search

jenkinsci / jenkinsfile-runner

A command line tool to run Jenkinsfile as a function
MIT License
1.13k stars 291 forks source link

Bump jetty.version from 9.4.43.v20210629 to 11.0.11 #637

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps jetty.version from 9.4.43.v20210629 to 11.0.11. Updates jetty-servlet from 9.4.43.v20210629 to 11.0.11

Release notes

Sourced from jetty-servlet's releases.

11.0.11

Special Thanks to the following Eclipse Jetty community members

Critical Fix

  • #8184 - All suffix globs except first fail to match if path has . character in prefix section

Changelog

  • #8187 - Fix test-distribution classpath re resolver (@​cstamas)
  • #8175 - Removing invalid maxConnections references
  • #8163 - RegexPathSpec documentation and MatchedPath improvements
  • #8162 - Migrate code from jetty-util Logger to slf4j Logger
  • #8161 - Improve SSLConnection buffers handling
  • #8155 - Use static exceptions for closing websocket flushers and in ContentProducer

11.0.10

Fixed Security Advisories

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
  • #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
  • #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
  • #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
  • #8057 - Support Http Response 103 (Early Hints)
  • #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
  • #8008 - Add compliance mode for LEGACY multipart parser in Jetty
  • #7994 - Ability to construct a detached client Request
  • #7991 - fix bom for jetty-cdi
  • #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
  • #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
  • #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
  • #7953 - Fix StatisticsHandler in the case a Handler throws exception.
  • #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
  • #7929 - Correct requestlog formatString commented default (@​prenagha)
  • #7924 - Fix a typo in Javadoc (@​jianglai)
  • #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec

... (truncated)

Commits
  • 5848731 Updating to version 11.0.11
  • a3616ca Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 3fabe54 Fix test-distribution classpath re resolver (#8187)
  • 97f37d7 Add Jetty 10.0.10 to VERSION.txt
  • 6da27fc Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 5fddbf9 Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern ...
  • 8149350 Merge Release 11.0.10 back into jetty-11.0.x (#8181)
  • e81dab9 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • c2bc103 Merge Release 10.0.10 back into jetty-10.0.x (#8180)
  • d4d3d59 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • Additional commits viewable in compare view


Updates jetty-webapp from 9.4.43.v20210629 to 11.0.11

Release notes

Sourced from jetty-webapp's releases.

11.0.11

Special Thanks to the following Eclipse Jetty community members

Critical Fix

  • #8184 - All suffix globs except first fail to match if path has . character in prefix section

Changelog

  • #8187 - Fix test-distribution classpath re resolver (@​cstamas)
  • #8175 - Removing invalid maxConnections references
  • #8163 - RegexPathSpec documentation and MatchedPath improvements
  • #8162 - Migrate code from jetty-util Logger to slf4j Logger
  • #8161 - Improve SSLConnection buffers handling
  • #8155 - Use static exceptions for closing websocket flushers and in ContentProducer

11.0.10

Fixed Security Advisories

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
  • #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
  • #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
  • #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
  • #8057 - Support Http Response 103 (Early Hints)
  • #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
  • #8008 - Add compliance mode for LEGACY multipart parser in Jetty
  • #7994 - Ability to construct a detached client Request
  • #7991 - fix bom for jetty-cdi
  • #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
  • #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
  • #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
  • #7953 - Fix StatisticsHandler in the case a Handler throws exception.
  • #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
  • #7929 - Correct requestlog formatString commented default (@​prenagha)
  • #7924 - Fix a typo in Javadoc (@​jianglai)
  • #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec

... (truncated)

Commits
  • 5848731 Updating to version 11.0.11
  • a3616ca Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 3fabe54 Fix test-distribution classpath re resolver (#8187)
  • 97f37d7 Add Jetty 10.0.10 to VERSION.txt
  • 6da27fc Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 5fddbf9 Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern ...
  • 8149350 Merge Release 11.0.10 back into jetty-11.0.x (#8181)
  • e81dab9 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • c2bc103 Merge Release 10.0.10 back into jetty-10.0.x (#8180)
  • d4d3d59 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #653.