Greetings!
The Jetty team is happy to announce the immediate availability of new releases for the Eclipse Jetty 9.4.x, 10.0.x, and 11.0.x branches. All three releases include a number of bug fixes and improvements. It is recommended that all users upgrade as soon as they are able. *Importantly*, these releases address CVE-2021-28163, CVE-2021-28164, and CVE-2021-28165. A full list of changes for this release is listed at the end of this email. This release available on the Eclipse Jetty project download page or from the Maven Central repository: - Eclipse: https://www.eclipse.org/jetty/download.html - Maven Central: https://repo1.maven.org/maven2/org/eclipse/jetty/ Documentation for this release can be found on the Eclipse Jetty project site: - https://www.eclipse.org/jetty/documentation/ If you find any issues with this release, or if you want to suggest future enhancements, please file an issue on the Jetty GitHub page: - https://github.com/eclipse/jetty.project/issues/new Commercial production and development support for Jetty is offered through Webtide (www.webtide.com). Please contact us <https://webtide.com/contact/> for more information or email ch...@webtide.com to discuss your specific needs. Best Regards, The Jetty Development Team *9.4.39.v20210325Changelog* - #6034 SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present - #6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer - #6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android - #6063 Allow override of hazelcast version when using module - #6072 jetty server high CPU when client send data length > 17408 - #6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" Message - #6101 Normalise ambiguous URIs - #6102 Exclude webapps directory from deployment scan *10.0.2Changelog* - #4275 Path Normalization/Traversal - Context Matching - #5828 Allow to create a WebSocketContainer passing HttpClient - #5832 Ctrl-C after jetty:run produces NoClassDefFoundError - #5835 Review Durable Filters, Servlets and Listeners - #5977 Cache-Control header set by a filter is override by the value from DefaultServlet configuration - #5994 QueuedThreadPool "free" threads - #5996 ERROR : No module found to provide logback-impl for logback-access{enabled} - #5999 HttpURI ArrayIndexOutOfBounds - #6001 Ambiguous URI legacy compliance mode - #6008 Allow absolute paths to be provided in start.ini for request log directory. - #6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken - #6020 Review Jetty Maven Plugin scanning defaults - #6021 Standardize Path resolution in XmlConfiguration - #6024 Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found - #6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG - #6034 SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present - #6037 Review logging modules for j.u.l. - #6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer - #6063 Allow override of hazelcast version when using module - #6072 jetty server high CPU when client send data length > 17408 - #6076 Embedded Jetty throws null pointer exception - #6082 SslConnection compacting - #6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" Message - #6101 Normalise ambiguous URIs - #6102 Exclude webapps directory from deployment scan *11.0.2Changelog* - #4275 Path Normalization/Traversal - Context Matching - #5828 Allow to create a WebSocketContainer passing HttpClient - #5832 Ctrl-C after jetty:run produces NoClassDefFoundError - #5835 Review Durable Filters, Servlets and Listeners - #5977 Cache-Control header set by a filter is override by the value from DefaultServlet configuration - #5994 QueuedThreadPool "free" threads - #5996 ERROR : No module found to provide logback-impl for logback-access{enabled} - #5999 HttpURI ArrayIndexOutOfBounds - #6001 Ambiguous URI legacy compliance mode - #6008 Allow absolute paths to be provided in start.ini for request log directory. - #6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken - #6020 Review Jetty Maven Plugin scanning defaults - #6021 Standardize Path resolution in XmlConfiguration - #6024 Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found - #6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG - #6034 SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present - #6037 Review logging modules for j.u.l. - #6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer - #6063 Allow override of hazelcast version when using module - #6072 jetty server high CPU when client send data length > 17408 - #6076 Embedded Jetty throws null pointer exception - #6082 SslConnection compacting - #6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" Message - #6101 Normalise ambiguous URIs - #6102 Exclude webapps directory from deployment scan
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
