search

1and1 / go-maven-poller

GoCD plugin that polls Maven repositories including Artifactory and Nexus
Other
9 stars 8 forks source link

Bump org.eclipse.jetty:jetty-security from 11.0.15 to 11.0.16 #46

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps org.eclipse.jetty:jetty-security from 11.0.15 to 11.0.16.

Release notes

Sourced from org.eclipse.jetty:jetty-security's releases.

11.0.16

Security Updates

  • This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #10397 - Iso88591StringBuilder.append seems to have a logic error
  • #10388 - Jetty10 inetaccess mod started error
  • #10329 - Various cleanups in HttpParser
  • #10271 - jetty.sh does not stop jetty anymore
  • #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
  • #10176 - cleanups of DateCache
  • #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
  • #10145 - WritePendingException over HTTP/2 tunnel
  • #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
  • #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
  • #10105 - Document that Request objects are not reusable
  • #10086 - Revisiting ProxyConfiguration.getProxies()
  • #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
  • #9997 - No progress during Gzip Request Inflation results in bogus error
  • #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
  • #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
  • #9895 - A MessageTooLargeException doesn't close a WebSocket connection
  • #9887 - Deprecate CGI Servlet
  • #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
  • #9777 - CrossOriginFilter does not return Vary header on no-cors mode
  • #9761 - H3: Fix racy read from stream-less channel
  • #9749 - HTTP/2 improvements.
  • #9741 - Review of websocket parser, improve testing & comments.
  • #9728 - Fixes to QPACK configuration from SETTINGS frames.
  • #9715 - deprecate PushSessionCacheFilter
  • #9685 - Jetty doesn't set the date header on error responses
  • #9682 - RetainableByteBuffer buffer release bug in WebSocket
  • #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
  • #9476 - onCompleteFailure called multiple times
  • #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
  • #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
  • #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
  • #7091 - Add SOCKS5 support (@​huisongma)
Commits
  • bedff45 Updating to version 11.0.16
  • d3fbcaf Fixing release-jetty.sh script
  • 99c049e Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
  • d6320c4 fix checkstyle violation
  • c3cf256 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
  • b89398d Issue #10388 - add DistributionTest for InetAccessHandler
  • 764c817 Issue #10388 - fix InetAccessHandler module
  • cf97e58 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • Additional commits viewable in compare view


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | org.eclipse.jetty:jetty-security | [>= 12.a, < 13] |

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)