Greg Wilkins | 5 Jan 19:42 2006

Release 5.1.10 and 4.2.15 - Security issue on win32


Releases 5.1.10 and 4.2.15 of Jetty are available via http://jetty.mortbay.org

These release fix a security flaw that allows a crafted URL to access the contents
of WEB-INF on win32 platform.   

Jetty-5.1.10 - 5 January 2005
 + Fixed path aliasing with // on windows.
 + Fix for AJP13 with multiple headers
 + Fix for AJP13 with encoded path
 + Remove null dispatch attributes from getAttributeNames
 + Put POST content default back to iso_8859_1. GET is UTF-8 still

Jetty-4.2.25 - 4 Jan 2006
 + Fixed aliasing of // for win32

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
Jan Bartel | 25 Jan 12:13 2006

Release 6.0.0beta8


Beta 8 release of Jetty 6.0.0 is now available via http://jetty.mortbay.org

The artifact jars are available from the MortBay release repository at
http://www.mortbay.com/maven2/release and will also be mirrored to ibiblio.

The changes are:

Jetty-6.0.0Beta8  - 25 January 2005
    + fixed dispatch of new session problem. sf:1407090
    + reinstated rfc2616 test harness
    + Handle pipeline requests without hangs
    + Removed queue from thread pool.
    + improved caching of content types
    + fixed bug in overloaded write method on HttpConnection (reported against Tapestry4.0)
    + hid org.apache.commons.logging and org.slf4j packages from webapp
    + maven-jetty6-plugin stopped transitive inclusion of log4j and
      commons-logging from commons-el for jasper
    + patch to remove spurious ; in HttpFields
    + improve buffer return mechanism.
    + conveniance addHandler removeHandler methods
    + maven-jetty6-plugin: ensure compile is done before invoking jetty
    + maven-jetty6-plugin: support all types of artifact dependencies

regards
Jan

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
(Continue reading)


Gmane