9.4.48.v20220622

End of Life Notice

• #7958 - Jetty 9.4.x is now at End of Community Support. (See issue for details)

Critical Fix

• #8184 - All suffix globs except first fail to match if path has . character in prefix section

11.0.11

Special Thanks to the following Eclipse Jetty community members

• @cstamas (Tamas Cservenak)

Critical Fix

• #8184 - All suffix globs except first fail to match if path has . character in prefix section

Changelog

• #8187 - Fix test-distribution classpath re resolver (@cstamas)
• #8175 - Removing invalid maxConnections references
• #8163 - RegexPathSpec documentation and MatchedPath improvements
• #8162 - Migrate code from jetty-util Logger to slf4j Logger
• #8161 - Improve SSLConnection buffers handling
• #8155 - Use static exceptions for closing websocket flushers and in ContentProducer

10.0.11

Special Thanks to the following Eclipse Jetty community members

• @cstamas (Tamas Cservenak)

Critical Fix

• #8184 - All suffix globs except first fail to match if path has . character in prefix section

Changelog

• #8187 - Fix test-distribution classpath re resolver (@cstamas)
• #8175 - Removing invalid maxConnections references
• #8163 - RegexPathSpec documentation and MatchedPath improvements
• #8162 - Migrate code from jetty-util Logger to slf4j Logger
• #8161 - Improve SSLConnection buffers handling
• #8155 - Use static exceptions for closing websocket flushers and in ContentProducer

11.0.10

Fixed Security Advisories

• (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
• (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service
• (CVE-2022-2191) - GHSA-8mpp-f3f7-xc28 - SslConnection does not release pooled ByteBuffers in case of errors

Special Thanks to the following Eclipse Jetty community members

• @jianglai (Lai Jiang)
• @markslater (markslater)
• @prenagha (Padraic Renaghan)

Changelog

• #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
• #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8057 - Support Http Response 103 (Early Hints)
• #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
• #8008 - Add compliance mode for LEGACY multipart parser in Jetty
• #7994 - Ability to construct a detached client Request
• #7991 - fix bom for jetty-cdi
• #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
• #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
• #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
• #7953 - Fix StatisticsHandler in the case a Handler throws exception.
• #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
• #7929 - Correct requestlog formatString commented default (@prenagha)
• #7924 - Fix a typo in Javadoc (@jianglai)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
• #7891 - Better Servlet PathMappings for Regex
• #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@markslater)
• #7863 - Default servlet drops first accept-encoding header if there is more than one. (@markslater)
• #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
• #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty
• #7803 - unwrap exception until we get the first non ServletException, as this can be wrap of wrap of wrap when using ContextHandlerCollection
• #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
• #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
• #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
• #4414 - GZipHandler not excluding inflation for specified paths
• #1771 - Add module for SecuredRedirect support

Dependencies

• #8083 - Bump asciidoctorj to 2.5.4
• #8077 - Bump asciidoctorj-diagram to 2.2.3
• #7839 - Bump asm.version to 9.3
• #8142 - Bump biz.aQute.bndlib to 6.3.1
• #8075 - Bump checkstyle to 10.3
• #8056 - Bump error_prone_annotations to 2.14.0
• #8109 - Bump google-cloud-datastore to 2.7.0
• #8100 - Bump grpc-core to 1.47.0
• #7987 - Bump hawtio-default to 2.15.0
• #7934 - Bump hazelcast.version to 4.2.5
• #8003 - Bump jackson-annotations to 2.13.3
• #8004 - Bump jackson-core to 2.13.3
• #7997 - Bump jackson-databind to 2.13.3
• #7849 - Bump jacoco-maven-plugin to 0.8.8
• #7830 - Bump jakarta.annotation-api to 2.1.0
• #7913 - Bump jakarta.ws.rs-api to 3.1.0
• #7937 - Bump jboss-logging to 3.5.0.Final
• #7815 - Bump jnr-ffi to 2.2.12
• #7967 - Bump kerb-simplekdc to 2.0.2
• #8029 - Bump logback-core to 1.3.0-alpha16
• #8064 - Bump mariadb-java-client to 3.0.5
• #7908 - Bump maven-antrun-plugin to 3.1.0
• #8001 - Bump maven-bundle-plugin to 5.1.6
• #7843 - Bump maven-clean-plugin to 3.2.0
• #8080 - Bump maven-invoker-plugin to 3.3.0
• #7902 - Bump maven-javadoc-plugin to 3.4.0
• #8079 - Bump maven-scm-provider-jgit to 1.13.0
• #7904 - Bump maven-site-plugin to 3.12.0
• #7900 - Bump maven.resolver.version to 1.8.0
• #7915 - Bump mongo-java-driver to 3.12.11
• #8108 - Bump openwebbeans.version to 2.0.27
• #7877 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
• #8123 - Bump org.apache.felix.framework to 7.0.5
• #8019 - Bump plexus-utils to 3.4.2
• #7944 - Bump protostream to 4.4.3.Final
• #8030 - Bump spotbugs-maven-plugin to 4.7.0.0
• #8031 - Bump testcontainers-bom to 1.17.2
• #7972 - Bump tycho-p2-repository-plugin to 2.7.3
• #8038 - Bump versions-maven-plugin to 2.11.0

10.0.10

Fixed Security Advisories

• (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
• (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service
• (CVE-2022-2191) - GHSA-8mpp-f3f7-xc28 - SslConnection does not release pooled ByteBuffers in case of errors

Special Thanks to the following Eclipse Jetty community members

• @jianglai (Lai Jiang)
• @markslater (markslater)
• @prenagha (Padraic Renaghan)

Changelog

• #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
• #8136 - Cherry-pick of Improvements to PathSpec for Jetty 10.0.x
• #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8057 - Support Http Response 103 (Early Hints)
• #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
• #8008 - Add compliance mode for LEGACY multipart parser in Jetty 10+
• #7994 - Ability to construct a detached client Request
• #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
• #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
• #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
• #7953 - Fix StatisticsHandler in the case a Handler throws exception.
• #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
• #7929 - Correct requestlog formatString commented default (@prenagha)
• #7924 - Fix a typo in Javadoc (@jianglai)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
• #7891 - Better Servlet PathMappings for Regex
• #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@markslater)
• #7863 - Default servlet drops first accept-encoding header if there is more than one. (@markslater)
• #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
• #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty 10
• #7808 - Jetty duplicate set session cookie
• #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
• #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
• #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
• #4414 - GZipHandler not excluding inflation for specified paths
• #1771 - Add module for SecuredRedirect support

Dependencies

• #8083 - Bump asciidoctorj to 2.5.4
• #8077 - Bump asciidoctorj-diagram to 2.2.3
• #7839 - Bump asm.version to 9.3
• #8142 - Bump biz.aQute.bndlib to 6.3.1
• #8075 - Bump checkstyle to 10.3
• #8056 - Bump error_prone_annotations to 2.14.0
• #8109 - Bump google-cloud-datastore to 2.7.0
• #8100 - Bump grpc-core to 1.47.0
• #7987 - Bump hawtio-default to 2.15.0
• #7934 - Bump hazelcast.version to 4.2.5
• #8003 - Bump jackson-annotations to 2.13.3
• #8004 - Bump jackson-core to 2.13.3
• #7849 - Bump jacoco-maven-plugin to 0.8.8
• #7937 - Bump jboss-logging to 3.5.0.Final
• #7815 - Bump jnr-ffi to 2.2.12
• #7967 - Bump kerb-simplekdc to 2.0.2
• #8029 - Bump logback-core to 1.3.0-alpha16
• #8064 - Bump mariadb-java-client to 3.0.5
• #7908 - Bump maven-antrun-plugin to 3.1.0
• #8001 - Bump maven-bundle-plugin to 5.1.6
• #7843 - Bump maven-clean-plugin to 3.2.0
• #8080 - Bump maven-invoker-plugin to 3.3.0
• #7902 - Bump maven-javadoc-plugin to 3.4.0
• #8079 - Bump maven-scm-provider-jgit to 1.13.0
• #7904 - Bump maven-site-plugin to 3.12.0
• #7900 - Bump maven.resolver.version to 1.8.0
• #7915 - Bump mongo-java-driver to 3.12.11
• #8108 - Bump openwebbeans.version to 2.0.27
• #7877 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
• #8123 - Bump org.apache.felix.framework to 7.0.5
• #8019 - Bump plexus-utils to 3.4.2
• #7859 - Bump protostream to 4.4.2.Final
• #8030 - Bump spotbugs-maven-plugin to 4.7.0.0
• #8031 - Bump testcontainers-bom to 1.17.2
• #7972 - Bump tycho-p2-repository-plugin to 2.7.3
• #8038 - Bump versions-maven-plugin to 2.11.0

9.4.47.v20220610

Fixed Security Advisories

• (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
• (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service

Important

• #7958 - Jetty 9.4.x is now at End of Community Support. (See issue for details)

Changelog

• #8145 - RegexPathSpec backport of optional group name/info lookup if regex fails
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
• #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
• #7947 - Improved PathSpec handling for servletName & pathInfo
• #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
• #7863 - Default servlet drops first accept-encoding header if there is more than one.
• #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
• #7837 - Fix StatisticsHandler in the case a Handler throws exception.
• #7809 - Jetty 9.4.x 7801 duplicate set session cookies
• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching

Dependencies

• #8076 - Bump asciidoctorj-diagram to 2.2.3
• #7840 - Bump asm.version to 9.3
• #8143 - Bump biz.aQute.bndlib to 6.3.1
• #8055 - Bump error_prone_annotations to 2.14.0
• #8110 - Bump google-cloud-datastore to 2.7.0
• #8098 - Bump grpc-core to 1.47.0
• #7988 - Bump hawtio-default to 2.15.0
• #7999 - Bump jackson-annotations to 2.13.3
• #8000 - Bump jackson-core to 2.13.3
• #8002 - Bump jackson-databind to 2.13.3
• #7846 - Bump jacoco-maven-plugin to 0.8.8
• #7816 - Bump jnr-ffi to 2.2.12
• #7968 - Bump kerb-simplekdc to 2.0.2
• #8060 - Bump mariadb-java-client to 3.0.5
• #7909 - Bump maven-antrun-plugin to 3.1.0
• #7841 - Bump maven-clean-plugin to 3.2.0
• #8078 - Bump maven-invoker-plugin to 3.3.0
• #7903 - Bump maven-site-plugin to 3.12.0
• #7901 - Bump maven.resolver.version to 1.8.0
• #8128 - Bump maven.surefire.plugin.version to 3.0.0-M7
• #7957 - Bump mongo-java-driver to 2.14.3
• #8107 - Bump openwebbeans.version to 2.0.27
• #7878 - Bump org.apache.aries.spifly.dynamic.bundle to 1.3.5
• #8121 - Bump org.apache.felix.framework to 7.0.5
• #8018 - Bump plexus-utils to 3.4.2
• #7926 - Bump protostream to 4.4.3.Final
• #8027 - Bump spotbugs-maven-plugin to 4.7.0.0
• #8028 - Bump testcontainers.version to 1.17.2
• #8039 - Bump versions-maven-plugin to 2.11.0

9.4.46.v20220331

Special Thanks to the following Eclipse Jetty community members

• @jebeaudet (Jacques-Etienne Beaudet)
• @slovdahl (Sebastian Lövdahl)

Changelog

• #7771 - Clarify WebSocketUpgradeFilter.addMapping() method usage
• #7615 - HttpServletResponse.encodeURL not working for URLs starting with ../
• #7599 - Honor parameters order when parsing query and form parameters (@jebeaudet)
• #7569 - Miconfigured headerCacheSize in can result in IllegalArgumentException
• #7567 - Gzip compression not working for multipart/form-data when added to the allowed list using addIncludedMimeTypes.
• #7548 - Interrupt flag is not always cleared in between requests
• #7518 - ArrayTrie getBest fails to match the empty string entry in certain cases
• #7516 - Fix log class name in ArrayByteBufferPool (@slovdahl)
• #7496 - Transient 400: Bad Request responses
• #7480 - remove duplicated dependencies and upgrade to last spring 3.2.x
• #7271 - It is necessary to set MAX_CAPACITY to ArrayTernaryTrie/ArrayTrie
• #6756 - Deprecate jetty-spring sub-project
• #5965 - Option --write-module-graph produces wrong .dot file

Dependencies

• #7500 - Bump asciidoctor-maven-plugin to 2.2.2
• #7706 - Bump awaitility to 4.2.0
• #7501 - Bump checkstyle to 9.3
• #7449 - Bump error_prone_annotations to 2.11.0
• #7744 - Bump google-cloud-datastore to 2.2.9
• #7805 - Bump grpc-core to 1.45.1
• #7583 - Bump gson to 2.9.0
• #7680 - Bump guava to 31.1-jre
• #7445 - Bump guice to 5.1.0
• #7560 - Bump hawtio-default to 2.14.5
• #7582 - Bump infinispan.version to 11.0.15.Final
• #7707 - Bump jackson-annotations to 2.13.2
• #7699 - Bump jackson-core to 2.13.2
• #7798 - Bump jackson-databind to 2.13.2.2
• #7796 - Bump jmh.version to 1.35
• #7790 - Bump jna to 5.11.0
• #6920 - Bump jolokia-war to 1.7.1
• #7590 - Bump json-smart to 2.4.8
• #7705 - Bump logback.version to 1.2.11
• #7792 - Bump mariadb-java-client to 3.0.4
• #7727 - Bump maven-compiler-plugin to 3.10.1
• #7737 - Bump maven-dependency-plugin to 3.3.0
• #7542 - Bump maven-project-info-reports-plugin to 3.2.1
• #7612 - Bump maven-site-plugin to 3.11.0
• #7550 - Bump openwebbeans.version to 2.0.26
• #7746 - Bump org.eclipse.osgi to 3.17.200
• #7553 - Bump osgi.annotation to 8.1.0
• #7779 - Bump spotbugs-maven-plugin to 4.6.0.0
• #6756 - Bump spring-beans to 5.3.18
• #7743 - Bump versions-maven-plugin to 2.10.0
• #7622 - Bump weld-servlet-core to 3.1.9.Final
• #7708 - Bump wildfly-common to 1.6.0.Final
• #7756 - Bump wildfly-elytron to 1.19.0.Final
• #7435 - Investigate Infinispan transitive dependencies

11.0.9

Special Thanks to the following Eclipse Jetty community members

• @joschi (Jochen Schalanda)
• @ianrifkin (ianrifkin)
• @sunng87 (Ning Sun)
• @kaiyuezhou (Kaiyue Zhou)
• @dellgreen (Dell Green)

Changelog

• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
• #7677 - jetty-maven-plugin - maven internal dependencies included on webapp classloader
• #7657 - Remove unused test imports in jetty-nosql
• #7655 - Remove unused imports in jetty-gcloud
• #7633 - Make osgi build work with snapshot jsp jars
• #7625 - HTTP/3 error against www.google.com
• #7617 - Logback-access RequestLog not working
• #7615 - HttpServletResponse.encodeURL not working for URLs starting with ../
• #7613 - Configurations.add(Configuration) results in UnsupportedOperationException
• #7605 - Honor parameters order when parsing query and form parameters
• #7575 - Misleading docs for HttpClientTransportDynamic
• #7574 - Turn off peer cerificate verification for quic-server by default (@sunng87)
• #7573 - WebSockets - "Unsupported PathParam Type: java.lang.Integer"
• #7567 - Gzip compression not working for multipart/form-data when added to the allowed list using addIncludedMimeTypes.
• #7548 - Interrupt flag is not always cleared in between requests
• #7547 - Fix typo in java doc (@kaiyuezhou)
• #7545 - Named arguments do not work in jetty-openid.xml
• #7544 - Add option to allow well-known directories to be listed.
• #7524 - Missing package in JmxConfiguration
• #7523 - Typo in AnnotationConfiguration
• #7517 - Some ArrayTrie methods throw StackOverflowError when cointaining a very large entry
• #7514 - Adding InheritedListeners to already-started components can cause IllegalStateException
• #7513 - Getter/setter type mismatch for mbean attribute file in class org.eclipse.jetty.deploy.PropertiesConfigurationManager
• #7496 - Transient 400: Bad Request responses
• #7430 - Run WebSocket Autobahn test for all Jetty, Javax and Core APIs
• #7414 - QoSFilter.setMaxRequests throws NullPointerException
• #7344 - Incompatible with jacoco due to shutdown race condition
• #7182 - jetty.sh start process should remove jetty_state whenever deleting the pid (@ianrifkin)
• #6879 - Remove jminix (not maintained) module as hawtio provide same features
• #6282 - SecuredRedirectHandler should probably redirect with 301 (@dellgreen)
• #6017 - Property overriding does not work
• #5965 - Option --write-module-graph produces wrong .dot file
• #5681 - Unrecognized jetty-home/start.jar command line option not reported clearly

Dependencies

• #7498 - Bump asciidoctor-maven-plugin to 2.2.2
• #7695 - Bump awaitility to 4.2.0
• #7762 - Bump google-cloud-datastore to 2.2.9
• #7733 - Bump grpc-core to 1.45.0
• #7696 - Bump jackson-annotations to 2.13.2
• #7697 - Bump jackson-core to 2.13.2
• #7785 - Bump jackson-databind to 2.13.2.1
• #7491 - Bump jakarta.inject-api to 2.0.1
• #7788 - Bump jna-jpms to 5.11.0
• #7487 - Bump jsp.impl.version to 10.0.14
• #7589 - Bump logback-core to 1.3.0-alpha14
• #7787 - Bump mariadb-java-client to 3.0.4
• #7735 - Bump maven-compiler-plugin to 3.10.1
• #7734 - Bump maven-dependency-plugin to 3.3.0
• #7761 - Bump maven-jxr-plugin to 3.2.0
• #7540 - Bump maven-project-info-reports-plugin to 3.2.1
• #7620 - Bump maven-site-plugin to 3.11.0
• #7759 - Bump org.eclipse.osgi to 3.17.200
• #7758 - Bump versions-maven-plugin to 2.10.0
• #7760 - Bump wildfly-elytron to 1.19.0.Final
• #7495 - remove unsupported modules

10.0.9

Special Thanks to the following Eclipse Jetty community members

• @joschi (Jochen Schalanda)
• @ianrifkin (ianrifkin)
• @sunng87 (Ning Sun)
• @kaiyuezhou (Kaiyue Zhou)
• @dellgreen (Dell Green)

Changelog

• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
• #7677 - jetty-maven-plugin - maven internal dependencies included on webapp classloader
• #7657 - Remove unused test imports in jetty-nosql
• #7655 - Remove unused imports in jetty-gcloud
• #7633 - Make osgi build work with snapshot jsp jars
• #7625 - HTTP/3 error against www.google.com
• #7617 - Logback-access RequestLog not working
• #7615 - HttpServletResponse.encodeURL not working for URLs starting with ../
• #7613 - Configurations.add(Configuration) results in UnsupportedOperationException
• #7605 - Honor parameters order when parsing query and form parameters
• #7575 - Misleading docs for HttpClientTransportDynamic
• #7574 - Turn off peer cerificate verification for quic-server by default (@sunng87)
• #7573 - WebSockets - "Unsupported PathParam Type: java.lang.Integer"
• #7567 - Gzip compression not working for multipart/form-data when added to the allowed list using addIncludedMimeTypes.
• #7548 - Interrupt flag is not always cleared in between requests
• #7547 - Fix typo in java doc (@kaiyuezhou)
• #7545 - Named arguments do not work in jetty-openid.xml
• #7544 - Add option to allow well-known directories to be listed.
• #7524 - Missing package in JmxConfiguration
• #7523 - Typo in AnnotationConfiguration
• #7517 - Some ArrayTrie methods throw StackOverflowError when cointaining a very large entry
• #7514 - Adding InheritedListeners to already-started components can cause IllegalStateException
• #7513 - Getter/setter type mismatch for mbean attribute file in class org.eclipse.jetty.deploy.PropertiesConfigurationManager
• #7496 - Transient 400: Bad Request responses
• #7414 - QoSFilter.setMaxRequests throws NullPointerException
• #7344 - Incompatible with jacoco due to shutdown race condition
• #7182 - jetty.sh start process should remove jetty_state whenever deleting the pid (@ianrifkin)
• #6879 - Remove jminix (not maintained) module as hawtio provide same features
• #6282 - SecuredRedirectHandler should probably redirect with 301 (@dellgreen)
• #6017 - Property overriding does not work
• #5965 - Option --write-module-graph produces wrong .dot file
• #5681 - Unrecognized jetty-home/start.jar command line option not reported clearly

Dependencies

• #7499 - Bump asciidoctor-maven-plugin to 2.2.2
• #7703 - Bump awaitility to 4.2.0
• #7502 - Bump checkstyle to 9.3
• #7470 - Bump error_prone_annotations to 2.11.0
• #7741 - Bump google-cloud-datastore to 2.2.9
• #7804 - Bump grpc-core to 1.45.1
• #7587 - Bump gson to 2.9.0
• #7679 - Bump guava to 31.1-jre
• #7447 - Bump guice to 5.1.0
• #7559 - Bump hawtio-default to 2.14.5
• #7591 - Bump infinispan-bom to 11.0.15.Final
• #7702 - Bump jackson-annotations to 2.13.2
• #7704 - Bump jackson-core to 2.13.2
• #7799 - Bump jackson-databind to 2.13.2.2
• #7678 - Bump jetty-quiche-native to 0.12.0
• #7797 - Bump jmh.version to 1.35
• #7793 - Bump jna-jpms to 5.11.0
• #6907 - Bump jolokia-war to 1.7.1
• #7581 - Bump json-smart to 2.4.8
• #7670 - Bump log4j-api to 2.17.2
• #7585 - Bump logback-core to 1.3.0-alpha14
• #7789 - Bump mariadb-java-client to 3.0.4
• #7725 - Bump maven-compiler-plugin to 3.10.1
• #7739 - Bump maven-dependency-plugin to 3.3.0
• #7568 - Bump maven-javadoc-plugin to 3.3.2
• #7755 - Bump maven-jxr-plugin to 3.2.0
• #7416 - Bump maven-plugin-plugin to 3.6.4
• #7543 - Bump maven-project-info-reports-plugin to 3.2.1
• #7610 - Bump maven-site-plugin to 3.11.0
• #7549 - Bump openwebbeans.version to 2.0.26
• #7745 - Bump org.eclipse.osgi to 3.17.200
• #7552 - Bump osgi.annotation to 8.1.0
• #7555 - Bump slf4j to 2.0.0-alpha6 (@joschi)
• #7780 - Bump spotbugs-maven-plugin to 4.6.0.0
• #7669 - Bump tycho-p2-repository-plugin to 2.7.0
• #7438 - Bump versions-maven-plugin to 2.9.0
• #7602 - Bump weld-servlet-core to 3.1.9.Final
• #7709 - Bump wildfly-common to 1.6.0.Final
• #7757 - Bump wildfly-elytron to 1.19.0.Final
• #7435 - Investigate Infinispan transitive dependencies
• #7529 - Upgrade quiche to version 0.11.0

11.0.8

Special Thanks to the following Eclipse Jetty community members

• @Artur- (Artur)
• @markslater (markslater)
• @dellgreen (Dell Green)
• @lujiefsi (lujiefsi)
• @mszabo-wikia (mszabo-wikia)

Changelog

• #7524 - Missing package in JmxConfiguration
• #7523 - Typo in AnnotationConfiguration
• #7514 - Adding InheritedListeners to already-started components can cause IllegalStateException
• #7430 - Run WebSocket Autobahn test for all Jetty, Javax and Core APIs
• #7419 - Update resource base example so it works (@Artur-)
• #7417 - Clarify that requestHeaderSize is a cumulative limit (@mszabo-wikia)
• #7375 - Some environments require Request scoping during session save
• #7369 - Document CustomRequestLog
• #7361 - Fix resource leaks in PropertyUserStore, XmlConfiguraiton, and start.jar (@lujiefsi)
• #7351 - Large WebSocket payloads with permessage-deflate hang on 10.0.7
• #7348 - Slow CONNECT request causes NPE
• #7327 - jetty-slf4j-impl missing from BOM
• #7313 - addBean(_attributes); only called in the Convenience constructor of org.eclipse.jetty.server.Server
• #7299 - Enabling the logging-logback module prevents eclipse remote debugging
• #7297 - Deprecate log4j 1.x support
• #7294 - Fix possible NPE from WebSocketAdapter
• #7277 - Allow override of ServletRequest.getLocalName() and .getLocalPort() in post-intermediary scenarios
• #7262 - Allow the SerlvetHandler.getFilterChain method to be overridden.
• #7240 - Clarify and javadoc InvocationType
• #7160 - HttpURI considers %25 to be ambiguous, preventing access to static resources with % in their name
• #7132 - Tidy up demo webapps
• #7131 - Use Charset instead of encoding string where possible
• #7124 - Add default methods on LifeCycle.Listener interface
• #7111 - Add support to deprecate jetty-home modules
• #7109 - Deprecate UnixSocket JNR support
• #7103 - Rework LaF of distro landing page
• #7086 - WebSocket: java.lang.IllegalStateException: already released RetainableByteBuffer
• #7064 - Cleanup or clarify (null) in output of --list-config
• #7063 - Simplify command line use of org.eclipse.jetty.util.Password
• #7062 - test-keystore.p12 is no longer packaged in jetty-home
• #7059 - NPE in AllowedResourceAliasChecker.getPath()
• #7042 - Simplify configuration to use different OpenIdConfiguration per webapp.
• #7031 - ResponseWriter.println(char) does not print newline
• #7008 - Problem with jetty.sh start regression 10.0.6 -> 10.0.7 when using JETTY_USER
• #6987 - jetty-unixdomain-server is missing from jetty-bom (@markslater)
• #6985 - ELContextCleaner references javax class in jetty-11
• #6980 - ELContextCleaner failed because cannot access a member of class javax.el.BeanELResolver with modifiers "private static final"
• #6973 - Jetty starts consuming CPU that remains high even without any traffic
• #6965 - Expose Spec ServerContainer.upgrade() API
• #6497 - Replace SameFileAliasChecker
• #6282 - SecuredRedirectHandler should probably redirect with 301 (@dellgreen)
• #6017 - Property overriding does not work
• #4317 - EventSource does not work with GzipHandler
• #4275 - Path Normalization/Traversal - Context Matching
• #2690 - Clarify ordering, concurrency behavior of WebSocketListener and normal HTTP responses
• #2504 - Expose more WebSocket details in JMX and Server Dump
• #1087 - Support .well-known serving in handlers
• #100 - Can't deploy web app as an unpacked directory inside a bundle JAR on Felix

Dependencies

• #7529 - Upgrade quiche to version 0.11.0
• #7520 - Bump google-cloud-datastore from 2.2.2 to 2.2.3
• #7508 - Bump logback-core from 1.3.0-alpha12 to 1.3.0-alpha13
• #7502 - Bump checkstyle from 9.2.1 to 9.3
• #7499 - Bump asciidoctor-maven-plugin from 2.2.1 to 2.2.2
• #7495 - remove unsupported modules
• #7491 - Bump jakarta.inject-api from 2.0.0 to 2.0.1
• #7487 - Bump jsp.impl.version from 10.0.10 to 10.0.14
• #7470 - Bump error_prone_annotations from 2.10.0 to 2.11.0
• #7462 - Bump grpc-core from 1.43.2 to 1.44.0
• #7447 - Bump guice from 5.0.1 to 5.1.0
• #7438 - Bump versions-maven-plugin from 2.8.1 to 2.9.0
• #7435 - Investigate Infinispan transitive dependencies
• #7433 - Bump tycho-p2-repository-plugin from 2.5.0 to 2.6.0
• #7428 - Bump mariadb-java-client from 2.7.4 to 2.7.5
• #7426 - Bump testcontainers-bom from 1.16.2 to 1.16.3
• #7416 - Bump maven-plugin-plugin from 3.6.2 to 3.6.4
• #7410 - Bump maven.plugin-tools.version from 3.6.2 to 3.6.4
• #7402 - Bump jnr-unixsocket from 0.38.15 to 0.38.17
• #7401 - Bump grpc-core from 1.43.1 to 1.43.2
• #7399 - Bump maven-bundle-plugin from 5.1.3 to 5.1.4
• #7397 - Bump hawtio-default from 2.14.3 to 2.14.4
• #7385 - Bump build-helper-maven-plugin from 3.2.0 to 3.3.0
• #7384 - Bump asciidoctorj from 2.5.2 to 2.5.3
• #7383 - Bump maven-jar-plugin from 3.2.0 to 3.2.2
• #7381 - Bump jboss-logging from 3.4.2.Final to 3.4.3.Final
• #7379 - Bump google-cloud-datastore from 2.2.1 to 2.2.2
• #7367 - Bump jnr-posix from 3.1.14 to 3.1.15
• #7365 - Bump jnr-ffi from 2.2.10 to 2.2.11
• #7362 - Bump jnr-enxio from 0.32.12 to 0.32.13
• #7358 - Bump spotbugs-maven-plugin from 4.5.2.0 to 4.5.3.0
• #7347 - Bump maven-scm-provider-jgit from 1.10.0 to 1.12.2
• #7345 - Bump maven-deploy-plugin from 3.0.0-M1 to 3.0.0-M2
• #7343 - Bump log4j-api from 2.17.0 to 2.17.1
• #7340 - Bump checkstyle from 9.2 to 9.2.1
• #7339 - Bump maven-site-plugin from 3.9.1 to 3.10.0
• #7337 - Bump jmh.version from 1.33 to 1.34
• #7334 - Bump logback-core from 1.3.0-alpha11 to 1.3.0-alpha12
• #7333 - Bump plexus-component-annotations from 2.1.0 to 2.1.1
• #7330 - Bump maven.resolver.version from 1.7.2 to 1.7.3
• #7325 - Bump spotbugs-maven-plugin from 4.5.0.0 to 4.5.2.0
• #7323 - Bump grpc-core from 1.43.0 to 1.43.1
• #7322 - Bump hazelcast.version from 4.2.3 to 4.2.4
• #7310 - Bump log4j-api from 2.16.0 to 2.17.0
• #7309 - Bump hawtio-default from 2.14.2 to 2.14.3
• #7306 - Bump openwebbeans.version from 2.0.24 to 2.0.25
• #7303 - Bump log4j-api from 2.16.0 to 2.17.0
• #7300 - Bump logback-core from 1.3.0-alpha10 to 1.3.0-alpha11
• #7289 - Bump hazelcast.version from 4.2.2 to 4.2.3
• #7288 - Bump grpc-core from 1.42.1 to 1.43.0
• #7275 - Bump maven-bundle-plugin from 5.1.2 to 5.1.3
• #7274 - Bump log4j-api from 2.15.0 to 2.16.0
• #7265 - Bump hawtio-default from 2.14.1 to 2.14.2
• #7256 - Bump log4j-api from 2.14.1 to 2.15.0
• #7254 - Upgrade jackson-databind to 2.13.0
• #7245 - Bump openwebbeans.version from 2.0.23 to 2.0.24
• #7239 - Bump org.eclipse.osgi from 3.17.0 to 3.17.100
• #7236 - Bump jnr-posix from 3.1.13 to 3.1.14
• #7234 - Bump jnr-unixsocket from 0.38.14 to 0.38.15
• #7233 - Bump httpcore from 4.4.14 to 4.4.15
• #7224 - Bump org.apache.felix.framework from 7.0.1 to 7.0.3
• #7214 - Bump google-cloud-datastore from 2.2.0 to 2.2.1
• #7204 - Bump jnr-enxio from 0.32.11 to 0.32.12
• #7196 - Bump jnr-posix from 3.1.12 to 3.1.13
• #7194 - Bump jnr-unixsocket from 0.38.13 to 0.38.14
• #7191 - Bump jnr-ffi from 2.2.9 to 2.2.10
• #7179 - Bump checkstyle from 9.1 to 9.2
• #7176 - Bump maven-plugin-plugin from 3.6.1 to 3.6.2
• #7174 - Bump junit.version from 5.8.1 to 5.8.2
• #7172 - Bump maven.plugin-tools.version from 3.6.1 to 3.6.2
• #7154 - Bump jnr-unixsocket from 0.38.12 to 0.38.13
• #7152 - Bump jnr-enxio from 0.32.10 to 0.32.11
• #7151 - Bump jnr-posix from 3.1.11 to 3.1.12
• #7144 - Bump maven.version from 3.8.3 to 3.8.4
• #7135 - Bump spotbugs-maven-plugin from 4.4.2.2 to 4.5.0.0
• #7128 - Bump google-cloud-datastore from 2.1.3 to 2.2.0
• #7116 - Bump grpc-core from 1.42.0 to 1.42.1
• #7089 - Bump jna from 5.9.0 to 5.10.0
• #7084 - Bump error_prone_annotations from 2.9.0 to 2.10.0
• #7082 - Bump grpc-core from 1.41.0 to 1.42.0
• #7068 - Bump gson from 2.8.8 to 2.8.9
• #7067 - Bump checkstyle from 9.0.1 to 9.1
• #7045 - Bump h2spec-maven-plugin from 1.0.8 to 1.0.9
• #7040 - Bump hawtio-default from 2.14.0 to 2.14.1
• #7037 - Bump testcontainers-bom from 1.16.1 to 1.16.2
• #7035 - Bump awaitility from 4.1.0 to 4.1.1
• #7029 - Bump spotbugs-maven-plugin from 4.4.2.1 to 4.4.2.2
• #7028 - Bump h2spec-maven-plugin from 1.0.7 to 1.0.8
• #7024 - Bump google-cloud-datastore from 2.1.2 to 2.1.3
• #7019 - Bump testcontainers-bom from 1.16.0 to 1.16.1
• #7014 - Bump ant.version from 1.10.11 to 1.10.12
• #7012 - Remove all old geronimo spec jars from jetty-10
• #7007 - Bump spotbugs-maven-plugin from 4.4.2 to 4.4.2.1
• #7006 - Bump jakarta.inject-api from 1.0.3 to 1.0.4
• #6996 - Bump spotbugs-maven-plugin from 4.4.1 to 4.4.2
• #6995 - Bump osgi.annotation from 8.0.0 to 8.0.1
• #6954 - Bump maven.version from 3.8.2 to 3.8.3