12.0.8

Special Thanks to the following Eclipse Jetty community members

• @dhs3000 (Dennis Hoersch)

Changelog

• #11587 - Allow configuring showCause in ErrorHandler
• #11583 - Broken HTTP/3 tests
• #11577 - Remove usages of URIUtil.toURI and URIUtil.split
• #11574 - shibboleth idp webapp under jetty 12.0.7
• #11572 - Deploy behaves differently when both WAR and XML exist in ${jetty.base}/webapps/ and you update the XML vs updating the WAR.
• #11558 - New tmp directory should be created on every WebAppContext start, if not explicitly configured
• #11556 - Improvements and cleanups to ErrorHandler.
• #11553 - Restore startWebapp() to WebAppContext
• #11548 - java.nio.file.ClosedFileSystemException on hot redeploy
• #11539 - Resource.copyTo(Resource) has different behavior from Jetty 9/10/11
• #11522 - Allows to change the default ErrorHandler response type (@dhs3000)
• #11518 - Ensure request is set for ContextScopeListener in EE10
• #11513 - Perf regression in the HTTP parser caused by long look-ahead
• #11510 - Occasional NPE in ClassMatcher.match() from WebAppClassLoader.loadClass() usage
• #11509 - Removing constructor in CookieCache on minor version Change of artifact
• #11498 - Optimized ReservedThreadExecutor with ThreadIdPool
• #11495 - Add UriCompliance rules that follow the HTTP / URI / Servlet specs for illegal & suspicious characters
• #11486 - Improve HTTP parsing long look-ahead
• #11482 - The StatisticsHandler doesn't count 2xx codes
• #11451 - Reintroduce Cross Context Dispatch in Jetty 12
• #11411 - Allow non existant resources to be obtained from Resource.resolve()
• #11364 - Cleanup Resource IO
• #11319 - Implemented addBeanFromConstructor
• #10870 - How to set HttpConfiguration.securePort when the HTTPS port is dynamic?
• #10387 - Fix or suppress javadoc warnings
• #7647 - Document org.eclipse.jetty.client.Socks4Proxy "secure" parameter
• #5857 - Deprecate AbstractConnectionPool "callback" methods

12.0.7

Special Thanks to the following Eclipse Jetty community members

• @hboutemy (Hervé Boutemy)
• @danishnawab (Danish Nawab)

Changelog

• #11465 - HttpURI.toURI() sets userInfo to null
• #11455 - Improve DEBUG during WebInfConfiguration.unpack
• #11448 - UriCompliance.Violation ignored despite being set
• #11443 - Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null
• #11435 - Add suppressed failures in Callback failed
• #11432 - Change default number of acceptor threads
• #11426 - Experiment with ArrayByteBufferPool performance
• #11424 - What is the jetty.deploy.scanInterval default? module, ini, code, and documentation do not agree.
• #11414 - When producing URI/URL strings follow spec and produce lowercase schemes and drop default ports
• #11410 - PathMappingsHandler does not start ResourceHandler properly
• #11401 - Replace StringBuffer with StringBuilder
• #11398 - WebSocket ClosedChannelException when demanding frames in onOpen
• #11397 - Jetty 12: ContextHandler.getTempDirectory() does not respect the Context.getTempDirectory() contract
• #11387 - Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for parsing of non-compliant multipart/form-data
• #11386 - Making FormFields get defaults from Context, not Request
• #11383 - Added documentation about SslHandshakeListener.
• #11377 - Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when packaged)
• #11371 - Review ArrayByteBufferPool eviction
• #11370 - IllegalStateException when last write fails
• #11363 - ContentSourcePublisher throws from request
• #11361 - Updates to UriCompliance.checkUriCompliance
• #11360 - drop buildnumber:create already executed by jetty-util (@hboutemy)
• #11356 - Allow ServerWebSocketContainer to be created without ContextHandler
• #11353 - The default virtual thread executor should created named threads (@danishnawab)
• #11310 - Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1 cause problems
• #11279 - fix use of AliasCheckers with CombinedResource
• #11278 - 500 response when trying to display symlinked directory
• #11270 - Windows 11 pro - problem launching Jetty with ${jetty.home}\etc\jetty-ee10-deploy.xml
• #10432 - Fix buffer leaks in FCGI and H3 HttpClientIdleTimeoutTest
• #8979 - Jetty 12 - HttpClientTransport network "modes"
• #8887 - Jetty-12 client calls onDataAvailable with producing thread

9.4.54.v20240208

Security Updates

This release addresses:

• CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

• #1256 DoSFilter leaks USER_AUTH entries
• #11259 HTTP/2 connection not closed after idle timeout when TCP congested
• #11389 Strip default ports on ws/wss scheme uris too

12.0.6

Security Updates

This release addresses:

• CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Special Thanks to the following Eclipse Jetty community members

• @LoggingResearch (LoggingResearch)

Changelog

• #11329 - Jetty 11->12 migration guide has incorrect new artifact names
• #11317 - Cleanup usages of addBean(Object) from constructors
• #11312 - baseResource/resourceBase is no longer extracted from ServletContext
• #11309 - ensure callback is always completed in WebSocketCoreSession
• #11303 - JettyWebSocketFrameHandler incorrectly relies on autoDemand when handlers are not registered
• #11299 - EE8/9 DefaultServlet.doPost() doesn't behave like Jetty 10/11
• #11296 - AbstractLoginModule porting issue
• #11290 - HTTP 400 and NPE in HttpParser for blank header value in Jetty 12.x
• #11288 - Fixes for Spring core integration
• #11282 - Deadlocks with DEBUG logging enabled in jetty-server testing
• #11281 - Failed LOG.debug() with MultiPart
• #11280 - EE10 OSGi Boot invalid jetty.xml Handler configuration
• #11275 - Jakarta websocket @OnMessage with Reader parameter stops working when there is an unhandled exception
• #11262 - Correct some javadoc typos
• #11259 - HTTP/2 connection not closed after idle timeout when TCP congested
• #11253 - Jetty 12 ComplianceViolation.Listener not notified for URI, Cookie, and Multipart violations.
• #11230 - Problem with parsing of form parameters without values in Jetty 12?
• #11228 - Reorganized and refactored JettyHomeTester to introduce JPMSTester.
• #11220 - ContextHandler(anyHandler) NPE during . logging 'because "this._vhosts" is null'
• #11098 - Sporadic NPE in ArrayByteBufferPool.evict()
• #11096 - IllegalAccessException when invoking WebSocket end point methods in Jetty 12
• #11095 - throws IllegalStateException for completed requests when Gzip Handler is used
• #11081 - Dropped WebSocket messages due to race condition in WebSocket frame handling
• #11080 - Google Cloud: during Multipart - java.lang.IllegalArgumentException: Cannot create chunk from non-retainable ContentChunk
• #10220 - Implement CrossOriginHandler

11.0.20

Security Updates

This release addresses:

• CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Special Thanks to the following Eclipse Jetty community members

• @LoggingResearch (LoggingResearch)

Changelog

• #11273 - Support BSD expr in startup script
• #11260 - QuickStartConfiguration cannot be mixed with contexts that do not have a WEB-INF/quickstart-web.xml
• #11081 - Dropped WebSocket messages due to race condition in WebSocket frame handling
• #10127 - Align Logging Level for Listener Timeout Exceptions with Debug (@LoggingResearch)

10.0.20

Security Updates

This release addresses:

• CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Special Thanks to the following Eclipse Jetty community members

• @LoggingResearch (LoggingResearch)

Changelog

• #11273 - Support BSD expr in startup script
• #11260 - QuickStartConfiguration cannot be mixed with contexts that do not have a WEB-INF/quickstart-web.xml
• #11081 - Dropped WebSocket messages due to race condition in WebSocket frame handling
• #10127 - Align Logging Level for Listener Timeout Exceptions with Debug (@LoggingResearch)

12.0.5

Changelog

• #11051 - Do not use HttpStream.Wrapper in SizeLimitHandler
• #11040 - "not an allowed scheme" for GraalVM Native-Image resource:-URIs
• #11037 - Serialize HttpClient request failures
• #11036 - Improve the dump output of ConcurrentPool
• #11032 - add deployment exception for non Jakarta WebSocket endpoints used in ServerEndpointConfig
• #11030 - Refactor eeX plus.security and plus.annotation classes to core
• #11027 - Cleanup Module + XML properties usage
• #11021 - Do not call afterResponse() in case of failures
• #11016 - IllegalStateException when stopping Server with pending requests
• #11014 - RedirectRegexRule and RewritePatternRule should consider relativeRedirectAllowed
• #10956 - Simplify Expect: 100-Continue handling
• #10933 - Review ServletChannelState.asyncError()
• #10897 - Refactor JNDI across environments for common JNDI components that can be in core
• #10852 - Add ResourceHandler.setUseFileMapping(boolean) option
• #10277 - Review read failures impacting writes

11.0.19

Special Thanks to the following Eclipse Jetty community members

• @garydgregory (Gary Gregory)
• @chadlwilson (Chad Wilson)

Changelog

• #11039 - Memory leak and multiple (Http|Servlet)*Listener invokations after restart
• #11031 - HttpClient should expose Connection/EndPoint used by HTTP requests
• #11014 - RedirectRegexRule and RewritePatternRule should consider relativeRedirectAllowed
• #10938 - Use String#isEmpty() (@garydgregory)
• #10876 - use correct scm coordinates
• #10812 - jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled in at runtime (@chadlwilson)

10.0.19

Special Thanks to the following Eclipse Jetty community members

• @garydgregory (Gary Gregory)
• @chadlwilson (Chad Wilson)

Changelog

• #11039 - Memory leak and multiple (Http|Servlet)*Listener invokations after restart
• #11031 - HttpClient should expose Connection/EndPoint used by HTTP requests
• #11014 - RedirectRegexRule and RewritePatternRule should consider relativeRedirectAllowed
• #10938 - Use String#isEmpty() (@garydgregory)
• #10876 - use correct scm coordinates
• #10812 - jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled in at runtime (@chadlwilson)

12.0.4

Special Thanks to the following Eclipse Jetty community members

• @hantsy (Hantsy Bai)
• @chadlwilson (Chad Wilson)

Changelog

• #10926 - AttributeNormalizer does not support combined resources
• #10925 - Jetty 12 documentation: references to jetty-maven-plugin
• #10922 - Fix NPE on null host when checking virtual host
• #10919 - EE10 multipart parsing may include '\r' at the front under certain conditions
• #10911 - Accurate implementation of H3 Request.beginNanoTime()
• #10902 - do not add duplicate jars to MetaData containerResources
• #10889 - Improve Resource use in MetaInfConfiguration
• #10888 - Fix leaked resources in jetty maven plugin
• #10886 - Don't track mounts for newResource() that do not exist
• #10879 - Improve redirect handling with reproducible content
• #10877 - Configure sbom plugin to produce sbom for jetty-home and include it in the distribution
• #10868 - reinstate HttpChannel reuse in H2
• #10867 - Immutable local/remote SocketAddress within a ConnectionMetaData
• #10866 - Recycle ServletChannel at ServletContextHandler completion.
• #10829 - Expired Session timing issue leads to Warning: "Invalidating session {} found to be expired when requested"
• #10812 - jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled in at runtime (@chadlwilson)
• #10810 - Update jetty-maven-plugin Documentation for new environment layer (@hantsy)
• #10802 - Stabilize secondary_super_cache in server code
• #10801 - Recycle ServletChannel in ServletContextHandler
• #10797 - Multiple identical Set-Cookie response lines produced
• #10792 - Various cleanups of Handler.insertHandler
• #10787 - Weak reference concurrent pool
• #10775 - Review ConnectionMetaData.isSecure()
• #10768 - WebSocketUpgradeHandler should not require ContextHandler
• #10749 - WebSocketClient should expose upgrade request/response
• #10687 - Jetty WebSocket remembers mappings on restart
• #10484 - Clarify documentation about how to make a non-blocking handler tree
• #10384 - ServletChannel now using proper state changes for calls to ErrorHandler to avoid IllegalStateExceptions