popeen / Booksonic-App

The Booksonic Android App, based on DSub. - OBS: The code here might not be ready for release. Feel free to compile it yourself but if so I recommend searching for the latest commit with the description "Prepare for release".
http://booksonic.org
GNU General Public License v3.0
139 stars 29 forks source link

Bump jetty-servlet from 8.1.16.v20140903 to 11.0.3 #214

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps jetty-servlet from 8.1.16.v20140903 to 11.0.3.

Release notes

Sourced from jetty-servlet's releases.

11.0.3

Changelog

  • #3764 DeprecationWarning Decorator
  • #5684 Review disabled tests
  • #5798 jetty-runner startup error with jetty-10
  • #5817 Provide more filtering for CustomRequestLog
  • #6049 Default provider [files] section always executed
  • #6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
  • #6098 jetty-cdi is missing from jetty-bom
  • #6099 Cipher preference may break SNI if certificates have different key types
  • #6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
  • #6106 WebSocket/CDI integration is broken in Jetty 10
  • #6125 Do not allow override of jakarta.* container classes by webapps per Servlet 5.0 Section 15.2.1
  • #6132 Ambiguous segment in URI in DELETE /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from 10.0.0 to 10.0.2
  • #6153 jetty-maven-plugin does not correctly pass JVM arguments for external deployMode
  • #6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected by IP rather than hostname.
  • #6166 WebSocket MessageInputStream.read() spends a lot of time in ByteBuffer.compact()
  • #6205 OpenIdAuthenticator may use incorrect redirect
  • #6208 HTTP/2 max local stream count exceeded
  • #6224 make jetty-jspc-maven-plugin @threadsafe
  • #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
  • #6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
  • #6250 Lazily allocate HTTP2Stream data queue
  • #6251 Use CyclicTimeout for HTTP2Streams
  • #6254 Total timeout not enforced for queued requests
  • #6263 Review URI encoding in ConcatServlet & WelcomeFilter
  • #6277 Better handle exceptions thrown from session destroy listener
  • #6280 Copy ServletHolder class/instance properly during startWebapp
  • #6287 Class loading broken for WebSocketClient used inside webapp

11.0.2

Changelog

:warning: Important Security related Changes

Other Changes

  • #4275 - Path Normalization/Traversal - Context Matching
  • #5828 - Allow to create a WebSocketContainer passing HttpClient
  • #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
  • #5835 - Review Durable Filters, Servlets and Listeners
  • #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
  • #5994 - QueuedThreadPool "free" threads
  • #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
  • #5999 - HttpURI ArrayIndexOutOfBounds

... (truncated)

Commits
  • d97980b Updating to version 11.0.3
  • 2d08ed6 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • cd73338 Remove WebSocketComponents & HouseKeeper on Server restart. (#6218)
  • 28562d6 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • 802d32d Fixes #6207 - Make ALPN optional in HTTP2Client over TLS
  • 0e2a809 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • 455e798 Merge pull request #6293 from eclipse/jetty-10.0.x-6287-WebSocketClientClassL...
  • 462aff3 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • 67e2b4a Fixes #5306 - Default jetty.*.acceptors should be 1. (#6236)
  • ddbf8e2 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 3 years ago

Superseded by #218.