9.4.39.v20210325
·
1213 commits
to jetty-9.4.x
since this release
9fc7ca5
This commit was signed with the committer’s verified signature.
jmcc0nn3ll
Jesse McConnell
Changelog
⚠️ Important Security related Changes
- CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
- CVE-2021-28164 - #6101 - Normalize ambiguous URIs
- CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan
Other Changes
- #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
- #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
- #6052 - Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android
- #6063 - Allow override of hazelcast version when using module
- #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message