Hello I'd like to announce new minor releases of Pax Web: 8.0.23 and 9.0.12.
Current runtime versions are: - Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x) - Tomcat 9.0.82 - Undertow 2.2.28.Final These are important fixes related to recent CVE-2023-44487: HTTP/2 Rapid Reset Attack <https://nvd.nist.gov/vuln/detail/CVE-2023-44487>. There's also a minor QoL improvements/fixes: - OSGi security (ServletContextHelper.handleSecurity()) - user was not visible in access log (thanks François de Parscau!) - Keycloak 19+ (up to 22) integration was not complete - Additional Tomcat valves (from context.xml) were removed on restart (thanks Stephan Siano!) - ServletContext.getServletContextName() returned wrong value for WABs (thanks Amichai Rothman!) For completeness, the changelogs are available for 8.0.23[1] and 9.0.12[2]. kind regards Grzegorz Grzybek === [1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/252?closed=1 [2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/253?closed=1 -- -- ------------------ OPS4J - http://www.ops4j.org - ops4j@googlegroups.com --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAAdXmhpwZYnaNniW4gEJygjMSQ4MFLtQBMEsJV0AZKUTFUD8pQ%40mail.gmail.com.