Sourced from jetty-http's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

Sourced from jetty-io's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

Sourced from jetty-security's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

Sourced from jetty-server's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

Sourced from jetty-servlets's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

Sourced from jetty-util's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5835 - Review Durable Filters, Servlets and Listeners
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

• This release addresses and resolves CVE-2020-27223
• #5993 - Change more modules to glassfish-jstl
• #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5761 - Remove unneeded dependencies from apache-jsp module
• #5759 - Update jakarta transaction, mail and injection apis
• #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

• Jetty 11.x has a minimum Java requirement of Java 11.
• Jetty 11.x modules are proper JPMS modules with module-info.class.
• Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

• 14ed9a5 Updating to version 11.0.2
• 61b5e1a revert back to 11.0.2-SNAPSHOT
• 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• e1f2f8c Updating to version 11.0.3-SNAPSHOT
• 0a126e2 Updating to version 11.0.2
• e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.