Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 461143

Summary: HttpParser error 400 in provided Jetty implementation
Product: [RT] RAP Reporter: Markus Knauer <mknauer>
Component: RWTAssignee: Project Inbox <rap-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3    
Version: 3.0   
Target Milestone: 3.0 M6   
Hardware: All   
OS: All   
Whiteboard:

Description Markus Knauer CLA 2015-03-01 05:31:24 EST 
To help developers building RAP application we provide the "RAP Basic Equinox Target" feature that includes parts from the Jetty project. Recently a security issue had been found in 9.2.x versions that we were shipping with RAP 3.0 milestone builds (see bug 460642).

The issue has been fixed in 9.2.9.v20150224.

According to their list of affected versions, RAP 2.x is not affected because it was using Jetty 8.x builds:

RAP 2.0
R    8.1.3
SR1  8.1.3

RAP 2.1
R    8.1.10
SR1  8.1.10
SR2  8.1.14

RAP 2.2
R    8.1.10

RAP 2.3
R    8.1.14
SR1  8.1.14
SR2  8.1.16

Early RAP 3.0 milestone builds seem to be affected.

RAP 3.0 (Mars stream)
M1   8.1.14
M3   9.2.3
M4   9.2.5
M5   9.2.5
Comment 1 Markus Knauer CLA 2015-04-24 04:54:10 EDT 
The latest RAP 3.0 milestone (M6) contains Jetty 9.2.9 which includes the fix.