dianping / cat

CAT 作为服务端项目基础组件,提供了 Java, C/C++, Node.js, Python, Go 等多语言客户端,已经在美团点评的基础架构中间件框架(MVC框架,RPC框架,数据库框架,缓存框架等,消息队列,配置系统等)深度集成,为美团点评各业务线提供系统丰富的性能指标、健康状况、实时告警等。
Apache License 2.0
18.69k stars 5.43k forks source link

Bump jetty-server from 9.4.35.v20201120 to 9.4.41.v20210516 in /integration/elasticsearch-jetty #2122

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps jetty-server from 9.4.35.v20201120 to 9.4.41.v20210516.

Release notes

Sourced from jetty-server's releases.

9.4.41.v20210516

Changelog

  • This release resolves CVE-2021-28169
  • #6099 Cipher preference may break SNI if certificates have different key types
  • #6186 Add Null Protection on Log / Logger
  • #6205 OpenIdAuthenticator may use incorrect redirect
  • #6208 HTTP/2 max local stream count exceeded
  • #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
  • #6254 Total timeout not enforced for queued requests
  • #6263 Review URI encoding in ConcatServlet & WelcomeFilter
  • #6277 Better handle exceptions thrown from session destroy listener
  • #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

  • #6168 - Improve handling of unconsumed content
  • #6148 - Jetty start.jar always reports jetty.tag.version as master
  • #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
  • #6082 - SslConnection compacting

9.4.39.v20210325

Changelog

:warning: Important Security related Changes

Other Changes

  • #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
  • #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
  • #6052 - Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android
  • #6063 - Allow override of hazelcast version when using module
  • #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

9.4.38.v20210224

Changelog

  • #6001 - Ambiguous URI legacy compliance mode

... (truncated)

Commits
  • 98607f9 Updating to version 9.4.41.v20210516
  • 087f486 Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#6278) ...
  • edcaf70 Copy ServletHolder class/instance properly during startWebapp (#6214)
  • 1c05b0b Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
  • 9cb9343 Issue #6205 - Fix serialization issues in OpenIdAuthenticator
  • 2e7f5eb Issue #6205 - Fix issues with OpenID redirecting to wrong URI (#6211)
  • 88ac104 Issue #6254 - Total timeout not enforced for queued requests.
  • da50e06 Fixes #6254 - Total timeout not enforced for queued requests.
  • 5f23689 Issue #6254 - Total timeout not enforced for queued requests.
  • 003c313 upgrade h2spec-maven-plugin 1.0.5 (#6247)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dianping/cat/network/alerts).
dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.