antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 7 Projects Releases 5 Activity Actions

build(deps): bump jetty-servlet from 9.4.27.v20200227 to 11.0.2 #4

Closed
dependabot[bot] wants to merge 1 commit from dependabot/gradle/org.eclipse.jetty-jetty-servlet-11.0.2 into helma-🐜
pull from: dependabot/gradle/org.eclipse.jetty-jetty-servlet-11.0.2
merge into: antville:helma-🐜
Conversation 1 Commits 1 Files changed 1 +1 -1
dependabot[bot] commented 2021-04-04 18:28:02 +00:00 (Migrated from github.com)
Copy link

Bumps jetty-servlet from 9.4.27.v20200227 to 11.0.2.

Release notes

Sourced from jetty-servlet's releases.

11.0.2

Changelog

⚠️ Important Security related Changes

Other Changes

  • #4275 - Path Normalization/Traversal - Context Matching
  • #5828 - Allow to create a WebSocketContainer passing HttpClient
  • #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
  • #5835 - Review Durable Filters, Servlets and Listeners
  • #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
  • #5994 - QueuedThreadPool "free" threads
  • #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
  • #5999 - HttpURI ArrayIndexOutOfBounds
  • #6001 - Ambiguous URI legacy compliance mode
  • #6008 - Allow absolute paths to be provided in start.ini for request log directory.
  • #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
  • #6020 - Review Jetty Maven Plugin scanning defaults
  • #6021 - Standardize Path resolution in XmlConfiguration
  • #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
  • #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
  • #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
  • #6037 - Review logging modules for j.u.l.
  • #6063 - Allow override of hazelcast version when using module
  • #6076 - Embedded Jetty throws null pointer exception
  • #6082 - SslConnection compacting
  • #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

11.0.1

Changelog

  • This release addresses and resolves CVE-2020-27223
  • #5993 - Change more modules to glassfish-jstl
  • #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
  • #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
  • #5761 - Remove unneeded dependencies from apache-jsp module
  • #5759 - Update jakarta transaction, mail and injection apis
  • #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

  • Jetty 11.x has a minimum Java requirement of Java 11.
  • Jetty 11.x modules are proper JPMS modules with module-info.class.
  • Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):

... (truncated)

Commits
  • 14ed9a5 Updating to version 11.0.2
  • 61b5e1a revert back to 11.0.2-SNAPSHOT
  • 03f6a31 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
  • b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
  • 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
  • a86a0c2 Add static utility methods on container to add and remove beans.
  • 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
  • e1f2f8c Updating to version 11.0.3-SNAPSHOT
  • 0a126e2 Updating to version 11.0.2
  • e04e226 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [jetty-servlet](https://github.com/eclipse/jetty.project) from 9.4.27.v20200227 to 11.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eclipse/jetty.project/releases">jetty-servlet's releases</a>.</em></p> <blockquote> <h2>11.0.2</h2> <h1>Changelog</h1> <h1>:warning: Important Security related Changes</h1> <ul> <li><a href="https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w">CVE-2021-28165</a> - <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6072">#6072</a> - jetty server high CPU when client send data length &gt; 17408</li> <li><a href="https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5">CVE-2021-28164</a> - <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6101">#6101</a> - Normalize ambiguous URIs</li> <li><a href="https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq">CVE-2021-28163</a> - <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6102">#6102</a> - Exclude webapps directory from deployment scan</li> </ul> <h1>Other Changes</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/4275">#4275</a> - Path Normalization/Traversal - Context Matching</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5828">#5828</a> - Allow to create a WebSocketContainer passing HttpClient</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5832">#5832</a> - Ctrl-C after jetty:run produces NoClassDefFoundError</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5835">#5835</a> - Review Durable Filters, Servlets and Listeners</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5977">#5977</a> - Cache-Control header set by a filter is override by the value from DefaultServlet configuration</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5994">#5994</a> - QueuedThreadPool &quot;free&quot; threads</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5996">#5996</a> - ERROR : No module found to provide logback-impl for logback-access{enabled}</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5999">#5999</a> - HttpURI ArrayIndexOutOfBounds</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6001">#6001</a> - Ambiguous URI legacy compliance mode</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6008">#6008</a> - Allow absolute paths to be provided in start.ini for request log directory.</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6011">#6011</a> - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6020">#6020</a> - Review Jetty Maven Plugin scanning defaults</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6021">#6021</a> - Standardize Path resolution in XmlConfiguration</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6024">#6024</a> - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6026">#6026</a> - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6034">#6034</a> - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6037">#6037</a> - Review logging modules for j.u.l.</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6063">#6063</a> - Allow override of hazelcast version when using module</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6076">#6076</a> - Embedded Jetty throws null pointer exception</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6082">#6082</a> - SslConnection compacting</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6085">#6085</a> - Jetty keeps Sessions in use after &quot;Duplicate valid session cookies&quot; Message</li> </ul> <h2>11.0.1</h2> <h1>Changelog</h1> <ul> <li>This release addresses and resolves CVE-2020-27223</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5993">#5993</a> - Change more modules to glassfish-jstl</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5941">#5941</a> - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5901">#5901</a> - Starting Jetty with JPMS produces warnings about Servlet resources not found</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5761">#5761</a> - Remove unneeded dependencies from apache-jsp module</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5759">#5759</a> - Update jakarta transaction, mail and injection apis</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/5752">#5752</a> - Fix Servlet 5 Schema redirects</li> </ul> <h2>11.0.0</h2> <h1>Eclipse Jetty 11.x Highlights</h1> <ul> <li>Jetty 11.x has a minimum Java requirement of Java 11.</li> <li>Jetty 11.x modules are proper JPMS modules with <code>module-info.class</code>.</li> <li>Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eclipse/jetty.project/commit/14ed9a526425785884b34f59e1153fede0ae3552"><code>14ed9a5</code></a> Updating to version 11.0.2</li> <li><a href="https://github.com/eclipse/jetty.project/commit/61b5e1a8af4ef9f25a0cba4763b62a9df8ba0189"><code>61b5e1a</code></a> revert back to 11.0.2-SNAPSHOT</li> <li><a href="https://github.com/eclipse/jetty.project/commit/03f6a318c7752ed0afea5a0f399a38643ecdbfc4"><code>03f6a31</code></a> Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x</li> <li><a href="https://github.com/eclipse/jetty.project/commit/b68a5fec2fb8be55d4024d020a101bea78211af2"><code>b68a5fe</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/6107">#6107</a> from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/47ec9b1a7e22f8929eddf53cb85e566d9663b242"><code>47ec9b1</code></a> Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/a86a0c26624431797fbe649902eae87a01bf8e77"><code>a86a0c2</code></a> Add static utility methods on container to add and remove beans.</li> <li><a href="https://github.com/eclipse/jetty.project/commit/57779c6026aecfbaacdf1bf8c5b24ee56db5e63e"><code>57779c6</code></a> Make the HttpClient getContainer method static on JavaxWebSocketClientContain...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/e1f2f8c989b0a7f63ed5601adf2a9e817a74ee85"><code>e1f2f8c</code></a> Updating to version 11.0.3-SNAPSHOT</li> <li><a href="https://github.com/eclipse/jetty.project/commit/0a126e2e21436f505bd2c2bcc40e1dbc7b4c95a8"><code>0a126e2</code></a> Updating to version 11.0.2</li> <li><a href="https://github.com/eclipse/jetty.project/commit/e04e226adc17a9c553f08d32680dac2b9bae1eec"><code>e04e226</code></a> Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.</li> <li>Additional commits viewable in <a href="https://github.com/eclipse/jetty.project/compare/jetty-9.4.27.v20200227...jetty-11.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.eclipse.jetty:jetty-servlet&package-manager=gradle&previous-version=9.4.27.v20200227&new-version=11.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
dependabot[bot] commented 2021-05-24 07:39:09 +00:00 (Migrated from github.com)
Copy link

Superseded by #22.

Superseded by #22.

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
blocker

   
core

   
dependency

Pull request that updates a dependency file

  
major

   
needs-work

   
runtime

   
security

   
urgent
No labels
blocker
core
dependency
major
needs-work
runtime
security
urgent
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: antville/helma#4
No description provided.
Delete branch "dependabot/gradle/org.eclipse.jetty-jetty-servlet-11.0.2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?