Community
Participate
Working Groups
+++ This bug was initially created as a clone of Bug #453910 +++ +++ This bug was initially created as a clone of Bug #452160 +++ +++ This bug was initially created as a clone of Bug #444409 +++ Based on their "dev list", 9.3 should be released by "end of this year", which should be in time for M5. 9.3 is out, see https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00080.html And, so it doesn't get lost, in bugs this one was updated from, the proposal is we would accept updates in Jetty up to M6 (such as, possibly, a "9.3.1") just for the sake of being current -- but not after M6, unless it was to fix a blocking problem or major security issue.
9.3 is out, see https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00080.html As 9.3 is now the "maintained" version I suggest we update to it for Neon. It requires Java 8 but Java 7 is anyhow out of official maintenance.
What are the concrete benefits to move to 9.3? Are there security fixes or new APIs that you need to use in the Help system? At any rate, since this would render the Help system unavailable for JRE 7, this needs to be approved by the PMC (or dropping Java 7 needs to be agreed upon).
Correct. AFAIK 9.3 is the officially supported version by the Jetty team and any futuresecurity issue will only be fixed in their maintained version.
(In reply to Lars Vogel from comment #3) > Correct. Correct what? Can you list the security fixes. > AFAIK 9.3 is the officially supported version by the Jetty team and > any futuresecurity issue will only be fixed in their maintained version. That won't affect us until we consume them.
(In reply to Dani Megert from comment #4) > Correct what? Can you list the security fixes. See below for the list of fixes in 9.3. As I'm not closely related to the Jetty project I cannot provide more details. In addition new issues discovered in Jetty 9.3 and older will only be fixed the officially maintained version. jetty-9.3.2-SNAPSHOT jetty-9.3.1.v20150714 - 14 July 2015 + 441020 Support HEADERS followed by CONTINUATION+. + 460671 Rationalize property names (fix for jetty.sh) + 462346 Change classesPattern to scanClassesPattern and testClassesPattern to scanTestClassesPattern to clarify purpose + 464294 AsyncNCSARequestLog blocks JVM exit after failure + 464741 HttpFields declares IllegalArgumentException as checked exception + 464745 Remove @org.apache.xbean.XBean references + 469384 Improved javadoc for ClasspathPattern + 470184 Send the proxy-to-server request more lazily. + 470327 Problem with scope provided dependencies with jspc plugin + 470505 jetty-maven-plugin JettyWebAppContext#setQuickStartWebDescriptor should accept a Maven-friendly type + 470664 Handle multiple RequestLogHandler in chain + 470727 Thread Starvation of selector wakeups. + 470803 If a webapp is not fully started do not fully stop it + 470855 Only log warning for duplicate path mappings to same servlet in same descriptor + 470963 Update jetty-maven-plugin mojo annotations for maven 3 + 471071 jetty-infinispan.xml incorrect syntax for remote named cache + 471076 Apache jspc ignores empty list of files to precompile and scans anyway + 471251 Improved debugging on async timeout + 471272 ArrayIndexOutOfBoundsException in org.eclipse.jetty.quickstart.PreconfigureQuickStartWar + 471388 StringIndexOutOfBoundsException when using <c:url> with parameters + 471464 Parsing issues with HttpURI + 471604 Extend CrossOriginFilter to provide a Timing-Allow-Origin header + 471623 Update to apache jsp 8.0.23 Use 8.0.23.M1 for jetty version of apache jsp 8.0.23 + 471985 NPE in HttpFields.putField + 472310 Improved logging when no supported included ciphers + 472411 PathResource.checkAliasPath typo + 472422 Custom status codes result in a NumberFormatException while using http2. jetty-9.3.0.v20150612 - 12 June 2015 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload data + 420678 Add WebSocketPartialListener to support receiving partial WebSocket TEXT/BINARY messages + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger redeploy + 423974 Optimize flow control. + 424368 Add CONTRIBUTING.md + 430951 Support SNI with ExtendedSslContextFactory + 436345 Refactor AbstractSession to minimize burden on subclasses to implement behaviour + 437303 Serving of static filenames with "unwise" characters causes 404 error + 437395 Start / Properties in template sections should be default applied for enabled modules + 438204 getServerName returns IPv6 addresses wrapped in [] + 439369 Remove unused class CrossContextPsuedoSession + 439374 Use utf-8 as default charset for html + 439375 preferred rfc7231 format is mime;charset=lowercase-9 + 440106 Improve ProtocolHandler APIs. + 440506 Jetty OSGi boot bundle does not support OSGi framework Eclipse Concierge + 442083 Client resets stream, pending server data is failed, connection closed. + 442086 Review HttpOutput blocking writes. + 442477 Allow Symlink aliases by default + 442495 Bad Context ClassLoader in JSR356 WebSocket onOpen + 442950 Embedded Jetty client requests to localhost hangs with high cpu usage (NIO OP_CONNECT Solaris/Sparc). + 443652 Remove dependency on java.lang.management classes + 443661 Rename manifest and service constants for jetty osgi resource fragment code + 443662 Consume buffer in write(ByteBuffer) + 443713 Reduce number of SelectionKey.setInterestOps() calls. + 443893 Make a module for weld + 444124 JSP include with <servlet><jsp-file> can cause infinite recursion + 444214 Socks4Proxy fails when reading less than 8 bytes. + 444222 replace CRLF in header values with whitespace rather than ? + 444416 AsyncProxyServlet recursion. + 444485 Client resets stream, pending server data is failed, write hangs. + 444517 Ensure WebSocketUpgradeFilter is always first in filter chain + 444547 Format exception in ResourceCache.Content.toString() + 444617 Expose local and remote socket address to applications + 444721 PushCacheFilter cleanup/improvements. + 444748 WebSocketClient.stop() does not unregister from ShutdownThread + 444764 HttpClient notifies callbacks for last chunk of content twice. + 444771 JSR356 / EndPointConfig.userProperties are not unique per endpoint upgrade + 445167 Allow configuration of dispatch after select. + 445823 Moved RequestLog calling to HttpChannel + 446559 Avoid spin consuming extra data + 446564 Refactored RequestLog Mechanism + 446944 ServletTester and HttpTester should be in <classifier>tests</classifier> + 447216 putAll Properties in XmlConfiguration + 447515 Remove GzipFilter + 448156 Fixed INACTIVE race in IteratingCallback + 448675 Impossible to set own Threadpool when using jetty-maven-plugin + 449003 WARNING: Cannot enable requested module [protonego-impl]: not a valid module name + 449811 handle unquoted etags when gzipping + 450467 Integer overflow in Session expiry calculation in MongoSessionManager + 451973 Ambiguous module init location when mixing --add-to-start & --add-to-startd in the same exec + 451974 Combine multiple start license acknowledgement into one + 452188 Delay dispatch until content optimisation + 452322 Restore progress messages for --add-to-start(d) use + 452323 Start --list-config makes no hint on transitive enabled modules + 452329 Transitive modules in start.jar --add-to-start(d) are not added if enabled already in tree + 452465 100% CPU spin on page reload. + 452503 Start.jar --add-to-start=jstl results in GraphException: Unable to expand property in name: jsp-impl/${jsp-impl}-jstl + 453487 Recycle HttpChannelOverHTTP2 + 453627 Fixed FileSystem test for nanosecond filesystems + 453636 Improved spin detection on test + 453829 Added HeaderRegexRule + 453834 CDI Support for WebSocket + 454152 Remove mux remnants from WebSocketClient + 454934 WebSocketClient / connectToServer can block indefinitely during upgrade failure + 454952 Allow Jetty to run in Java 8 compact 3 profile + 456209 Bad ContextClassLoader in WebSocket onMessage + 456956 Reduce ThreadLocal.remove() weak reference garbage + 457130 HTTPS request with IP host and HTTP proxy throws IllegalArgumentException. + 457309 Add test to ensure GET and HEAD response headers same for gzip + 457508 Add flag to scan exploded jars in jetty-jspc-maven-plugin + 457788 Powered By in o.e.j.util.Jetty conditional on sendServerVersion + 458478 JarFileResource improve performance of exist method + 458527 Implement an async proxy servlet that can perform content transformations. + 458663 Handle null header values + 459081 http2 push failures. + 459542 AsyncMiddleManServlet race condition on first download content. + 459655 Remove SPDY and NPN + 459681 Remove dead code after removal of glassfish jasper support + 459731 Update for drafts hpack-11 and http2-17 + 459734 Update to apache jsp 8.0.20 + 459845 Support upgrade from http1 to http2. + 460187 infinite recursion in sending error. + 460210 ExecutionStragegy producer for SelectManager calls onOpen from produce method + 460211 Fixed Idle race in ExecuteProduceRun + 460297 Parameterize infinispan.mod + 460670 Support multiple names in <Property> elements. + 460671 Rationalize property names. + 460746 HttpConfiguration#setPersistentConnectionsEnabled(boolean) + 461052 Local streams created after INITIAL_WINDOW_SIZE setting have wrong send window. + 461350 Update HttpParser IllegalCharacter handling to RFC7230 + 461415 Maven Jetty Plugin ignores ZIP overlays + 462040 reverted and deprecated getStringField methods + 462098 Support setting ThreadGroup in ScheduledExecutorScheduler + 462162 StackOverflowException when response commit fails. + 462193 Asynchronous HttpOutput.close() + 463036 system properties to set ssl password and keypasword + 463144 modules do not see pre-downloaded ALPN libs + 464419 Removed xinetd support + 464438 ClassFileTransformer support in org.eclipse.jetty.webapp.WebAppClassLoader broken + 464442 Enable parallel class loading + 464528 NPE protection in getIncludedCipher suites + 464537 Updated setuid dependency to 1.0.3. + 464555 ALPN module download attempts to download jar before dir exists + 464556 Restrict start module downloads to ${jetty.base} paths only + 464564 NoSql sessions created inside a forward not persisted correctly + 464606 Support property expansion in "default" attribute of Property. + 464629 JDK8 Socket customization + 464630 Cannot configure Configuration classlist in osgi + 464633 Change Selection.how to Selection.criteria + 464706 HTTP/2 and async I/O: onDataAvailable() not called. + 464708 Support HttpConfiguration.delayDispatchUntilContent in HTTP/2. + 464724 MultiPartInputStreamParser.parse ServletException never thrown + 464727 Update Javadoc for Java 8 DocLint + 464744 PathMap.match() never throws IllegalArgumentException + 464837 Large META-INF/resources/ jars can significantly impact startup speed + 464839 Add limit to MongoSessionIdManager purge queries + 464869 org.eclipse.jetty.util.resource.PathResource do not work + 465118 Fixed GzipHandler handling of multiple closes + 465606 IteratingCallback.close() does not fail pending callback. + 465754 Unchecked PrintWriter errors + 465854 Provide java.nio.file.WatchService alternative for Scanner + 465857 Support HTTP/2 clear-text server-side upgrade. + 465867 Implement --skip-file-validation=<module> + 466005 Use Files.move(src,trgt) instead of File.rename for Part.write(filename) + 466283 Support specifying ALPN protocols in HTTP2Client. + 466618 Partial WebSocket Text delivery does not like incomplete UTF8 sequences + 466619 Add WebSocketFrameListener for receiving WebSocket Frame information + 466628 Improve IllegalStateException on ServletInputStream.setReadListener() + 466645 Allow XmlConfiguration Properties to use Elements or Attributes + 466647 Add ${jetty.tag.version} property and expand URL properties + 466648 jetty-ssl download of keystore should be from tags, not master + 466669 Add nosql.mod into jetty distro + 466678 Make a .mod file for jdbc session management + 466774 Update jetty-all module for Jetty 9.3 + 467036 WebSocketClient fails to process immediate frames from server + 467043 WebSocketClient close codes on protocol violation reported as policy violation + 467055 Mongodb session scavenging can result in very slow query + 467165 Add --skip-file-validation to start.jar --help output + 467281 Remove Java 1.7 support from Jetty 9.3 + 467289 Not possible to specify jmxrmi port value + 467702 SslContextFactory not backward compatible + 467730 HTTP2 requires enabled ciphers to be sorted by blacklist + 467790 Update default etc files inside jetty-osgi-boot bundle + 468313 PushCacheFilter wrongly associates primary resources to themselves. + 468347 Fix modules/debuglog.mod. + 469241 Use null WatchService as loop terminator for PathWatcher. + 469341 Not possible to use old/deprecated start properties + 469414 Proxied redirects expose upstream server name. + 469633 Make SpinLock behavior pluggable. + 469799 Transitive module dependencies without ini templates are still added to ini + 469860 Add module metadata versioning to support backwards compat + 469863 fixed setNeedClientAuth/setWantClientAuth + 469936 Remove usages of SpinLock. + 469982 Produce warning for dynamic modules with ini-templates seen during --add-to-start + 469991 Fix logging levels in websocket client UpgradeConnection jetty-9.2.12.v20150709 - 09 July 2015 + 469414 Proxied redirects expose upstream server name. + 469936 Remove usages of SpinLock. + 470184 Send the proxy-to-server request more lazily. jetty-9.2.11.v20150529 - 29 May 2015 + 461499 ConnectionPool may leak connections. + 463579 Add support for 308 status code. + 464292 Implement stream-based transformer for AsyncMiddleManServlet. + 464438 ClassFileTransformer support in org.eclipse.jetty.webapp.WebAppClassLoader broken + 464740 DosFilter whiteList check improvement + 464869 PathResource.addPath allows absolute resolution. + 464989 AbstractSessionManager.removeEventListener() should remove HttpSessionIdListener + 465053 Prevent gzip buffer overflow on complete + 465181 HttpParser parse full end chunk. + 465202 Forked Mojo does not extract war overlays/dependencies + 465359 Resource.newResource(String res, boolean useCache) does not use useCache argument + 465360 URLResource.addPath should use _useCaches setting to create new Resource + 465700 NullPointerException in ResourceHandler with welcome files + 465734 DosFilter whitelist bit pattern fix + 465747 Jetty is failing to process all HTTP OPTIONS requests. + 466329 Fixed local only TestFilter + 467276 NPE protection in SslContextFactory + 467603 Response 401 from server hangs client. + 467936 w Check HttpOutput aggregateSize is < bufferSize + 468008 Scanner ignores directory length + 468421 HttpClient#send fails with IllegalArgumentException on non-lowercase schemes. + 468714 SelectorManager updateKey race without submit + 468747 XSS vulnerability in HttpSpiContextHandler jetty-9.3.0.RC1 - 22 May 2015 + 464839 Add limit to MongoSessionIdManager purge queries + 465053 Prevent gzip buffer overflow on complete + 466774 Update jetty-all module for Jetty 9.3 + 467055 Mongodb session scavenging can result in very slow query + 467165 Add --skip-file-validation to start.jar --help output + 467276 NPE protection in SslContextFactory + 467281 Remove Java 1.7 support from Jetty 9.3 + 467289 Not possible to specify jmxrmi port value + 467603 Response 401 from server hangs client. + 467702 SslContextFactory not backward compatible + 467730 HTTP2 requires enabled ciphers to be sorted by blacklist + 467790 Update default etc files inside jetty-osgi-boot bundle + 467936 w Check HttpOutput aggregateSize is < bufferSize jetty-9.3.0.RC0 - 12 May 2015 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload data + 420678 Add WebSocketPartialListener to support receiving partial WebSocket TEXT/BINARY messages + 423974 Optimize flow control. + 430951 Support SNI with ExtendedSslContextFactory + 436345 Refactor AbstractSession to minimize burden on subclasses to implement behaviour + 440106 Improve ProtocolHandler APIs. + 444721 PushCacheFilter cleanup/improvements. + 446564 Refactored RequestLog Mechanism + 451973 Ambiguous module init location when mixing --add-to-start & --add-to-startd in the same exec + 453834 CDI Support for WebSocket + 454934 WebSocketClient / connectToServer can block indefinitely during upgrade failure + 457309 Add test to ensure GET and HEAD response headers same for gzip + 457508 Add flag to scan exploded jars in jetty-jspc-maven-plugin + 457788 Powered By in o.e.j.util.Jetty conditional on sendServerVersion + 458478 JarFileResource improve performance of exist method + 459273 Redundant license notices + 459734 Update to apache jsp 8.0.20 + 459845 Support upgrade from http1 to http2. + 460187 infinite recursion in sending error. + 460297 Parameterize infinispan.mod + 460671 Rationalize property names. + 460746 HttpConfiguration#setPersistentConnectionsEnabled(boolean) + 461415 Maven Jetty Plugin ignores ZIP overlays + 461499 ConnectionPool may leak connections. + 461919 Use osgi-friendly serviceloader mechanism for WebSocketServletFactory + 461941 JMX Remote host:port set from start properties + 462040 reverted and deprecated getStringField methods + 462098 Support setting ThreadGroup in ScheduledExecutorScheduler + 462162 StackOverflowException when response commit fails. + 462193 Asynchronous HttpOutput.close() + 462546 ShutdownMonitor should bind to jetty.host + 462616 Race between finishing a connect and timing it out. + 463036 system properties to set ssl password and keypasword + 463144 modules do not see pre-downloaded ALPN libs + 463579 Add support for 308 status code. + 464292 Implement stream-based transformer for AsyncMiddleManServlet. + 464419 Removed xinetd support + 464438 ClassFileTransformer support in org.eclipse.jetty.webapp.WebAppClassLoader broken + 464442 Enable parallel class loading + 464528 NPE protection in getIncludedCipher suites + 464537 Updated setuid dependency to 1.0.3. + 464555 ALPN module download attempts to download jar before dir exists + 464556 Restrict start module downloads to ${jetty.base} paths only + 464564 NoSql sessions created inside a forward not persisted correctly + 464606 Support property expansion in "default" attribute of Property. + 464629 JDK8 Socket customization + 464630 Cannot configure Configuration classlist in osgi + 464633 Change Selection.how to Selection.criteria + 464706 HTTP/2 and async I/O: onDataAvailable() not called. + 464708 Support HttpConfiguration.delayDispatchUntilContent in HTTP/2. + 464724 MultiPartInputStreamParser.parse ServletException never thrown + 464727 Update Javadoc for Java 8 DocLint + 464740 DosFilter whiteList check improvement + 464744 PathMap.match() never throws IllegalArgumentException + 464837 Large META-INF/resources/ jars can significantly impact startup speed + 464869 org.eclipse.jetty.util.resource.PathResource do not work + 464989 AbstractSessionManager.removeEventListener() should remove HttpSessionIdListener + 465181 HttpParser parse full end chunk. + 465202 Forked Mojo does not extract war overlays/dependencies + 465359 Resource.newResource(String res, boolean useCache) does not use useCache argument + 465360 URLResource.addPath should use _useCaches setting to create new Resource + 465606 IteratingCallback.close() does not fail pending callback. + 465700 NullPointerException in ResourceHandler with welcome files + 465734 DosFilter whitelist bit pattern fix + 465747 Jetty is failing to process all HTTP OPTIONS requests. + 465754 Unchecked PrintWriter errors + 465854 Provide java.nio.file.WatchService alternative for Scanner + 465857 Support HTTP/2 clear-text server-side upgrade. + 465867 Implement --skip-file-validation=<module> + 466005 Use Files.move(src,trgt) instead of File.rename for Part.write(filename) + 466283 Support specifying ALPN protocols in HTTP2Client. + 466329 Fixed local only TestFilter + 466618 Partial WebSocket Text delivery does not like incomplete UTF8 sequences + 466619 Add WebSocketFrameListener for receiving WebSocket Frame information + 466628 Improve IllegalStateException on ServletInputStream.setReadListener() + 466645 Allow XmlConfiguration Properties to use Elements or Attributes + 466647 Add ${jetty.tag.version} property and expand URL properties + 466648 jetty-ssl download of keystore should be from tags, not master + 466669 Add nosql.mod into jetty distro + 466678 Make a .mod file for jdbc session management + 466774 Update jetty-all module for Jetty 9.3 + 467036 WebSocketClient fails to process immediate frames from server + 467043 WebSocketClient close codes on protocol violation reported as policy violation jetty-9.2.11.M0 - 25 March 2015 + 454934 WebSocketClient / connectToServer can block indefinitely during upgrade failure + 459273 Redundant license notices + 461499 ConnectionPool may leak connections. + 461919 Use osgi-friendly serviceloader mechanism for WebSocketServletFactory + 461941 JMX Remote host:port set from start properties + 462546 ShutdownMonitor should bind to jetty.host + 462616 Race between finishing a connect and timing it out. jetty-9.3.0.M2 - 11 March 2015 + 383207 Use BundleFileLocatorHelperFactory to obtain BundleFileLocatorHelper + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger redeploy + 423974 Optimize flow control. + 424368 Add CONTRIBUTING.md + 430951 Improved ordering of SSL ciphers + 439374 Use utf-8 as default charset for html + 440506 Jetty OSGi boot bundle does not support OSGi framework Eclipse Concierge + 443652 Remove dependency on java.lang.management classes + 445518 Provide different error callbacks to ProxyServlet. + 446564 Refactored RequestLog Mechanism + 447472 Clear async context timeout on async static content + 448446 org.eclipse.jetty.start.Main create classloader duplicate + 448944 Provide m2e lifecycle mapping metadata for jetty-jspc-maven-plugin + 449594 Handle ArrayTrie overflow with false return + 449811 handle unquoted etags when gzipping + 450467 Integer overflow in Session expiry calculation in MongoSessionManager + 450483 Missing parameterization of etc/jetty-deploy.xml. + 450484 Missing parameterization of etc/jetty-http[s].xml. + 450855 GzipFilter MIGHT_COMPRESS exception + 450873 Disable tests that downcaste wrapped GzipFilterResponses + 450894 jetty.sh does not delete JETTY_STATE at start + 451092 Connector will fail if HeaderListener return false. + 451529 Change sentinel class for finding jstl on classpath to org.apache.taglibs.standard.tag.rt.core.WhenTag + 451634 DefaultServlet: useFileMappedBuffer javadoc is misleading + 451973 Ambiguous module init location when mixing --add-to-start & --add-to-startd in the same exec + 451974 Combine multiple start license acknowledgement into one + 452188 Delay dispatch until content optimisation + 452201 Set the container classloader for osgi during webbundle undeploy + 452246 Fixed SSL hang on last chunk + 452261 Ensure <jsp-file> works with new JettyJspServlet + 452322 Restore progress messages for --add-to-start(d) use + 452323 Start --list-config makes no hint on transitive enabled modules + 452329 Transitive modules in start.jar --add-to-start(d) are not added if enabled already in tree + 452424 Do not add Date header if already set + 452465 100% CPU spin on page reload. + 452503 Start.jar --add-to-start=jstl results in GraphException: Unable to expand property in name: jsp-impl/${jsp-impl}-jstl + 452516 Make HttpOutput aggregation size configurable. + 453386 Jetty not working when configuring QueuedThreadPool with minThreads=0. + 453487 Recycle HttpChannelOverHTTP2 + 453627 Fixed FileSystem test for nanosecond filesystems + 453629 Fixed big write test + 453636 Improved spin detection on test + 453793 _maxHeaderBytes>0 is not verified in parseNext() when in State.CLOSED. + 453801 Jetty does not check for already registered services when bootstrapping + 453829 removed code with yahoo copyright + 454152 Remove mux remnants from WebSocketClient + 454157 HttpInput.consumeAll spins if input is in async mode. + 454291 Added busy threads JMX attribute to QueuedThreadPool + 454773 SSLConnection use on Android client results in loop + 454952 Allow Jetty to run in Java 8 compact 3 profile + 454954 Jetty osgi should skip fragment and required bundles that are in the uninstalled state + 454955 OSGi AnnotationParser should skip resources that are not in the classpath and close the class inputstream when done scanning it + 454983 Source bundles should not be singleton + 455047 Update JASPI + 455174 jetty-plus JNDI tests should use unique JNDI paths + 455330 Multiple Jetty-ContextFilePath entries separated by commas doesn't work + 455436 ProxyServlet sends two User-Agent values. + 455476 Persist updated session expiry time for MongoSessionManager + 455655 ensure multipart form-data parsing exception thrown to servlet + 455863 Fixed jetty.sh handling of multiple JETTY_ARGS + 456209 Bad ContextClassLoader in WebSocket onMessage + 456426 Exception on context undeploy from EnvConfiguration + 456486 Jar containing ServiceContainerInitializer impl not found in TCCL in osgi + 456521 ShutdownHandler should shut down more gracefully + 456956 Reduce ThreadLocal.remove() weak reference garbage + 457017 Reflective call to websocket methods that fail have ambiguous exceptions + 457032 Request sent from a failed CompleteListener due to connect timeout is failed immediately. + 457130 HTTPS request with IP host and HTTP proxy throws IllegalArgumentException. + 457696 JMX implementation should not be overridden by WebApp classes + 457893 Close temp jar resource + 458101 added test for maxFormContentSize + 458140 Added DispatcherType support to RewriteHandler + 458174 Example Jar Server + 458175 multipart annotation on lazily loaded servlet does not work + 458209 Length check for HttpMethod MOVE lookahead + 458354 ALPNServerConnection.select negotiation. + 458495 CompletableCallback may not notify failures. + 458527 Implement an async proxy servlet that can perform content transformations. + 458568 JDBCLoginService javadoc incorrectly references HashLoginService + 458663 Handle null header values + 458849 org.eclipse.jetty.util.Uptime.DefaultImpl() not available on GAE + 459006 master branch does not build on norwegian locale + 459081 http2 push failures. + 459125 GzipHandler default mimeType behavior incorrect + 459273 Redundant license notices + 459352 AsyncMiddleManServlet should set "Host:" header correctly in proxy to remote request headers. + 459490 Defining a duplicate error page in webdefault.xml and web.xml results in an error + 459542 AsyncMiddleManServlet race condition on first download content. + 459560 jetty.sh handles start.d and no start.ini + 459655 Remove SPDY and NPN + 459681 Remove dead code after removal of glassfish jasper support + 459731 Update for drafts hpack-11 and http2-17 + 459769 AsyncMiddleManServlet race condition on last download content. + 459845 Support upgrade from http1 to http2/websocket + 459963 Failure writing content of a committed request leaks connections. + 460176 When checking for precompiled jsp, ensure classname is present + 460180 Jaas demo has wrong doco in html + 460210 ExecutionStragegy producer for SelectManager calls onOpen from produce method + 460211 Fixed Idle race in ExecuteProduceRun + 460291 AsyncGzipFilter Mappings + 460371 AsyncMiddleManServlet.GZipContentTransformer fails if last transform has no output + 460372 if web.xml does not contain jspc maven plugin insertionMarker behavior is wrong + 460443 Race condition releasing the response buffer. + 460642 HttpParser error 400 can expose previous buffer contents in HTTP status reason message + 460670 Support multiple names in <Property> elements. + 460769 ClientUpgradeRequest sends cookies in the wrong format + 460905 Make sure TimeoutCompleteListener is cancelled if the request cannot be sent. + 461052 Local streams created after INITIAL_WINDOW_SIZE setting have wrong send window. + 461070 Handle setReadListener on request with no content + 461133 allow stop port to reuse address + 461350 Update HttpParser IllegalCharacter handling to RFC7230 + 461452 Double release of buffer by HttpReceiverOverHTTP + 461499 ConnectionPool may leak connections. + 461623 BufferUtil.writeTo does not update position consistently + 461643 HttpContent.advance() race. jetty-9.2.10.v20150310 - 10 March 2015 + 445518 Provide different error callbacks to ProxyServlet. + 456521 ShutdownHandler should shut down more gracefully + 458140 Added DispatcherType support to RewriteHandler + 460769 ClientUpgradeRequest sends cookies in the wrong format + 460905 Make sure TimeoutCompleteListener is cancelled if the request cannot be sent. + 461070 Handle setReadListener on request with no content + 461133 allow stop port to reuse address + 461452 Double release of buffer by HttpReceiverOverHTTP + 461499 ConnectionPool may leak connections. + 461623 BufferUtil.writeTo does not update position consistently + 461643 HttpContent.advance() race. jetty-9.2.9.v20150224 - 24 February 2015 + 459273 Redundant license notices + 460176 When checking for precompiled jsp, ensure classname is present + 460180 Jaas demo has wrong doco in html + 460291 AsyncGzipFilter Mappings + 460371 AsyncMiddleManServlet.GZipContentTransformer fails if last transform has no output + 460372 if web.xml does not contain jspc maven plugin insertionMarker behavior is wrong + 460443 Race condition releasing the response buffer. + 460642 HttpParser error 400 can expose previous buffer contents in HTTP status reason message jetty-9.2.8.v20150217 - 17 February 2015 + 451092 Connector will fail if HeaderListener return false. + 455436 ProxyServlet sends two User-Agent values. + 457893 Close temp jar resource + 458101 added test for maxFormContentSize + 458174 Example Jar Server + 458175 multipart annotation on lazily loaded servlet does not work + 458209 Length check for HttpMethod MOVE lookahead + 458354 ALPNServerConnection.select negotiation. + 458495 CompletableCallback may not notify failures. + 458527 Implement an async proxy servlet that can perform content transformations. + 458568 JDBCLoginService javadoc incorrectly references HashLoginService + 458849 org.eclipse.jetty.util.Uptime.DefaultImpl() not available on GAE + 459006 master branch does not build on norwegian locale + 459125 GzipHandler default mimeType behavior incorrect + 459352 AsyncMiddleManServlet should set "Host:" header correctly in proxy to remote request headers. + 459490 Defining a duplicate error page in webdefault.xml and web.xml results in an error + 459542 AsyncMiddleManServlet race condition on first download content. + 459560 jetty.sh handles start.d and no start.ini + 459769 AsyncMiddleManServlet race condition on last download content. + 459845 Support upgrade + 459963 Failure writing content of a committed request leaks connections. jetty-9.2.7.v20150116 - 16 January 2015 + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger redeploy + 448944 Provide m2e lifecycle mapping metadata for jetty-jspc-maven-plugin + 452201 Set the container classloader for osgi during webbundle undeploy + 454291 Added busy threads JMX attribute to QueuedThreadPool + 454773 SSLConnection use on Android client results in loop + 454954 Jetty osgi should skip fragment and required bundles that are in the uninstalled state + 454955 OSGi AnnotationParser should skip resources that are not in the classpath and close the class inputstream when done scanning it + 454983 Source bundles should not be singleton + 455047 Update JASPI + 455174 jetty-plus JNDI tests should use unique JNDI paths + 455330 Multiple Jetty-ContextFilePath entries separated by commas doesn't work + 455476 Persist updated session expiry time for MongoSessionManager + 455655 ensure multipart form-data parsing exception thrown to servlet + 455863 Fixed jetty.sh handling of multiple JETTY_ARGS + 456426 Exception on context undeploy from EnvConfiguration + 456486 Jar containing ServiceContainerInitializer impl not found in TCCL in osgi + 456956 Reduce ThreadLocal.remove() weak reference garbage + 457017 Reflective call to websocket methods that fail have ambiguous exceptions + 457032 Request sent from a failed CompleteListener due to connect timeout is failed immediately. + 457130 HTTPS request with IP host and HTTP proxy throws IllegalArgumentException. + 457696 JMX implementation should not be overridden by WebApp classes jetty-9.2.6.v20141205 - 05 December 2014 + 383207 Use BundleFileLocatorHelperFactory to obtain BundleFileLocatorHelper + 443652 Remove dependency on java.lang.management classes + 447472 Clear async context timeout on async static content + 451529 Change sentinel class for finding jstl on classpath to org.apache.taglibs.standard.tag.rt.core.WhenTag + 451634 DefaultServlet: useFileMappedBuffer javadoc is misleading + 452188 Delay dispatch until content optimisation. + 452201 EnvConfiguration.destroy() should set the classloader + 452246 Fixed SSL hang on last chunk + 452261 Multiple servlets map to path *.jsp when using jsp-property-group + 452424 Do not add Date header if already set + 452516 Make HttpOutput aggregation size configurable. + 453386 Jetty not working when configuring QueuedThreadPool with minThreads=0. + 453629 Fixed big write test + 453793 _maxHeaderBytes>0 is not verified in parseNext() when in State.CLOSED. + 453801 Jetty does not check for already registered services when bootstrapping + 454157 HttpInput.consumeAll spins if input is in async mode. jetty-9.2.5.v20141112 - 12 November 2014 + 448446 org.eclipse.jetty.start.Main create classloader duplicate + 449594 Handle ArrayTrie overflow with false return + 449811 handle unquoted etags when gzipping + 450467 Integer overflow in Session expiry calculation in MongoSessionManager + 450483 Missing parameterization of etc/jetty-deploy.xml. + 450484 Missing parameterization of etc/jetty-http[s].xml. + 450855 GzipFilter MIGHT_COMPRESS exception + 450873 Disable tests that downcaste wrapped GzipFilterResponses + 450894 jetty.sh does not delete JETTY_STATE at start jetty-9.3.0.M1 - 03 November 2014 + 376365 "jetty.sh start" returns 0 on failure + 396569 'bin/jetty.sh stop' reports 'OK' even when jetty was not running + 396572 Starting jetty from cygwin is not working properly + 437303 Serving of static filenames with "unwise" characters causes 404 error + 440729 SSL requests often fail with EOFException or IllegalStateException. + 440925 NPE when using relative paths for --start-log-file + 442419 CrossOriginFilter javadoc says "exposeHeaders", but should be "exposedHeaders" + 442942 Content sent with status 204 (No Content) + 443529 CrossOriginFilter does not accept wildcard for allowedHeaders + 443530 CrossOriginFilter does not set the Vary header + 443550 improved FileResource encoded alias checking + 444031 Ensure exceptions do not reduce threadpool below minimum + 444595 nosql/mongodb - Cleanup process/Refreshing does not respect encoding of attribute keys + 444676 Goal jetty:deploy-war produces errors with version 9.2.3 + 444722 Fixed order of setReuseAddress call + 444896 Overriding of web-default servlet mapping in web.xml not working with quickstart + 445157 First redeployed servlet leaks WebAppContext + 445167 Allow configuration of dispatch after select. + 445239 Rename weld.mod to cdi.mod to be consistent with past module namings + 445258 STOP.WAIT is not really respected + 445374 Reevaluate org.eclipse.jetty.websocket.jsr356 enablement concepts + 445495 Improve Exception message when no jndi resource to bind for a name in web.xml + 445542 Add SecuredRedirectHandler for embedded jetty use to redirect to secure port/scheme + 445821 Error 400 should be logged with RequestLog + 445823 Moved RequestLog calling to HttpChannel + 445830 Support setting environment variables on forked jetty with jetty:run-forked + 445979 jetty.sh fails to start when start-stop-daemon does not exist and the user is not root + 446033 org.eclipse.jetty.websocket.server.WebSocketServerFactory not available in OSGi + 446063 ALPN Fail SSL Handshake if no supported Application Protocols. + 446107 NullPointerException in ProxyServlet when extended by Servlet without a package + 446425 Oracle Sql error on JettySessions table when this table do not exist already + 446506 getAsyncContext ISE before startAsync on async dispatches + 446559 Avoid spin consuming extra data + 446563 Null HttpChannel.getCurrentHttpChannel() in ServletHandler.doFilter(). + 446564 Refactored RequestLog Mechanism + 446672 NPN Specification issue in the case no protocols are selected. + 446923 SharedBlockingCallback does not handle connector max idle time of Long.MAX_VALUE; BlockerTimeoutException not serializable + 446944 ServletTester and HttpTester should be in <classifier>tests</classifier> + 447216 putAll Properties in XmlConfiguration + 447381 Disable SSLv3 by default. + 447472 test harness for slow large writes + 447515 Remove GzipFilter + 447627 MultiPart file always created when "filename" set in Content-Disposition + 447629 getPart()/getParts() fails on Multipart request if getParameter is called in a filter first + 447746 HttpClient is always going to send User-Agent header even though I do not want it to. + 447979 Refactor to make MetaData responsible for progressively ordering web-inf jars + 448156 Fixed INACTIVE race in IteratingCallback + 448225 Removed unnecessary synchronize on initParser + 448675 Impossible to set own Threadpool when using jetty-maven-plugin + 448841 Clarified selectors==0 javadoc 448840 Clarified ServerConnector javadoc 448839 Fixed javadoc typo in ServerConnector + 449001 Remove start.d directory from JETTY_HOME + 449003 WARNING: Cannot enable requested module [protonego-impl]: not a valid module name + 449038 WebSocketUpgradeFilter must support async. + 449175 Removed extra space in NCSA log + 449372 Make jvmArgs of jetty:run-forked configurable from command line
For reference: See Bug 452160 for a similar discussion for Jetty 9.2.4 and 9.2.5.
(In reply to Dani Megert from comment #2) > At any rate, since this would render the Help system unavailable for JRE 7, > this needs to be approved by the PMC (or dropping Java 7 needs to be agreed > upon). The PMC has decided to drop Java 7 for Neon.
(In reply to Dani Megert from comment #7) > The PMC has decided to drop Java 7 for Neon. Just to be clear: not drop Java 7 support but running on a JRE 7 ;-).
Initial move to 9.3.x in Neon stream: https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=3f31cbef07af09bbe48943068319d4ad14921250 I say "initial" since I suspect we'll have to update a few more times before our release, to stay current, with what ever service releases the Jetty team has. I did, BTW, do a local test build, and not only did the build succeed, but the Help function still worked! I did not exactly stress test it ... but, was relieved. To cross reference, see bug 474322 for similar change in Mars stream, but there we will stay on 2.9.x stream.
I did not touch the equinox features that included jetty. But it seems the test build worked. But I did decided to update the versions for Neon now: http://git.eclipse.org/c/equinox/rt.equinox.bundles.git/commit/?id=bc408295887b8a0f0f861866877f3499310c663a
As predicted, there is now a new "maintenance" version of Jetty 9.3.x Announcement: https://dev.eclipse.org/mhonarc/lists/jetty-dev/msg02543.html I think we should upgrade for M3. I doubt if there is anything in there we literally need for the SDK, but I know some, such as webtools, also make use of it as one of their "built-in" servers. So, best to stay current. p2 repo is at .../download.eclipse.org/jetty/updates/jetty-bundles-9.x/9.3.5.v20151012 We have been using version 9.3.2.v20150730. The Jetty project "skipped" 9.3.4, but even with that, appears we missed 9.3.3.
Here's commit for target file: http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=032e8cb6f2c4e86ecb7ff77910fb4be93dac5353 We also specify the version in the parent pom. BUT, I see it was way out of date, so I am thinking we do not actually need/use it anywhere? (I could not find it searching all *.xml files. Putting in now should give time for some N-builds, to make sure no functional breakage, plus, I will do a test I-build, to see if any features need to be touched.
(In reply to David Williams from comment #12) > Here's commit for target file: > > http://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/ > commit/?id=032e8cb6f2c4e86ecb7ff77910fb4be93dac5353 > > We also specify the version in the parent pom. BUT, I see it was way out of > date, so I am thinking we do not actually need/use it anywhere? (I could not > find it searching all *.xml files. > > Putting in now should give time for some N-builds, to make sure no > functional breakage, plus, I will do a test I-build, to see if any features > need to be touched. I'm going to revert this change, for now. I can not get even a local N-build to get very far. I do not think it is related to this change ... but, want to be sure. Then, assuming not, will look for real cause before putting this back in. The error I am seeing says: [ERROR] Cannot resolve project dependencies: [ERROR] Software being installed: org.eclipse.platform.feature.group 4.6.0.qualifier [ERROR] Missing requirement: org.eclipse.rcp.feature.group 4.6.0.qualifier requires 'org.eclipse.e4.rcp.feature.group 0.0.0' but it could not be found [ERROR] Cannot satisfy dependency: org.eclipse.platform.feature.group 4.6.0.qualifier depends on: org.eclipse.rcp.feature.group 0.0.0 [ERROR]
(In reply to David Williams from comment #13) > > I'm going to revert this change, for now. > > I can not get even a local N-build to get very far. I do not think it is > related to this change ... but, want to be sure. Then, assuming not, will > look for real cause before putting this back in. Indeed, not related. Build failure appears related to or one or two or three things in bug 476726. I'll wait till that is fixed.
(In reply to David Williams from comment #14) > Indeed, not related. Build failure appears related to or one or two or three > things in bug 476726. I'll wait till that is fixed. Commit in Bug 476726 has been reverted.
New Gerrit change created: https://git.eclipse.org/r/58393
(In reply to Eclipse Genie from comment #16) > New Gerrit change created: https://git.eclipse.org/r/58393 I've committed changes to aggregator: https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/commit/?id=21e0062333c2fa5059c56cc53a834575316be059 The above Gerrit change is to "touch" the feature org.eclipse.equinox.server.jetty That's the only feature that needs to be touched, due to third party bundle change, and the rest (e.g. equinox sdk) will follow automatically. I've tested with local N builds (which are fine) but an I-build will fail without the touch to server.jetty feature (assuming there are no other changes before the next I-build that causes the feature to change qualifiers). Tom, please confirm this is possible before Tuesday's 8 PM I-build. If not, I'll need to revert the changes to aggregator target. Thanks.
Gerrit change https://git.eclipse.org/r/58393 was merged to [master]. Commit: http://git.eclipse.org/c/equinox/rt.equinox.bundles.git/commit/?id=199a75b71db51b997a8c396bb404c3c5e5d12e13
(In reply to David Williams from comment #17) > Tom, please confirm this is possible before Tuesday's 8 PM I-build. If not, > I'll need to revert the changes to aggregator target. Thanks. I merged the change. Leaving open for David to close.
I'm going to mark this as "fixed", but, there is at least some chance I may have to do a quick revert. While 'testing' my locally built version, I got a number of exceptions written to the console, when using the 'search' function of help. It's unclear to me it has anything to do with 'search', per se, but, I opened bug 480164 in UA. I have to admit, I do not normally test "search", so in theory, this issue could have been present in previous versions. I'll try to confirm. Or, perhaps is a result of my local build? (Only difference should be in 'signing'). If it is clear to anyone that the fault is in Jetty, I can revert while we report a bug there? But, on the surface, I would not be surprised if due to our JSPs?
