search

jhannes / logevents

An easy-to-extend implementation of SLF4J with batteries included and sensible defaults
Other
42 stars 8 forks source link

Bump jetty-webapp from 9.4.39.v20210325 to 9.4.43.v20210629 in /logevents-servlets-demo #49

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps jetty-webapp from 9.4.39.v20210325 to 9.4.43.v20210629.

Release notes

Sourced from jetty-webapp's releases.

9.4.43.v20210629

Changelog

  • #6473 - Improve alias checking in PathResource
  • #6470 - java.nio.ReadOnlyBufferException
  • #6447 - Deprecate support for UTF16 encoding in URIs
  • #6426 - Update to spifly 1.3.3
  • #6425 - Update to asm 9.1

9.4.42.v20210604

Changelog

  • #6342 - Explain EatWhatYouKill naming
  • #6330 - CustomRequestLog is missing HTTP version format option
  • #6323 - HttpClient gets stuck/never calls onComplete() when multiple requests with timeouts are sent
  • #6308 - Ensure buffers are returned to pool by MessageInputStream
  • #6287 - Class loading broken for WebSocketClient used inside webapp
  • #6285 - HTTP2 client: IllegalStateException: Cannot release an already released entry
  • #6276 - Support non-standard domains in SNI and X509
  • #6268 - Warnings about "unable to parse form content" are not helpful for troubleshooting
  • #6118 - Display a warning when Hazelcast configuration does not contain Jetty session serializer
  • #5931 - SslConnection should implement getBytesIn()/getBytesOut()

9.4.41.v20210516

Changelog

  • This release resolves CVE-2021-28169 and CVE-2021-34428
  • #6099 Cipher preference may break SNI if certificates have different key types
  • #6186 Add Null Protection on Log / Logger
  • #6205 OpenIdAuthenticator may use incorrect redirect
  • #6208 HTTP/2 max local stream count exceeded
  • #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
  • #6254 Total timeout not enforced for queued requests
  • #6263 Review URI encoding in ConcatServlet & WelcomeFilter
  • #6277 Better handle exceptions thrown from session destroy listener
  • #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

  • #6168 - Improve handling of unconsumed content
  • #6148 - Jetty start.jar always reports jetty.tag.version as master
  • #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
  • #6082 - SslConnection compacting

... (truncated)

Commits
  • 526006e Updating to version 9.4.43.v20210629
  • 40535f1 Merge pull request #6486 from eclipse/jetty-9.4.x-6470-MessageInputStreamEOF
  • 039a539 Issue #6470 - prevent EOF being released back into pool
  • f045b5a Issue #6473 - Improve alias checking in PathResource. (#6477)
  • 16d8b23 #6455 disable MaxDuration mechanism in testConnectionMaxUsage as it clashes w...
  • 122a78a Issue #6473 - canonicalPath refactor & fix alias check in PathResource (#6474)
  • a02ade7 Merge pull request #6456 from eclipse/jetty-9.4.x-6383-FileBufferedResponseHa...
  • a3effb1 Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6467)
  • 97b52e4 Merge pull request #6462 from eclipse/jetty-9.4.x-documentationFix
  • 4289716 fix documentation format in community.adoc
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jhannes/logevents/network/alerts).
jhannes commented 3 years ago

Upgraded manually

dependabot[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.