cmarchand / gaulois-pipe

A XSLT pipelining solution
Mozilla Public License 2.0
9 stars 4 forks source link

Bump jetty-server from 9.4.35.v20201120 to 9.4.38.v20210224 in /gaulois-pipe #57

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps jetty-server from 9.4.35.v20201120 to 9.4.38.v20210224.

Release notes

Sourced from jetty-server's releases.

9.4.38.v20210224

Changelog

  • #6001 - Ambiguous URI legacy compliance mode
  • #5999 - HttpURI ArrayIndexOutOfBounds
  • #5994 - QueuedThreadPool "free" threads
  • #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration

9.4.37.v20210219

Changelog

  • This release addresses and resolves CVE-2020-27223
  • #5979 - Configurable gzip Etag extension
  • #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
  • #5976 - Adding requested Rewrite Rule to force request header values
  • #5973 - Proxy client TLS authentication example
  • #5963 - Improve QuotedQualityCSV
  • #5950 - Deadlock due to logging inside classloaders
  • #5937 - Unnecessary blocking in ResourceService
  • #5909 - Cannot disable HTTP OPTIONS Method
  • #5894 - Jetty 9.4.x 5859 classloader leak queuedthreadpool
  • #5851 - org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
  • #5787 - Make ManagedSelector report better JMX data
  • #5492 - Add ability to manage start modules by java feature
  • #4275 - Path Normalization/Traversal - Context Matching

9.4.36.v20210114

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #5870 - jetty-maven-plugin fails to run ServletContainerInitializer on Windows due to URI case comparison bug
  • #5855 - HttpClient may not send queued requests
  • #5845 - Use UTF-8 encoding for client basic auth if requested
  • #5830 - Jetty-util contains wrong Import-Package
  • #5825 - Revisit Statistics classes (@​rk1165)
  • #5824 - Build up of ConstraintMappings when stopping and starting WebAppContext
  • #5821 - JMX-ify Scheduler implementations (@​rk1165)
  • #5820 - backport fix for ArithmeticException in Pool
  • #5804 - Jetty 9.4.x spotbug issue map iteration using entrySet(), diamond list creation
  • #5801 - Implement max duration of HTTP ConnectionPools
  • #5794 - ServerConnector leaks closed sockets which can lead to file descriptor exhaustion (@​joewitt)
  • #5785 - Reduce log level for WebSocket connections closed by clients
  • #5783 - Fix ConnectionStatistics.*Rate() methods
  • #5778 - fix ByteBufferPool race condition
  • #5755 - Cannot configure maxDynamicTableSize on HTTP2Client

... (truncated)

Commits
  • 288f3cc Updating to version 9.4.38.v20210224
  • 0603b13 Merge pull request #6005 from eclipse/jetty-9.4.x-6001-default-accept-ambiguo...
  • e68293e Addressing copy/paste mistakes
  • f9b5974 Fix #4275 separate compliance modes for ambiguous URI segments and separators
  • 49e73df Fix #4275 #6001 separate compliance modes for ambiguous URI segments and se… ...
  • c9cd1e4 Merge pull request #5995 from eclipse/jetty-9.4.x-5994-qtp_free_threads
  • 8bd4a9f Fix #5999 ArrayIndexOutOfBounds for unicode in HttpURI segment (#6000)
  • 530c14e Issue #5994 - QueuedThreadPool "free" threads
  • 16241d7 Efficiency improvements for #5977
  • fdb54fa Efficiency improvements for #5977
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cmarchand/gaulois-pipe/network/alerts).