Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better handle exceptions thrown from session destroy listener #6277

Closed
gregw opened this issue May 14, 2021 · 2 comments · Fixed by #6278
Closed

Better handle exceptions thrown from session destroy listener #6277

gregw opened this issue May 14, 2021 · 2 comments · Fixed by #6278
Assignees
@janbartel
Labels
Sponsored This issue affects a user with a commercial support agreement

Comments

@gregw
Copy link
Contributor

gregw commented May 14, 2021
edited
Loading

Handle exceptions thrown from session destroyed listeners
CVE-2021-34428
janbartel added a commit that referenced this issue May 14, 2021
@janbartel
Issue #6277 Better handling of exceptions thrown in sessionDestroyed
b926efb 
Signed-off-by: Jan Bartel <[email protected]>
@janbartel janbartel mentioned this issue May 14, 2021
Merged
janbartel added a commit that referenced this issue May 15, 2021
@janbartel
Issue #6277 Fix RequestTest.testPushBuilder
5d95ad5 
Signed-off-by: Jan Bartel <[email protected]>
janbartel added a commit that referenced this issue May 15, 2021
@janbartel
Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#…
cd6462a 
…6278)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <[email protected]>
janbartel added a commit that referenced this issue May 16, 2021
@janbartel
Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#…
61d4e92 
…6278)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <[email protected]>
@janbartel janbartel mentioned this issue May 16, 2021
Merged
janbartel added a commit that referenced this issue May 16, 2021
@janbartel
Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#…
087f486 
…6278) (#6279)

* Issue #6277 Better handling of exceptions thrown in sessionDestroyed

Signed-off-by: Jan Bartel <[email protected]>
lachlan-roberts added a commit that referenced this issue Jul 8, 2021
@lachlan-roberts
Issue #6277 - update VERSION.txt with CVE number
1cde3d0 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this issue Jul 8, 2021
@lachlan-roberts
Issue #6277 - update VERSION.txt with CVE number
762608f 
Signed-off-by: Lachlan Roberts <[email protected]>
This was referenced Jul 8, 2021
Merged
Merged
lachlan-roberts added a commit that referenced this issue Jul 9, 2021
@lachlan-roberts
Merge pull request #6508 from eclipse/jetty-9.4.x-6277-updateVersionTxt
93d58a9 
Issue #6277 - update VERSION.txt with SessionListener CVE number (9.4)
lachlan-roberts added a commit that referenced this issue Jul 9, 2021
@lachlan-roberts
Issue #6277 - add testing for AliasCheckers with symlinks
fe4ca7d 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this issue Jul 14, 2021
@lachlan-roberts
Merge pull request #6507 from eclipse/jetty-10.0.x-6277-updateVersionTxt
8f80c59 
Issue #6277 - update VERSION.txt with SessionListener CVE number
lachlan-roberts added a commit that referenced this issue Jul 15, 2021
@lachlan-roberts
Issue #6277 - add replacement Symlink AliasChecker
a5b08e3 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this issue Jul 23, 2021
@lachlan-roberts
Issue #6277 - add replacement Symlink AliasChecker
20b0b7e 
Signed-off-by: Lachlan Roberts <[email protected]>
lachlan-roberts added a commit that referenced this issue Jul 23, 2021
@lachlan-roberts
Issue #6277 - add replacement Symlink AliasChecker
1858153 
Signed-off-by: Lachlan Roberts <[email protected]>
@gregw
Copy link
Contributor Author

gregw commented Aug 31, 2021

backport to 9.3

@gregw gregw reopened this Aug 31, 2021
@gregw gregw added the Sponsored This issue affects a user with a commercial support agreement label Aug 31, 2021
joakime pushed a commit that referenced this issue Sep 30, 2021
@janbartel @joakime
Issue #6277 - Protect from Throwables on HttpSessionListener events.
09d74ab 
Signed-off-by: Joakim Erdfelt <[email protected]>
@joakime joakime mentioned this issue Sep 30, 2021
Merged
@joakime
Copy link
Contributor

joakime commented Sep 30, 2021

Opened PR #6948 for minimal backport to jetty-9.3.x of fix (no tests)

joakime added a commit that referenced this issue Oct 1, 2021
@joakime
Merge pull request #6948 from eclipse/jetty-9.3.x-backport-session-li…
791d9d1 
…stener-fix

Issue #6277 - Protect from Throwables on HttpSessionListener events.
@AASMACMX AASMACMX mentioned this issue Feb 26, 2023
Open
@AASMACMX AASMACMX mentioned this issue Apr 26, 2023
Open
@AASMACMX AASMACMX mentioned this issue Jul 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janbartel janbartel

Labels
Sponsored This issue affects a user with a commercial support agreement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #6277 Better handling of exceptions thrown in sessionDestroyed jetty/jetty.project
4 participants
@gregw @joakime @janbartel @lachlan-roberts