search

KorAP / Kustvakt

:speedboat: User and policy management component for KorAP, capable of rewriting queries for policy based document restrictions.
BSD 2-Clause "Simplified" License
4 stars 3 forks source link

Bump jetty.version from 9.4.51.v20230217 to 9.4.53.v20231009 in /full #681

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 9 months ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps jetty.version from 9.4.51.v20230217 to 9.4.53.v20231009. Updates org.eclipse.jetty:jetty-server from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-server's releases.

9.4.53.v20231009

Security Updates

This release addresses:

  • CVE-2023-44487
  • CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

  • #10679 - backport HTTP/2 rate control from Jetty 10.0.x
  • #10573 - backport hpack improvements from Jetty 10.0.x
  • #10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

  • GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
  • CVE-2023-40167
  • CVE-2023-36479
  • CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
  • #10337 - SizeLimitHandler does not enforce 0 responseLimit
  • #10169 - make sure that a ServiceLoader is retrieved before iterating (@​RangerRick)
  • #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
  • #9887 - Deprecate CGI Servlet (CVE-2023-36479)
  • #9716 - Deprecate PushSessionCacheFilter
  • #9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)
  • #9476 - onCompleteFailure called multiple times
Commits
  • 27bde00 Updating to version 9.4.53.v20231009
  • 2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
  • 0f246d1 Fixes #10679 - Review HTTP/2 rate control.
  • 2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
  • b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
  • e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
  • 52f117d Bump asm.version from 9.5 to 9.6
  • 3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
  • 0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
  • 3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
  • Additional commits viewable in compare view


Updates org.eclipse.jetty:jetty-servlet from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-servlet's releases.

9.4.53.v20231009

Security Updates

This release addresses:

  • CVE-2023-44487
  • CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

  • #10679 - backport HTTP/2 rate control from Jetty 10.0.x
  • #10573 - backport hpack improvements from Jetty 10.0.x
  • #10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

  • GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
  • CVE-2023-40167
  • CVE-2023-36479
  • CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
  • #10337 - SizeLimitHandler does not enforce 0 responseLimit
  • #10169 - make sure that a ServiceLoader is retrieved before iterating (@​RangerRick)
  • #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
  • #9887 - Deprecate CGI Servlet (CVE-2023-36479)
  • #9716 - Deprecate PushSessionCacheFilter
  • #9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)
  • #9476 - onCompleteFailure called multiple times
Commits
  • 27bde00 Updating to version 9.4.53.v20231009
  • 2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
  • 0f246d1 Fixes #10679 - Review HTTP/2 rate control.
  • 2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
  • b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
  • e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
  • 52f117d Bump asm.version from 9.5 to 9.6
  • 3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
  • 0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
  • 3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
  • Additional commits viewable in compare view


Updates org.eclipse.jetty:jetty-webapp from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-webapp's releases.

9.4.53.v20231009

Security Updates

This release addresses:

  • CVE-2023-44487
  • CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

  • #10679 - backport HTTP/2 rate control from Jetty 10.0.x
  • #10573 - backport hpack improvements from Jetty 10.0.x
  • #10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

  • GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
  • CVE-2023-40167
  • CVE-2023-36479
  • CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
  • #10337 - SizeLimitHandler does not enforce 0 responseLimit
  • #10169 - make sure that a ServiceLoader is retrieved before iterating (@​RangerRick)
  • #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
  • #9887 - Deprecate CGI Servlet (CVE-2023-36479)
  • #9716 - Deprecate PushSessionCacheFilter
  • #9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)
  • #9476 - onCompleteFailure called multiple times
Commits
  • 27bde00 Updating to version 9.4.53.v20231009
  • 2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
  • 0f246d1 Fixes #10679 - Review HTTP/2 rate control.
  • 2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
  • b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
  • e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
  • 52f117d Bump asm.version from 9.5 to 9.6
  • 3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
  • 0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
  • 3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.