Sourced from jetty-server's releases.

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
• #6082 - SslConnection compacting

• 5cd5e6d Updating to version 9.4.42.v20210604
• 9b6b956 Fixes #6330 - CustomRequestLog is missing HTTP version format option. (#6361)
• 40a9fa7 Explain EatWhatYouKill naming (#6342)
• 2e7d174 Fixes #6323 - HttpClient requests with redirects gets stuck/never cal… (#6334)
• f902d12 Fixes #5931 - SslConnection should implement getBytesIn()/getBytesOut(). (#6335)
• 121d8c2 Merge pull request #6325 from eclipse/jetty-9.4.x-6287-WebSocketClientClassLo...
• 76f5162 Issue #6118 Warn if hazelcast cfg file is missing SessionDataSerializer (#632...
• 8f0bb81 align names with jetty-10
• 01c35fe do not trim surefire stack trace
• 44bc0e8 add null check
• Additional commits viewable in compare view

Sourced from jetty-servlet's releases.

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
• #6082 - SslConnection compacting

• 5cd5e6d Updating to version 9.4.42.v20210604
• 9b6b956 Fixes #6330 - CustomRequestLog is missing HTTP version format option. (#6361)
• 40a9fa7 Explain EatWhatYouKill naming (#6342)
• 2e7d174 Fixes #6323 - HttpClient requests with redirects gets stuck/never cal… (#6334)
• f902d12 Fixes #5931 - SslConnection should implement getBytesIn()/getBytesOut(). (#6335)
• 121d8c2 Merge pull request #6325 from eclipse/jetty-9.4.x-6287-WebSocketClientClassLo...
• 76f5162 Issue #6118 Warn if hazelcast cfg file is missing SessionDataSerializer (#632...
• 8f0bb81 align names with jetty-10
• 01c35fe do not trim surefire stack trace
• 44bc0e8 add null check
• Additional commits viewable in compare view

Sourced from jetty-util's releases.

9.4.42.v20210604

Changelog

• #6342 - Explain EatWhatYouKill naming
• #6330 - CustomRequestLog is missing HTTP version format option
• #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
• #6308 - Ensure buffers are returned to pool by MessageInputStream
• #6287 - Class loading broken for WebSocketClient used inside webapp
• #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
• #6276 - Support non-standard domains in SNI and X509
• #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
• #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
• #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
• #6082 - SslConnection compacting

• 5cd5e6d Updating to version 9.4.42.v20210604
• 9b6b956 Fixes #6330 - CustomRequestLog is missing HTTP version format option. (#6361)
• 40a9fa7 Explain EatWhatYouKill naming (#6342)
• 2e7d174 Fixes #6323 - HttpClient requests with redirects gets stuck/never cal… (#6334)
• f902d12 Fixes #5931 - SslConnection should implement getBytesIn()/getBytesOut(). (#6335)
• 121d8c2 Merge pull request #6325 from eclipse/jetty-9.4.x-6287-WebSocketClientClassLo...
• 76f5162 Issue #6118 Warn if hazelcast cfg file is missing SessionDataSerializer (#632...
• 8f0bb81 align names with jetty-10
• 01c35fe do not trim surefire stack trace
• 44bc0e8 add null check
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)