headers
Jesse McConnell | 22 May 2013 18:52
Favicon

[jetty-announce] Released: Jetty 7.6.11.v20130520 / Jetty 8.1.11.v20130520

We are pleased to announce the availability of new Jetty 7.6 and Jetty 8.1 releases.  The issues resolved are listed below.

Distribution Downloads:


The artifacts are also available in Maven Central.

cheers,
jesse

-----
jetty-7.6.11.v20130520 - 20 May 2013 + 402844 STOP.PORT & STOP.KEY behaviour has changed + 403281 jetty.sh waits for started or failure before returning + 403513 jetty:run goal cannot be executed twice during the maven build + 403570 Asynchronous Request Logging + 404010 fix cast exception in mongodb session manager + 404128 Add Vary headers rather than set them + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if listFiles() returns null + 404325 data constraint redirection does send default port + 404517 Close connection if request received after half close + 404789 Support IPv6 addresses in DoSFilter white list. + 404958 Fixed Resource.newSystemResource striped / handling + 405281 allow filemappedbuffers to not be used + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + 406437 Digest Auth supports out of order nc + 406923 CR line termination + 407136 <at> PreDestroy called after Servlet.destroy() + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + 407976 JDBCSessionIdManager potentially leaves server in bad state after startup + 408077 HashSessionManager leaves file handles open after being stopped + 408446 Multipart parsing issue with boundry and charset in ContentType header

jetty-8.1.11.v20130520 - 20 May 2013 + 402844 STOP.PORT & STOP.KEY behaviour has changed + 403281 jetty.sh waits for started or failure before returning + 403513 jetty:run goal cannot be executed twice during the maven build + 403570 Asynchronous Request Logging + 404010 fix cast exception in mongodb session manager + 404128 Add Vary headers rather than set them + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if listFiles() returns null + 404325 data constraint redirection does send default port + 404517 Close connection if request received after half close + 404789 Support IPv6 addresses in DoSFilter white list. + 404958 Fixed Resource.newSystemResource striped / handling + 405281 allow filemappedbuffers to not be used + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest + 406437 Digest Auth supports out of order nc + 406618 Jetty startup in OSGi Equinox fails when using option jetty.home.bundle=org.eclipse.jetty.osgi.boot + 406923 CR line termination + 407136 <at> PreDestroy called after Servlet.destroy() + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager + 407931 Add toggle for failing on servlet availability + 407976 JDBCSessionIdManager potentially leaves server in bad state after startup + 408077 HashSessionManager leaves file handles open after being stopped + 408446 Multipart parsing issue with boundry and charset in ContentType header
jetty <at> codehaus-7.6.11.v20130520 - 20 May 2013
jetty <at> codehaus-8.1.11.v20130520 - 20 May 2013 + 407812 jetty-maven-plugin can not handle whitespaces in equivalent of WEB-INF/classes paths

--
Jesse McConnell <jesse <at> intalio.com>
www.intalio.com/jetty – Developer advice, services and support from the Jetty & CometD experts.
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 17 Apr 2013 22:21
Favicon

[jetty-announce] Jetty 9.0.2.v20130417 released

We are pleased to announce the release of Jetty 9.0.2.  There were a couple of issues that we noted with the last release and wanted to get resolved quickly.  The first was a fix to one of the new queue algorithms we have been working with that we realized was resulting in a bit of a hit to performance.  The second was an issue where sockets would sometimes linger around after the connection was closed when a certain sequence of events occurred with SSL connection close.  This issues didn't affect everyone but it was a bother enough to those it did that we included it in this release.

Distribution Downloads:


The artifacts are also available in Maven Central.

Documentation:


cheers,
jesse

jetty-9.0.2.v20130417 - 17 April 2013 + 364921 FIN WAIT sockets + 402885 reuse Deflaters in GzipFilter + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector and async request log + 404511 fixed poor methods in ArrayTernaryTrie + 405119 Tidy up comments and code formatting for osgi + 405352 Servlet init-param always overridden by WebServlet annotation + 405364 spdy implement MAX_CONCURRENT_STREAMS + 405449 spdy improve handling of duplicate stream Ids + 405540 ServletContextListeners call in reverse in doStop + 405551 InputStreamResponseListener.await returns null when request fails. + 405679 example other server for documentation


--
Jesse McConnell <jesse <at> intalio.com>
www.webtide.com – Developer advice, services and support from the Jetty & CometD experts.
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 14 Mar 2013 17:01
Picon
Gravatar

[jetty-announce] Jetty 7.6.10.v20130312 / Jetty 8.1.10.v20130312 Released!


Hot on the heels of our Jetty 9 release, we have released updates to our two mature versions.  We will continue releasing updates to 7 and 8, roughly every couple of months for the foreseeable future.


Releases are available in Maven Central as well.

cheers,
jesse

The list of changes are:

jetty-7.6.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on https://api-3t.paypal.com/nvp. + 381521 allow compress methods to be configured + 394064 ensure that JarFile instances are closed on JarFileResource.release() + 398649 ServletContextListener.contextDestroyed() is not called on ContextHandler unregistration + 399703 made encoding error handling consistent + 399799 do not hold lock while calling invalidation listeners + 399967 Shutdown hook calls destroy + 400040 NullPointerException in HttpGenerator.prepareBuffers + 400142 ConcurrentModificationException in JDBC SessionManger + 400144 When loading a session fails the JDBCSessionManger produces duplicate session IDs + 400457 Thread context classloader hierarchy not searched when finding webapp's java:comp/env + 400859 limit max size of writes from cached content + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib + 401317 Make Safari 5.x websocket support minVersion level error more clear + 401382 Prevent parseAvailable from parsing next chunk when previous has not been consumed. Handle no content-type in chunked request. + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser + 401531 StringIndexOutOfBoundsException for "/*" <url-pattern> of <jsp-property-group> fix for multiple mappings to *.jsp + 401908 Enhance DosFilter to allow dynamic configuration of attributes. + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty server is stopped + 402485 reseed secure random + 402735 jetty.sh to support status which is == check + 402833 Test harness for global error page and hide exception message from reason string
(no changes for jetty <at> codehaus for jetty 7)

jetty-8.1.10.v20130312 - 12 March 2013 + 376273 Early EOF because of SSL Protocol Error on https://api-3t.paypal.com/nvp. + 381521 allow compress methods to be configured + 392129 fixed handling of timeouts after startAsync + 394064 ensure that JarFile instances are closed on JarFileResource.release() + 398649 ServletContextListener.contextDestroyed() is not called on ContextHandler unregistration + 399703 made encoding error handling consistent + 399799 do not hold lock while calling invalidation listeners + 399967 Shutdown hook calls destroy + 400040 NullPointerException in HttpGenerator.prepareBuffers + 400142 ConcurrentModificationException in JDBC SessionManger + 400144 When loading a session fails the JDBCSessionManger produces duplicate session IDs + 400312 ServletContextListener.contextInitialized() is not called when added in ServletContainerInitializer.onStartup + 400457 Thread context classloader hierarchy not searched when finding webapp's java:comp/env + 400859 limit max size of writes from cached content + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib + 401317 Make Safari 5.x websocket support minVersion level error more clear + 401382 Prevent parseAvailable from parsing next chunk when previous has not been consumed. Handle no content-type in chunked request. + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser + 401485 zip file closed exception + 401531 StringIndexOutOfBoundsException for "/*" <url-pattern> of <jsp-property-group> fix for multiple mappings to *.jsp + 401908 Enhance DosFilter to allow dynamic configuration of attributes. + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty server is stopped + 402485 reseed secure random + 402735 jetty.sh to support status which is == check + 402833 Test harness for global error page and hide exception message from reason string
jetty <at> codehaus-8.1.10.v20130312 - 12 March 2013 + 400312 ServletContextListener.contextInitialized() is not called when added in ServletContainerInitializer.onStartup
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 22 Jan 2013 17:14
Picon
Gravatar

[jetty-announce] Jetty 9.0.0.M5 available


What should be the last milestone release of Jetty 9 is now available for download from http://download.eclipse.org/jetty/ and within maven central.

Look for releases of Jetty 7,8 and the first RC for 9 within the next couple of weeks.

The largest change was a usability refactor of the websocket api between M4 and M5 stemming from feedback from the CometD project.

Otherwise the changes in this release are:

jetty-9.0.0.M5 - 19 January 2013
+ 367638 throw exception for excess form keys + 381521 Only set Vary header when content could be compressed + 391623 Making --stop with STOP.WAIT perform graceful shutdown + 393158 java.lang.IllegalStateException when sending an empty InputStream + 393220 remove dead code from ServletHandler and log ServletExceptions in warn instead of debug + 393733 WebSocketClient interface should support multiple connections + 395885 ResourceCache should honor useFileMappedBuffer if set + 396253 FilterRegistration wrong order + 396459 Log specific message for empty request body for multipart mime requests + 396500 HttpClient Exchange takes forever to complete when less content sent than Content-Length + 396886 MultiPartFilter strips bad escaping on filename="..." + 397110 Accept %uXXXX encodings in URIs + 397111 Tolerate empty or excessive whitespace preceeding MultiParts + 397112 Requests with byte-range throws NPE if requested file has no mimetype (eg no file extension) + 397114 run-forked with waitForChild=false can lock up + 397130 maxFormContentSize set in jetty.xml is ignored + 397190 improve ValidUrlRule to iterate on codepoints + 397321 Wrong condition in default start.config for annotations + 397535 Support pluggable alias checking to support symbolic links + 397769 TimerScheduler does not relinquish cancelled tasks. + 398105 Clean up WebSocketPolicy + 398285 ProxyServlet mixes cookies from different clients. + 398337 UTF-16 percent encoding in UTF-16 form content + 398582 Move lib/jta jar into lib/jndi + JETTY-1533 handle URL with no path
cheers!
jesse

Permalink | Reply | 0 comments |
headers
Jesse McConnell | 21 Nov 2012 19:44
Picon
Gravatar

[jetty-announce] Jetty 9.0.0.M3 available

We have released a new milestone of Jetty 9.

It is available from maven central and the normal download location at eclipse:

http://download.eclipse.org/jetty/

Some highlights of this release:

- jetty-maven-plugin available from eclipse now, new coordinates are
org.eclipse.jetty:jetty-maven-plugin:9.0.0.M3
- improved spdy support for bleeding edge browsers
- documentation is coming along nicely, check it out at
http://www.eclipse.org/jetty/documentation/current  (fork on github
and contribute!)

cheers,
jesse

-----

We have fixed the following issues:

jetty-9.0.0.M3 - 20 November 2012
 + 391623 Add option to --stop to wait for target jetty to stop
 + 392237 Port test-integration to jetty-9
 + 392492 expect headers only examined for requests>=HTTP/1.1
 + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2
 + 393075 1xx, 204, 304 responses ignore headers that suggest content
 + 393832 start connectors last
 + 393947 additional tests
 + 394143 add jetty-all aggregate via release profile
 + 394144 add jetty-jaspi
 + 394215 Scheduled tasks throwing exceptions kill java.util.Timer thread.
 + 394232 add jetty-ant into jetty9
 + 394357 Make JarResource constructors protected
 + 394370 Add unit tests for HttpTransportOverSPDY.send()
 + 394383 add logging of the SSLEngine
 + 394541 Add continuation jar and websocket jars to test-jetty-webapp
 + 394545 Add jetty-jaas dependency to jetty-maven-plugin
 + 394671 Fix setting loglevel on commandline, organize import, fix javadoc
 + JETTY-846 Support maven-war-plugin configuration for jetty-maven-plugin; fix
   NPE

--
jesse mcconnell
jesse.mcconnell <at> gmail.com

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 8 Sep 2012 00:26
Picon
Gravatar

[jetty-announce] Jetty Releases: 7.6.6.v20120903 / 8.1.6.v20120903

We have released the latest stable iterations of our jetty7 and jetty8
distributions.  We are quite happy with how 7.6 and 8.1 have shaped up
and are pleased with these latest releases, we do not foresee having
to release minor version updates so expect to see 7.6 and 8.1 around
for a while.

They are available from usual locations.

Eclipse:
http://download.eclipse.org/jetty/

Codehaus:
http://dist.codehaus.org/jetty/

As a side note, I suspect the next release will be the initial
milestone release of jetty-9!  You can read more about some of what is
going on with this release at the following blog post.

http://webtide.intalio.com/2012/08/jetty-9-its-coming/

cheers,
jesse

jetty-7.6.6.v20120903 - 03 September 2012
 + 347130 Empty getResourcePaths due to ZipFileClosedException
 + 367591 Support Env variables in XmlConfiguration.
 + 377055 Prevent webapp classloader leaks
 + 379207 backported fixes from jetty-9 to make hierarchy work
 + 379423 Jetty URL Decoding fails for certain international characters
 + 383304 Reset PrintWriter on response recycle
 + 384847 better name
 + 385049 fix issue with pipelined connections when switching protocols
 + 385651 Message 'Address already in use' not specific enough
 + 386010 JspRuntimeContext rewraps System.err
 + 386591 add UnixCrypt note to about.html
 + 386714 used deferred auth for form login and error pages
 + 387896 populate session in SessionAuthentication as a valueBound in addition
   to activation so it is populate when needed
 + 387943 Catch CNFE when no jstl jars are installed
 + 387953 jstl does not work with jetty-7 in osgi
 + 388072 GZipFilter incorrectly gzips when Accept-Encoding: gzip; q=0
 + 388073 null session id from cookie causes NPE fixed
 + 388102 Jetty HttpClient memory leaks when sending larger files
 + 388393 WebAppProvider doesn't work alongside OSGi deployer
 + 388502 handle earlyEOF with 500
 + 388652 Do not flush on handle return if request is suspended
 + JETTY-1501 Setting custom error response message changes page title
 + JETTY-1515 Include cookies on 304 responses from DefaultServlet.
 + JETTY-1527 handle requests with URIs like http://host  (ie no / )
 + JETTY-1529 Ensure new session that has just been authenticated does not get
   renewed
 + JETTY-1532 HTTP headers decoded with platform's default encoding
 + JETTY-1541 fixed different behaviour for single byte writes
 + 385925: make SslContextFactory.setProtocols and
   SslContextFactory.setCipherSuites preserve the order of the given parameters

jetty-8.1.6.v20120903 - 03 September 2012
 + 347130 Empty getResourcePaths due to ZipFileClosedException
 + 367591 Support Env variables in XmlConfiguration.
 + 377055 Prevent webapp classloader leaks
 + 379207 backported fixes from jetty-9 to make hierarchy work
 + 379423 Jetty URL Decoding fails for certain international characters
 + 383304 Reset PrintWriter on response recycle
 + 384847 better name
 + 385049 fix issue with pipelined connections when switching protocols
 + 385651 Message 'Address already in use' not specific enough
 + 386010 JspRuntimeContext rewraps System.err
 + 386591 add UnixCrypt note to about.html
 + 386714 used deferred auth for form login and error pages
 + 387896 populate session in SessionAuthentication as a valueBound in addition
   to activation so it is populate when needed
 + 387943 Catch CNFE when no jstl jars are installed
 + 387953 jstl does not work with jetty-7 in osgi
 + 388072 GZipFilter incorrectly gzips when Accept-Encoding: gzip; q=0
 + 388073 null session id from cookie causes NPE fixed
 + 388102 Jetty HttpClient memory leaks when sending larger files
 + 388393 WebAppProvider doesn't work alongside OSGi deployer
 + 388502 handle earlyEOF with 500
 + 388652 Do not flush on handle return if request is suspended
 + JETTY-1501 Setting custom error response message changes page title
 + JETTY-1515 Include cookies on 304 responses from DefaultServlet.
 + JETTY-1527 handle requests with URIs like http://host  (ie no / )
 + JETTY-1529 Ensure new session that has just been authenticated does not get
   renewed
 + JETTY-1532 HTTP headers decoded with platform's default encoding
 + JETTY-1541 fixed different behaviour for single byte writes
 + 385925: make SslContextFactory.setProtocols and
   SslContextFactory.setCipherSuites preserve the order of the given parameters

jetty <at> codehaus-7.6.6.v20120903 - 03 September 2012
 + 385651 Message 'Address already in use' not specific enough
 + 386531 setuid library name should not be hardcoded
 + JETTY-991 Delay exit of parent until forked jetty started
 + JETTY-1482 undoing previous incorrect fix: server id is Server
 + JETTY-1516 allow context xml to override pom config for jetty:run-forked,
   same as other jetty mojos

jetty <at> codehaus-8.1.6.v20120903 - 03 September 2012
 + 385651 Message 'Address already in use' not specific enough
 + 386531 setuid library name should not be hardcoded
 + 387254 jetty-maven-plugin set 'WebInfIncludeJarPattern' option
 + JETTY-991 Delay exit of parent until forked jetty started
 + JETTY-1482 undoing previous incorrect fix: server id is Server
 + JETTY-1516 allow context xml to override pom config for jetty:run-forked,
   same as other jetty mojos

--
jesse mcconnell
jesse.mcconnell <at> gmail.com

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Christopher.Jones | 17 Jul 2012 23:16

[jetty-announce] AUTO: Christopher Jones/TMEM is out of the office. (returning 06/08/2012)


I am out of the office until 06/08/2012.

For Data Hub / Master Data Project please contact Salih Tilkici
(Salih.Tilkici <at> toyota-europe.com)

Note: This is an automated response to your message  "[jetty-announce]
Jetty Releases 7.6.5.v20120716 and 8.1.5.v20120716" sent on 17/07/2012
22:56:50.

This is the only notification you will receive while this person is away.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 17 Jul 2012 22:56
Favicon

[jetty-announce] Jetty Releases 7.6.5.v20120716 and 8.1.5.v20120716

(SPDY SPDY SPDY) ->
http://webtide.intalio.com/2012/07/fully-functional-spdy-proxy/

We are pleased to announce the availability of Jetty 7.6.5.v20120716
and Jetty 8.1.5.v20120716 which can be downloaded now.

Eclipse: http://download.eclipse.org/jetty/
Codehaus: http://dist.codehaus.org/jetty/

All artifacts are in maven central now and the p2 repository for osgi
users is available and linked on the eclipse download page.

The list of issues addressed in this release are below.

cheers!
jesse

--
Jesse McConnell <jesse <at> intalio.com>
www.webtide.com – Developer advice, services and support from the
Jetty & CometD experts.

jetty-7.6.5.v20120716 - 16 July 2012
 + 376717 Balancer Servlet with round robin support, contribution, added
   missing license
 + 379250 Server is added to shutdown hook twice
 + 380866 maxIdleTime set to 0 after session migration
 + 381399 Unable to stop a jetty instance that has not finished starting
 + 381401 Print log warning when stop attempt made with incorrect STOP.KEY
 + 381402 Make ContextHandler take set of protected directories
 + 381521 set Vary:Accept-Encoding header for content that might be compressed
 + 381639 CrossOriginFilter does not support Access-Control-Expose-Headers.
 + 381712 Support all declared servlets that implement
   org.apache.jasper.servlet.JspServlet
 + 381825 leave URI params in forwarded requestURI
 + 381876 Monitor should wait for child to finish before exiting.
 + 382343 Jetty XML support for Map is broken.
 + 383251 500 for SocketExceptions
 + 383881 WebSocketHandler sets request as handled
 + 384254 revert change to writable when not dispatched
 + 384847 CrossOriginFilter is not working.
 + 384896 JDBCSessionManager fails to load existing sessions on oracle when
   contextPath is /
 + 384980 Jetty client unable to recover from Time outs when connection count
   per address hits max.
 + JETTY-1525 Show handle status in response debug message
 + JETTY-1530 refine search control on ldap login module

jetty-8.1.5.v20120716 - 16 July 2012
 + 376717 Balancer Servlet with round robin support, contribution, added
   missing license
 + 379250 Server is added to shutdown hook twice
 + 380866 maxIdleTime set to 0 after session migration
 + 381399 Unable to stop a jetty instance that has not finished starting
 + 381401 Print log warning when stop attempt made with incorrect STOP.KEY
 + 381402 Make ContextHandler take set of protected directories
 + 381521 set Vary:Accept-Encoding header for content that might be compressed
 + 381639 CrossOriginFilter does not support Access-Control-Expose-Headers.
 + 381712 Support all declared servlets that implement
   org.apache.jasper.servlet.JspServlet
 + 381825 leave URI params in forwarded requestURI
 + 381876 Monitor should wait for child to finish before exiting.
 + 382343 Jetty XML support for Map is broken.
 + 383251 500 for SocketExceptions
 + 383881 WebSocketHandler sets request as handled
 + 384254 revert change to writable when not dispatched
 + 384280 Implement preliminary ServletRegistrations
 + 384847 CrossOriginFilter is not working.
 + 384896 JDBCSessionManager fails to load existing sessions on oracle when
   contextPath is /
 + 384980 Jetty client unable to recover from Time outs when connection count
   per address hits max.
 + 385138 add getter for session path and max cookie age that seemed to
   disappear in a merge long ago
 + JETTY-1523 It is imposible to map servlet to "/" using
   WebApplicationInitializer
 + JETTY-1525 Show handle status in response debug message
 + JETTY-1530 refine search control on ldap login module

jetty <at> codehaus-7.6.5.v20120716 - 16 July 2012
 + JETTY-991 added <waitForChild> to control behaviour of jetty:run-forked
 + JETTY-1507 Allow SystemProperties to override commandline
 + JETTY-1522 jetty:run-war <webApp> definition conflicts with <war>
 + JETTY-1526 SetUID leaves user.name and user.home set to root and /root
   (respectively)

jetty <at> codehaus-8.1.5.v20120716 - 16 July 2012
 + 384280 Implement preliminary ServletRegistrations
 + JETTY-991 added <waitForChild> to control behaviour of jetty:run-forked
 + JETTY-1507 Allow SystemProperties to override commandline
 + JETTY-1522 jetty:run-war <webApp> definition conflicts with <war>
 + JETTY-1526 SetUID leaves user.name and user.home set to root and /root
   (respectively)

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 9 Mar 2012 20:51
Picon
Gravatar

[jetty-announce] Jetty 7.6.2 and 8.1.2 (v20120308) Released!

We have pushed the 7.6.2.v20120308 and 8.1.2.v20120308 releases and
they are now available for download from maven central and the usual
eclipse and codehaus download locations.

We anticipate another release that will resolve a few lingering jsp
issues related to OSGI usage so if your an osgi user you might want to
wait for the next release before updating.

cheers,
jesse

The following issues were resolved in both releases:

 + 370387 SafariWebsocketDraft0Test failure during build.
 + 371168 Update ClientCrossContextSessionTest
 + 372093 handle quotes in Require-Bundle manifest string
 + 372457 Big response + slow clients + pipelined requests cause Jetty spinning
   and eventually closing connections. Added a TODO for a method renaming that
   will happen in the next major release (to avoid break implementers).
 + 372487 JDBCSessionManager does not work with Oracle
 + 372806 Command line should accept relative paths for xml config files
 + 373037 jetty.server.Response.setContentLength(int) should not close a Writer
   when length=0
 + 373162 add improved implementation for getParameterMap(), needs a test
   though and the existing setup doesn't seem like it would easily support the
   needed test so need to do that still
 + 373306 Set default user agent extraction pattern for UserAgentFilter
 + 373567 cert validation issue with ocsp and crldp always being enabled when
   validating turned on fixed
 + JETTY-1409 GzipFilter will double-compress application/x-gzip content
 + JETTY-1489 WebAppProvider attempts to deploy .svn folder
 + JETTY-1494 .

--
jesse mcconnell
jesse.mcconnell <at> gmail.com

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Jesse McConnell | 17 Feb 2012 16:32
Picon
Gravatar

[jetty-announce] Jetty 7.6.1 and 8.1.1 released!

I have released an incremental update to the jetty 7.6 and 8.1
releases from a few weeks back.

Eclipse:
http://download.eclipse.org/jetty/

Codehaus:
http://dist.codehaus.org/jetty/

Of particular note in these releases are a fix to usage of the --exec
in the start.ini, it was largely broken in the last release generating
some incorrect paths and then a few fixes to the nosql mongo session
handling.

cheers,
jesse

jetty-7.6.1.v20120215 - 15 February 2012
 + 369121 simplified test
 + 370120 jvm arguments added via start.ini and --exec are missing spaces
 + 370137 SslContextFactory does not respect order for
   [included|excluded]Protocols() and [included|excluded]CipherSuites().
 + 370368 resolve stack overflow in mongo db session manager
 + 370386 Remove META-INF from jetty distro
 + 371040 nosqlsession needs to call correct super contructor for new sessions
 + 371041 valid was not being set to new mongo db sessions, and the call to
   mongodb api was wrong in isIdInUse
 + 371162 NPE protection for nested security handlers
 + JETTY-1484 Add option for HashSessionManager to delete session files if it
   can't restore them

jetty <at> codehaus-7.6.1.v20120215 - 15 February 2012
 + 370386 Remove META-INF from hightide distro
 + JETTY-1480 jspc-maven-plugin does not find jstl tags
 + JETTY-1481 Change jetty-atomikos to be type jar so its dependencies can be
   used in jetty-hightide
 + JETTY-1482 fix path in setuid configuration

jetty-8.1.1.v20120215 - 15 February 2012
 + 369121 simplified test
 + 370120 jvm arguments added via start.ini and --exec are missing spaces
 + 370137 SslContextFactory does not respect order for
   [included|excluded]Protocols() and [included|excluded]CipherSuites().
 + 370368 resolve stack overflow in mongo db session manager
 + 370386 Remove META-INF from jetty distro
 + 371040 nosqlsession needs to call correct super contructor for new sessions
 + 371041 valid was not being set to new mongo db sessions, and the call to
   mongodb api was wrong in isIdInUse
 + 371162 NPE protection for nested security handlers
 + JETTY-1484 Add option for HashSessionManager to delete session files if it
   can't restore them

jetty <at> codehaus-8.1.1.v20120215 - 15 February 2012
 + 370386 Remove META-INF from hightide distro
 + JETTY-1480 jspc-maven-plugin does not find jstl tags
 + JETTY-1481 Change jetty-atomikos to be type jar so its dependencies can be
   used in jetty-hightide
 + JETTY-1482 fix path in setuid configuration

--
jesse mcconnell
jesse.mcconnell <at> gmail.com

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Permalink | Reply | 0 comments |
headers
Greg Wilkins | 28 Jan 2012 22:50
Favicon
Gravatar

[jetty-announce] Jetty releases 7.6.0 and 8.1.0


Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and will soon be available for download via http://eclipse.org/jetty

These releases represent a major effort by the team to refactor the IO layer to handle several issues that have emerged over the last year with respect to the latest JVMs and browsers, such as several 100% CPU spins fixed that resulted from strangely closed SSL connection.   Furthermore, the releases contain some additional protection from some denial of service attacks that have been discovered that affect a wide range of web servers.

We recommend that you plan to evaluate and upgrade to these releases as soon as possible.  Do to the nature of these changes, it is impossible to back the most significant ones to Jetty-6 and thus these releases represent the effective EOL for jetty-6, as no more general releases are planned.

Thanks to the jetty team who have  worked extremely hard over the last few months on these releases.  We've also very much appreciate the efforts of users who have raised issues, provided debug/traces and have tried out various snapshots and RCs.


jetty-8.1.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-8.1.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 NPE in HttpGenerator.prepareBuffers() test case.
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-8.1.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is  stopped.
 + 367548 jetty-osgi-boot must not import the nested package twice
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368112 NPE on <jsp-config><taglib> element parsing web.xml
 + 368113 Support servlet mapping to ""
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368215 Remove debug from jaspi
 + 368240 Better handling of locally created ThreadPool. Forgot to null out    field.
 + 368291 Change warning to info for NoSuchFieldException on    BeanELResolver.properties
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-8.1.0.RC2 - 22 December 2011
 + 359329 jetty-jaspi must exports its packages. jetty-plus must import   javax.security
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to  cope
 + 364921 Made test less time sensitive
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + 367383 jsp-config element must be returned for    ServletContext.getJspConfigDescriptor
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-8.1.0.RC1 - 06 December 2011
 + 360245 The version of the javax.servlet packages to import is 2.6 instead of 3.0
 + 365370 ServletHandler can fall through to nested handler

jetty-8.1.0.RC0 - 30 November 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets

  jetty-7.6.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-7.6.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 avoid non-blocking flush when writing to avoid setting !_writable
   without _writeblocked
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-7.6.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368215 Remove debug from jaspi
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties

jetty-7.6.0.RC3 - 05 January 2012
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-7.6.0.RC2 - 22 December 2011
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive for ssl
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-7.6.0.RC1 - 04 December 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets
 + 365370 ServletHandler can fall through to nested handler

jetty-7.6.0.RC0 - 29 November 2011
 + Refactored NIO layer for better half close handling
 + 349110 fixed bypass chunk handling
 + 360546 handle set count exceeding max integer
 + 362111 StdErrLog.isDebugEnabled() returns true too often
 + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
 + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
 + 362447 add setMaxNonceAge() to DigestAuthenticator
 + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
 + 362614 NPE in accepting connection
 + 362626 IllegalStateException thrown when SslContextFactory preconfigured
   with SSLContext
 + 362696 expand virtual host configuration options to ContextHandler and add
   associated test case for new behavior
 + 362742 improved UTF8 exception reason
 + 363124 improved websocket close handling
 + 363381 Throw IllegalStateException if Request uri is null on getServerName
 + 363408 GzipFilter should not attempt to compress HTTP status 204
 + 363488 ShutdownHandler use stopper thread
 + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
 + 363757 partial fix
 + 363785 StdErrLog must use system-dependent EOL.
 + 363943 ignore null attribute values
 + 363993 EOFException parsing HEAD response in HttpTester
 + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
   controls onIdleExpired callback. 364921 a second onIdleExpired callback will
   result in close rather than a shutdown output.
 + 364657 Support HTTP only cookies from standard API
 + JETTY-1442 add _hostHeader setter for ProxyRule


Permalink | Reply | 0 comments |

Gmane