
Issue #10388 - fix InetAccessHandler module

Add DistributionTest for InetAccessHandler
Removed deprecated method from InetAccessHandler.
Fixed InetAccessHandler DistributionTests for 12.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
 2023-08-25 11:32:46 +02:00
Lachlan acb4ed7174
Merge pull request #10342 from eclipse/jetty-12.0.x-FixSizeLimitHandler 
Issue #10337 - fixes for SizeLimitHandler
 2023-08-25 18:15:29 +10:00
Lachlan ff02d3b086
Merge pull request #10394 from eclipse/jetty-12.0.x-10383-AsyncListenerTest 
Issue #10383 - suppress stack traces from AsyncListenerTest
 2023-08-25 18:14:41 +10:00
Lachlan Roberts 67404f96ce use HttpStatus for 413 and 500 codes in SizeLimitHandler 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
 2023-08-25 16:24:31 +10:00
Lachlan Roberts be83eb94ad Merge remote-tracking branch 'origin/jetty-12.0.x' into jetty-12.0.x-FixSizeLimitHandler 2023-08-25 16:21:45 +10:00