search

cryptomator / webdav-nio-adapter

Jackrabbit-based servlets running on embedded Jetty to serve a directory specified by a java.nio.file.Path
GNU Affero General Public License v3.0
12 stars 8 forks source link

Bump jetty-server from 10.0.2 to 10.0.3 #38

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps jetty-server from 10.0.2 to 10.0.3.

Release notes

Sourced from jetty-server's releases.

10.0.3

Changelog

  • This release resolves CVE-2021-28169
  • #3764 DeprecationWarning Decorator
  • #5684 Review disabled tests
  • #5798 jetty-runner startup error with jetty-10
  • #5817 Provide more filtering for CustomRequestLog
  • #6049 Default provider [files] section always executed
  • #6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
  • #6098 jetty-cdi is missing from jetty-bom
  • #6099 Cipher preference may break SNI if certificates have different key types
  • #6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
  • #6106 WebSocket/CDI integration is broken in Jetty 10
  • #6132 Ambiguous segment in URI in DELETE /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from 10.0.0 to 10.0.2
  • #6153 jetty-maven-plugin does not correctly pass JVM arguments for external deployMode
  • #6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname.
  • #6166 WebSocket MessageInputStream.read() spends a lot of time in ByteBuffer.compact()
  • #6205 OpenIdAuthenticator may use incorrect redirect
  • #6208 HTTP/2 max local stream count exceeded
  • #6224 make jetty-jspc-maven-plugin @threadsafe
  • #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
  • #6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
  • #6250 Lazily allocate HTTP2Stream data queue
  • #6251 Use CyclicTimeout for HTTP2Streams
  • #6254 Total timeout not enforced for queued requests
  • #6263 Review URI encoding in ConcatServlet & WelcomeFilter
  • #6277 Better handle exceptions thrown from session destroy listener
  • #6280 Copy ServletHolder class/instance properly during startWebapp
  • #6287 Class loading broken for WebSocketClient used inside webapp
Commits
  • 60d766f Updating to version 10.0.3
  • cd73338 Remove WebSocketComponents & HouseKeeper on Server restart. (#6218)
  • 802d32d Fixes #6207 - Make ALPN optional in HTTP2Client over TLS
  • 455e798 Merge pull request #6293 from eclipse/jetty-10.0.x-6287-WebSocketClientClassL...
  • 67e2b4a Fixes #5306 - Default jetty.*.acceptors should be 1. (#6236)
  • 1d5d807 review comments
  • 6ed64e1 fix HttpChannelOverHTTP2 recycling order to make sure no demanding content ca...
  • 0761aee Disable websocketProvidedByWebApp on JDK14-15 due to JDK-8244090 bug.
  • 65ef393 Issue #6291 Fix FileSessionDataStoreTest.testCleanOrphans (#6292)
  • 61f4dbe review comment: improve readability
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cryptomator/webdav-nio-adapter/network/alerts).