Control: tags -1 + moreinfo confirmed
On 2021-04-12 00:26:08 +0200, Emmanuel Bourg wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi,
>
> This is a pre-upload request to unblock jetty9/9.4.39-1, this update fixes
> 3 vulnerabilities (CVE-2021-28163, CVE-2021-28164 and CVE-2021-28165).
ACK. Please remove the moreinfo tag once the version is available in
unstable.
Cheers
>
> The debdiff is attached below.
>
> Thank you,
>
> Emmanuel Bourg
>
>
> unblock jetty9/9.4.38-1
> diff -Nru jetty9-9.4.38/aggregates/jetty-all/pom.xml jetty9-9.4.39/aggregates/jetty-all/pom.xml
> --- jetty9-9.4.38/aggregates/jetty-all/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/aggregates/jetty-all/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/aggregates/jetty-all-compact3/pom.xml jetty9-9.4.39/aggregates/jetty-all-compact3/pom.xml
> --- jetty9-9.4.38/aggregates/jetty-all-compact3/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/aggregates/jetty-all-compact3/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/apache-jsp/pom.xml jetty9-9.4.39/apache-jsp/pom.xml
> --- jetty9-9.4.38/apache-jsp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/apache-jsp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>apache-jsp</artifactId>
> diff -Nru jetty9-9.4.38/apache-jstl/pom.xml jetty9-9.4.39/apache-jstl/pom.xml
> --- jetty9-9.4.38/apache-jstl/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/apache-jstl/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>apache-jstl</artifactId>
> diff -Nru jetty9-9.4.38/build-resources/pom.xml jetty9-9.4.39/build-resources/pom.xml
> --- jetty9-9.4.38/build-resources/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/build-resources/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <modelVersion>4.0.0</modelVersion>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>build-resources</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <packaging>jar</packaging>
> <name>Jetty :: Build Resources</name>
>
> diff -Nru jetty9-9.4.38/debian/changelog jetty9-9.4.39/debian/changelog
> --- jetty9-9.4.38/debian/changelog 2021-02-28 21:50:15.000000000 +0100
> +++ jetty9-9.4.39/debian/changelog 2021-04-12 00:11:03.000000000 +0200
> @@ -1,3 +1,19 @@
> +jetty9 (9.4.39-1) unstable; urgency=high
> +
> + * New upstream release
> + - Fixed CVE-2021-28163: If a user uses a webapps directory that is a
> + symlink, the contents of the webapps directory is deployed as a static
> + webapp, inadvertently serving the webapps themselves and anything else
> + that might be in that directory.
> + - Fixes CVE-2021-28164: The default compliance mode allows requests with
> + URIs that contain %2e or %2e%2e segments to access protected resources
> + within the WEB-INF directory. This can reveal sensitive information
> + regarding the implementation of a web application.
> + - Fixes CVE-2021-28165: CPU usage can reach 100% upon receiving a large
> + invalid TLS frame.
> +
> + -- Emmanuel Bourg <ebourg@apache.org> Mon, 12 Apr 2021 00:11:03 +0200
> +
> jetty9 (9.4.38-1) unstable; urgency=medium
>
> * New upstream release
> diff -Nru jetty9-9.4.38/examples/async-rest/async-rest-jar/pom.xml jetty9-9.4.39/examples/async-rest/async-rest-jar/pom.xml
> --- jetty9-9.4.38/examples/async-rest/async-rest-jar/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/examples/async-rest/async-rest-jar/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>example-async-rest</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/examples/async-rest/async-rest-webapp/pom.xml jetty9-9.4.39/examples/async-rest/async-rest-webapp/pom.xml
> --- jetty9-9.4.38/examples/async-rest/async-rest-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/examples/async-rest/async-rest-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>example-async-rest</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/examples/async-rest/pom.xml jetty9-9.4.39/examples/async-rest/pom.xml
> --- jetty9-9.4.38/examples/async-rest/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/examples/async-rest/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.examples</groupId>
> <artifactId>examples-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/examples/embedded/pom.xml jetty9-9.4.39/examples/embedded/pom.xml
> --- jetty9-9.4.38/examples/embedded/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/examples/embedded/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.examples</groupId>
> <artifactId>examples-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/examples/pom.xml jetty9-9.4.39/examples/pom.xml
> --- jetty9-9.4.38/examples/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/examples/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-client/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-client/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-alpn-client</artifactId>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-client/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-client/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-client/src/test/java/org/eclipse/jetty/alpn/java/client/ConscryptHTTP2ClientTest.java jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-client/src/test/java/org/eclipse/jetty/alpn/java/client/ConscryptHTTP2ClientTest.java
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-client/src/test/java/org/eclipse/jetty/alpn/java/client/ConscryptHTTP2ClientTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-client/src/test/java/org/eclipse/jetty/alpn/java/client/ConscryptHTTP2ClientTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -43,9 +43,12 @@
> import org.junit.jupiter.api.Assumptions;
> import org.junit.jupiter.api.Tag;
> import org.junit.jupiter.api.Test;
> +import org.junit.jupiter.api.condition.EnabledOnOs;
>
> import static org.junit.jupiter.api.Assertions.assertTrue;
> +import static org.junit.jupiter.api.condition.OS.LINUX;
>
> +@EnabledOnOs({LINUX}) // TODO review if should be enabled on other OS
> public class ConscryptHTTP2ClientTest
> {
> @Tag("external")
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-server/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-server/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-conscrypt-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-conscrypt-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-java-client/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-java-client/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-java-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-java-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-java-server/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-java-server/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-java-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-java-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-openjdk8-client/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-openjdk8-client/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-openjdk8-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-openjdk8-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-openjdk8-server/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-openjdk8-server/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-openjdk8-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-openjdk8-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-alpn/jetty-alpn-server/pom.xml jetty9-9.4.39/jetty-alpn/jetty-alpn-server/pom.xml
> --- jetty9-9.4.38/jetty-alpn/jetty-alpn-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/jetty-alpn-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-alpn-server</artifactId>
> diff -Nru jetty9-9.4.38/jetty-alpn/pom.xml jetty9-9.4.39/jetty-alpn/pom.xml
> --- jetty9-9.4.38/jetty-alpn/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-alpn/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-alpn-parent</artifactId>
> diff -Nru jetty9-9.4.38/jetty-annotations/pom.xml jetty9-9.4.39/jetty-annotations/pom.xml
> --- jetty9-9.4.38/jetty-annotations/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-annotations/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-annotations</artifactId>
> diff -Nru jetty9-9.4.38/jetty-ant/pom.xml jetty9-9.4.39/jetty-ant/pom.xml
> --- jetty9-9.4.38/jetty-ant/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-ant/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-ant</artifactId>
> diff -Nru jetty9-9.4.38/jetty-bom/pom.xml jetty9-9.4.39/jetty-bom/pom.xml
> --- jetty9-9.4.38/jetty-bom/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-bom/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -9,7 +9,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <build>
> @@ -53,336 +53,336 @@
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>apache-jsp</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>apache-jstl</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-java-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-java-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-openjdk8-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-openjdk8-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-conscrypt-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-conscrypt-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-alpn-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-annotations</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-ant</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-continuation</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-deploy</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-distribution</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <type>zip</type>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-distribution</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <type>tar.gz</type>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.fcgi</groupId>
> <artifactId>fcgi-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.fcgi</groupId>
> <artifactId>fcgi-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.gcloud</groupId>
> <artifactId>jetty-gcloud-session-manager</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-home</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <type>zip</type>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-home</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <type>tar.gz</type>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-http</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-common</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-hpack</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-http-client-transport</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-http-spi</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-common</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-remote-query</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-embedded-query</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-hazelcast</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-io</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-jaas</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-jaspi</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-jmx</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-jndi</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.memcached</groupId>
> <artifactId>jetty-memcached-sessions</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-nosql</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-boot</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-boot-jsp</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-boot-warurl</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-httpservice</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-plus</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-proxy</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-quickstart</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-rewrite</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-security</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-openid</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-servlet</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-servlets</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-spring</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-unixsocket</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-util</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-util-ajax</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-webapp</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>javax-websocket-client-impl</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>javax-websocket-server-impl</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-api</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-client</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-common</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-server</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-servlet</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> <dependency>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-xml</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </dependency>
> </dependencies>
> </dependencyManagement>
> diff -Nru jetty9-9.4.38/jetty-cdi/pom.xml jetty9-9.4.39/jetty-cdi/pom.xml
> --- jetty9-9.4.38/jetty-cdi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-cdi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <groupId>org.eclipse.jetty</groupId>
> diff -Nru jetty9-9.4.38/jetty-cdi/src/test/java/org/eclipse/jetty/embedded/EmbeddedWeldTest.java jetty9-9.4.39/jetty-cdi/src/test/java/org/eclipse/jetty/embedded/EmbeddedWeldTest.java
> --- jetty9-9.4.38/jetty-cdi/src/test/java/org/eclipse/jetty/embedded/EmbeddedWeldTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-cdi/src/test/java/org/eclipse/jetty/embedded/EmbeddedWeldTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -167,7 +167,7 @@
> @Test
> public void testWebappContext() throws Exception
> {
> - Server server = new Server(8080);
> + Server server = new Server(0);
> server.addConnector(new LocalConnector(server));
> WebAppContext webapp = new WebAppContext();
> webapp.setContextPath("/");
> @@ -199,7 +199,7 @@
> @Test
> public void testWebappContextDiscovered() throws Exception
> {
> - Server server = new Server(8080);
> + Server server = new Server(0);
> server.addConnector(new LocalConnector(server));
> WebAppContext webapp = new WebAppContext();
> webapp.setContextPath("/");
> diff -Nru jetty9-9.4.38/jetty-client/pom.xml jetty9-9.4.39/jetty-client/pom.xml
> --- jetty9-9.4.38/jetty-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> @@ -51,6 +51,7 @@
> <goal>shade</goal>
> </goals>
> <configuration>
> + <minimizeJar>true</minimizeJar>
> <shadedArtifactAttached>true</shadedArtifactAttached>
> <shadedClassifierName>hybrid</shadedClassifierName>
> <artifactSet>
> diff -Nru jetty9-9.4.38/jetty-continuation/pom.xml jetty9-9.4.39/jetty-continuation/pom.xml
> --- jetty9-9.4.38/jetty-continuation/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-continuation/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-continuation</artifactId>
> diff -Nru jetty9-9.4.38/jetty-deploy/pom.xml jetty9-9.4.39/jetty-deploy/pom.xml
> --- jetty9-9.4.38/jetty-deploy/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-deploy/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-deploy</artifactId>
> diff -Nru jetty9-9.4.38/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/ScanningAppProvider.java jetty9-9.4.39/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/ScanningAppProvider.java
> --- jetty9-9.4.38/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/ScanningAppProvider.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/ScanningAppProvider.java 2021-03-25 15:36:22.000000000 +0100
> @@ -49,7 +49,7 @@
> {
> private static final Logger LOG = Log.getLogger(ScanningAppProvider.class);
>
> - private Map<String, App> _appMap = new HashMap<String, App>();
> + private final Map<String, App> _appMap = new HashMap<>();
>
> private DeploymentManager _deploymentManager;
> protected FilenameFilter _filenameFilter;
> diff -Nru jetty9-9.4.38/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/WebAppProvider.java jetty9-9.4.39/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/WebAppProvider.java
> --- jetty9-9.4.38/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/WebAppProvider.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-deploy/src/main/java/org/eclipse/jetty/deploy/providers/WebAppProvider.java 2021-03-25 15:36:22.000000000 +0100
> @@ -30,6 +30,8 @@
> import org.eclipse.jetty.util.URIUtil;
> import org.eclipse.jetty.util.annotation.ManagedAttribute;
> import org.eclipse.jetty.util.annotation.ManagedObject;
> +import org.eclipse.jetty.util.log.Log;
> +import org.eclipse.jetty.util.log.Logger;
> import org.eclipse.jetty.util.resource.Resource;
> import org.eclipse.jetty.webapp.WebAppContext;
> import org.eclipse.jetty.xml.XmlConfiguration;
> @@ -62,6 +64,8 @@
> @ManagedObject("Provider for start-up deployement of webapps based on presence in directory")
> public class WebAppProvider extends ScanningAppProvider
> {
> + private static final Logger LOG = Log.getLogger(WebAppProvider.class);
> +
> private boolean _extractWars = false;
> private boolean _parentLoaderPriority = false;
> private ConfigurationManager _configurationManager;
> @@ -74,28 +78,25 @@
> @Override
> public boolean accept(File dir, String name)
> {
> - if (!dir.exists())
> - {
> + if (dir == null || !dir.exists())
> return false;
> - }
> - String lowername = name.toLowerCase(Locale.ENGLISH);
>
> - File file = new File(dir, name);
> - Resource r = Resource.newResource(file);
> - if (getMonitoredResources().contains(r) && r.isDirectory())
> - {
> - return false;
> - }
> + String lowerName = name.toLowerCase(Locale.ENGLISH);
> +
> + Resource resource = Resource.newResource(new File(dir, name));
> + for (Resource m : getMonitoredResources())
> + if (resource.isSame(m))
> + return false;
>
> // ignore hidden files
> - if (lowername.startsWith("."))
> + if (lowerName.startsWith("."))
> return false;
>
> // Ignore some directories
> - if (file.isDirectory())
> + if (resource.isDirectory())
> {
> // is it a nominated config directory
> - if (lowername.endsWith(".d"))
> + if (lowerName.endsWith(".d"))
> return false;
>
> // is it an unpacked directory for an existing war file?
> @@ -107,18 +108,18 @@
> return false;
>
> //is it a sccs dir?
> - return !"cvs".equals(lowername) && !"cvsroot".equals(lowername); // OK to deploy it then
> + return !"cvs".equals(lowerName) && !"cvsroot".equals(lowerName); // OK to deploy it then
> }
>
> // else is it a war file
> - if (lowername.endsWith(".war"))
> + if (lowerName.endsWith(".war"))
> {
> //defer deployment decision to fileChanged()
> return true;
> }
>
> - // else is it a context XML file
> - return lowername.endsWith(".xml");
> + // else is it a context XML file
> + return lowerName.endsWith(".xml");
> }
> }
>
> diff -Nru jetty9-9.4.38/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/providers/WebAppProviderTest.java jetty9-9.4.39/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/providers/WebAppProviderTest.java
> --- jetty9-9.4.38/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/providers/WebAppProviderTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/providers/WebAppProviderTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -19,26 +19,38 @@
> package org.eclipse.jetty.deploy.providers;
>
> import java.io.File;
> +import java.net.URL;
> import java.nio.file.FileSystemException;
> import java.nio.file.Files;
> import java.nio.file.Path;
> import java.util.Arrays;
> +import java.util.HashMap;
> +import java.util.List;
> +import java.util.Map;
>
> import org.eclipse.jetty.deploy.test.XmlConfiguredJetty;
> +import org.eclipse.jetty.server.Handler;
> +import org.eclipse.jetty.server.Server;
> +import org.eclipse.jetty.server.handler.HandlerCollection;
> import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
> import org.eclipse.jetty.toolchain.test.jupiter.WorkDir;
> import org.eclipse.jetty.toolchain.test.jupiter.WorkDirExtension;
> +import org.eclipse.jetty.util.IO;
> +import org.eclipse.jetty.webapp.WebAppContext;
> import org.junit.jupiter.api.AfterEach;
> import org.junit.jupiter.api.BeforeEach;
> import org.junit.jupiter.api.Disabled;
> import org.junit.jupiter.api.Test;
> +import org.junit.jupiter.api.condition.EnabledOnOs;
> import org.junit.jupiter.api.extension.ExtendWith;
>
> +import static org.junit.jupiter.api.Assertions.assertEquals;
> import static org.junit.jupiter.api.Assertions.assertFalse;
> import static org.junit.jupiter.api.Assertions.assertTrue;
> import static org.junit.jupiter.api.Assumptions.assumeTrue;
> +import static org.junit.jupiter.api.condition.OS.LINUX;
> +import static org.junit.jupiter.api.condition.OS.MAC;
>
> -@Disabled("See issue #1200")
> @ExtendWith(WorkDirExtension.class)
> public class WebAppProviderTest
> {
> @@ -49,7 +61,8 @@
> @BeforeEach
> public void setupEnvironment() throws Exception
> {
> - jetty = new XmlConfiguredJetty(testdir.getEmptyPathDir());
> + Path p = testdir.getEmptyPathDir();
> + jetty = new XmlConfiguredJetty(p);
> jetty.addConfiguration("jetty.xml");
> jetty.addConfiguration("jetty-http.xml");
> jetty.addConfiguration("jetty-deploy-wars.xml");
> @@ -86,6 +99,7 @@
> jetty.stop();
> }
>
> + @Disabled("See issue #1200")
> @Test
> public void testStartupContext()
> {
> @@ -101,7 +115,8 @@
> // Test for correct behaviour
> assertTrue(hasJettyGeneratedPath(workDir, "foo.war"), "Should have generated directory in work directory: " + workDir);
> }
> -
> +
> + @Disabled("See issue #1200")
> @Test
> public void testStartupSymlinkContext()
> {
> @@ -119,7 +134,105 @@
> File workDir = jetty.getJettyDir("workish");
> assertTrue(hasJettyGeneratedPath(workDir, "bar.war"), "Should have generated directory in work directory: " + workDir);
> }
> +
> + @Test
> + @EnabledOnOs({LINUX})
> + public void testWebappSymlinkDir() throws Exception
> + {
> + jetty.stop(); //reconfigure jetty
> +
> + testdir.ensureEmpty();
> +
> + jetty = new XmlConfiguredJetty(testdir.getEmptyPathDir());
> + jetty.addConfiguration("jetty.xml");
> + jetty.addConfiguration("jetty-http.xml");
> + jetty.addConfiguration("jetty-deploy-wars.xml");
>
> + assumeTrue(symlinkSupported);
> +
> + //delete the existing webapps directory
> + File webapps = jetty.getJettyDir("webapps");
> + assertTrue(IO.delete(webapps));
> +
> + //make a different directory to contain webapps
> + File x = jetty.getJettyDir("x");
> + Files.createDirectory(x.toPath());
> +
> + //Put a webapp into it
> + File srcDir = MavenTestingUtils.getTestResourceDir("webapps");
> + File fooWar = new File(x, "foo.war");
> + IO.copy(new File(srcDir, "foo-webapp-1.war"), fooWar);
> + assertTrue(Files.exists(fooWar.toPath()));
> +
> + //make a link from x to webapps
> + Files.createSymbolicLink(jetty.getJettyDir("webapps").toPath(), x.toPath());
> + assertTrue(Files.exists(jetty.getJettyDir("webapps").toPath()));
> +
> + jetty.load();
> + jetty.start();
> +
> + //only webapp in x should be deployed, not x itself
> + jetty.assertWebAppContextsExists("/foo");
> + }
> +
> + @Test
> + @EnabledOnOs({LINUX})
> + public void testBaseDirSymlink() throws Exception
> + {
> + jetty.stop(); //reconfigure jetty
> +
> + testdir.ensureEmpty();
> +
> + Path realBase = testdir.getEmptyPathDir();
> +
> + //set jetty up on the real base
> + jetty = new XmlConfiguredJetty(realBase);
> + jetty.addConfiguration("jetty.xml");
> + jetty.addConfiguration("jetty-http.xml");
> + jetty.addConfiguration("jetty-deploy-wars.xml");
> +
> + //Put a webapp into the base
> + jetty.copyWebapp("foo-webapp-1.war", "foo.war");
> +
> + //create the jetty structure
> + jetty.load();
> + jetty.start();
> + Path jettyHome = jetty.getJettyHome().toPath();
> +
> + jetty.stop();
> +
> + //Make a symbolic link to the real base
> + File testsDir = MavenTestingUtils.getTargetTestingDir();
> + Path symlinkBase = Files.createSymbolicLink(testsDir.toPath().resolve("basedirsymlink-" + System.currentTimeMillis()), jettyHome);
> + Map<String, String> properties = new HashMap<>();
> + properties.put("jetty.home", jettyHome.toString());
> + //Start jetty, but this time running from the symlinked base
> + System.setProperty("jetty.home", properties.get("jetty.home"));
> +
> + List<URL> configurations = jetty.getConfigurations();
> + Server server = XmlConfiguredJetty.loadConfigurations(configurations, properties);
> +
> + try
> + {
> + server.start();
> + HandlerCollection handlers = (HandlerCollection)server.getHandler();
> + Handler[] children = server.getChildHandlersByClass(WebAppContext.class);
> + assertEquals(1, children.length);
> + assertEquals("/foo", ((WebAppContext)children[0]).getContextPath());
> + }
> + finally
> + {
> + server.stop();
> + }
> + }
> +
> + private Map<String, String> setupJettyProperties(Path jettyHome)
> + {
> + Map<String, String> properties = new HashMap<>();
> + properties.put("jetty.home", jettyHome.toFile().getAbsolutePath());
> + return properties;
> + }
> +
> private static boolean hasJettyGeneratedPath(File basedir, String expectedWarFilename)
> {
> File[] paths = basedir.listFiles();
> diff -Nru jetty9-9.4.38/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/test/XmlConfiguredJetty.java jetty9-9.4.39/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/test/XmlConfiguredJetty.java
> --- jetty9-9.4.38/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/test/XmlConfiguredJetty.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-deploy/src/test/java/org/eclipse/jetty/deploy/test/XmlConfiguredJetty.java 2021-03-25 15:36:22.000000000 +0100
> @@ -31,6 +31,7 @@
> import java.net.UnknownHostException;
> import java.nio.file.Path;
> import java.util.ArrayList;
> +import java.util.Collections;
> import java.util.HashMap;
> import java.util.List;
> import java.util.Map;
> @@ -69,6 +70,51 @@
> private String _scheme = HttpScheme.HTTP.asString();
> private File _jettyHome;
>
> + public static Server loadConfigurations(List<URL> configurations, Map<String, String> properties)
> + throws Exception
> + {
> + XmlConfiguration last = null;
> + Object[] obj = new Object[configurations.size()];
> +
> + // Configure everything
> + for (int i = 0; i < configurations.size(); i++)
> + {
> + URL configURL = configurations.get(i);
> + XmlConfiguration configuration = new XmlConfiguration(configURL);
> + if (last != null)
> + configuration.getIdMap().putAll(last.getIdMap());
> + configuration.getProperties().putAll(properties);
> + obj[i] = configuration.configure();
> + last = configuration;
> + }
> +
> + // Test for Server Instance.
> + Server foundServer = null;
> + int serverCount = 0;
> + for (int i = 0; i < configurations.size(); i++)
> + {
> + if (obj[i] instanceof Server)
> + {
> + if (obj[i].equals(foundServer))
> + {
> + // Identical server instance found
> + break;
> + }
> + foundServer = (Server)obj[i];
> + serverCount++;
> + }
> + }
> +
> + if (serverCount <= 0)
> + {
> + throw new Exception("Load failed to configure a " + Server.class.getName());
> + }
> +
> + assertEquals(1, serverCount, "Server load count");
> +
> + return foundServer;
> + }
> +
> public XmlConfiguredJetty(Path testdir) throws IOException
> {
> _xmlConfigurations = new ArrayList<>();
> @@ -77,11 +123,11 @@
> String jettyHomeBase = testdir.toString();
> // Ensure we have a new (pristene) directory to work with.
> int idx = 0;
> - _jettyHome = new File(jettyHomeBase + "#" + idx);
> + _jettyHome = new File(jettyHomeBase + "--" + idx);
> while (_jettyHome.exists())
> {
> idx++;
> - _jettyHome = new File(jettyHomeBase + "#" + idx);
> + _jettyHome = new File(jettyHomeBase + "--" + idx);
> }
> deleteContents(_jettyHome);
> // Prepare Jetty.Home (Test) dir
> @@ -152,6 +198,11 @@
> {
> _xmlConfigurations.add(xmlConfig);
> }
> +
> + public List<URL> getConfigurations()
> + {
> + return Collections.unmodifiableList(_xmlConfigurations);
> + }
>
> public void assertNoWebAppContexts()
> {
> @@ -325,46 +376,7 @@
>
> public void load() throws Exception
> {
> - XmlConfiguration last = null;
> - Object[] obj = new Object[this._xmlConfigurations.size()];
> -
> - // Configure everything
> - for (int i = 0; i < this._xmlConfigurations.size(); i++)
> - {
> - URL configURL = this._xmlConfigurations.get(i);
> - XmlConfiguration configuration = new XmlConfiguration(configURL);
> - if (last != null)
> - configuration.getIdMap().putAll(last.getIdMap());
> - configuration.getProperties().putAll(_properties);
> - obj[i] = configuration.configure();
> - last = configuration;
> - }
> -
> - // Test for Server Instance.
> - Server foundServer = null;
> - int serverCount = 0;
> - for (int i = 0; i < this._xmlConfigurations.size(); i++)
> - {
> - if (obj[i] instanceof Server)
> - {
> - if (obj[i].equals(foundServer))
> - {
> - // Identical server instance found
> - break;
> - }
> - foundServer = (Server)obj[i];
> - serverCount++;
> - }
> - }
> -
> - if (serverCount <= 0)
> - {
> - throw new Exception("Load failed to configure a " + Server.class.getName());
> - }
> -
> - assertEquals(1, serverCount, "Server load count");
> -
> - this._server = foundServer;
> + this._server = loadConfigurations(_xmlConfigurations, _properties);
> this._server.setStopTimeout(10);
> }
>
> diff -Nru jetty9-9.4.38/jetty-distribution/pom.xml jetty9-9.4.39/jetty-distribution/pom.xml
> --- jetty9-9.4.38/jetty-distribution/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-distribution/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-distribution</artifactId>
> diff -Nru jetty9-9.4.38/jetty-fcgi/fcgi-client/pom.xml jetty9-9.4.39/jetty-fcgi/fcgi-client/pom.xml
> --- jetty9-9.4.38/jetty-fcgi/fcgi-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-fcgi/fcgi-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.fcgi</groupId>
> <artifactId>fcgi-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-fcgi/fcgi-server/pom.xml jetty9-9.4.39/jetty-fcgi/fcgi-server/pom.xml
> --- jetty9-9.4.38/jetty-fcgi/fcgi-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-fcgi/fcgi-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.fcgi</groupId>
> <artifactId>fcgi-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-fcgi/pom.xml jetty9-9.4.39/jetty-fcgi/pom.xml
> --- jetty9-9.4.38/jetty-fcgi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-fcgi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-gcloud/jetty-gcloud-session-manager/pom.xml jetty9-9.4.39/jetty-gcloud/jetty-gcloud-session-manager/pom.xml
> --- jetty9-9.4.38/jetty-gcloud/jetty-gcloud-session-manager/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-gcloud/jetty-gcloud-session-manager/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.gcloud</groupId>
> <artifactId>gcloud-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-gcloud/pom.xml jetty9-9.4.39/jetty-gcloud/pom.xml
> --- jetty9-9.4.38/jetty-gcloud/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-gcloud/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-hazelcast/pom.xml jetty9-9.4.39/jetty-hazelcast/pom.xml
> --- jetty9-9.4.38/jetty-hazelcast/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-hazelcast/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-embedded.mod jetty9-9.4.39/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-embedded.mod
> --- jetty9-9.4.38/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-embedded.mod 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-embedded.mod 2021-03-25 15:36:22.000000000 +0100
> @@ -13,14 +13,17 @@
> sessions
>
> [files]
> -maven://com.hazelcast/hazelcast/3.12.10|lib/hazelcast/hazelcast-3.12.10.jar
> +maven://com.hazelcast/hazelcast/${hazelcast.version}|lib/hazelcast/hazelcast-${hazelcast.version}.jar
>
> [xml]
> etc/sessions/hazelcast/default.xml
>
> [lib]
> lib/jetty-hazelcast-${jetty.version}.jar
> -lib/hazelcast/*.jar
> +lib/hazelcast/hazelcast-${hazelcast.version}.jar
> +
> +[ini]
> +hazelcast.version?=3.12.10
>
> [license]
> Hazelcast is an open source project hosted on Github and released under the Apache 2.0 license.
> diff -Nru jetty9-9.4.38/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-remote.mod jetty9-9.4.39/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-remote.mod
> --- jetty9-9.4.38/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-remote.mod 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-hazelcast/src/main/config/modules/session-store-hazelcast-remote.mod 2021-03-25 15:36:22.000000000 +0100
> @@ -13,15 +13,19 @@
> sessions
>
> [files]
> -maven://com.hazelcast/hazelcast/3.12.10|lib/hazelcast/hazelcast-3.12.10.jar
> -maven://com.hazelcast/hazelcast-client/3.12.6|lib/hazelcast/hazelcast-client-3.12.10.jar
> +maven://com.hazelcast/hazelcast/${hazelcast.version}|lib/hazelcast/hazelcast-${hazelcast.version}.jar
> +maven://com.hazelcast/hazelcast-client/${hazelcast.version}|lib/hazelcast/hazelcast-client-${hazelcast.version}.jar
>
> [xml]
> etc/sessions/hazelcast/remote.xml
>
> [lib]
> lib/jetty-hazelcast-${jetty.version}.jar
> -lib/hazelcast/*.jar
> +lib/hazelcast/hazelcast-${hazelcast.version}.jar
> +lib/hazelcast/hazelcast-client-${hazelcast.version}.jar
> +
> +[ini]
> +hazelcast.version?=3.12.10
>
> [license]
> Hazelcast is an open source project hosted on Github and released under the Apache 2.0 license.
> diff -Nru jetty9-9.4.38/jetty-home/pom.xml jetty9-9.4.39/jetty-home/pom.xml
> --- jetty9-9.4.38/jetty-home/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-home/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-home</artifactId>
> diff -Nru jetty9-9.4.38/jetty-home/src/main/resources/modules/hawtio.mod jetty9-9.4.39/jetty-home/src/main/resources/modules/hawtio.mod
> --- jetty9-9.4.38/jetty-home/src/main/resources/modules/hawtio.mod 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-home/src/main/resources/modules/hawtio.mod 2021-03-25 15:36:22.000000000 +0100
> @@ -17,7 +17,7 @@
> [files]
> etc/hawtio/
> lib/hawtio/
> -https://oss.sonatype.org/content/repositories/public/io/hawt/hawtio-default/1.4.16/hawtio-default-1.4.16.war|lib/hawtio/hawtio.war
> +maven://io.hawt/hawtio-default/1.4.16|lib/hawtio/hawtio.war
> basehome:modules/hawtio/hawtio.xml|etc/hawtio.xml
>
> [license]
> diff -Nru jetty9-9.4.38/jetty-home/src/main/resources/modules/jminix.mod jetty9-9.4.39/jetty-home/src/main/resources/modules/jminix.mod
> --- jetty9-9.4.38/jetty-home/src/main/resources/modules/jminix.mod 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-home/src/main/resources/modules/jminix.mod 2021-03-25 15:36:22.000000000 +0100
> @@ -18,12 +18,12 @@
> [files]
> lib/jminix/
> maven://org.jminix/jminix/1.1.0|lib/jminix/jminix-1.1.0.jar
> -http://maven.restlet.com/org/restlet/org.restlet/1.1.5/org.restlet-1.1.5.jar|lib/jminix/org.restlet-1.1.5.jar
> -http://maven.restlet.com/org/restlet/org.restlet.ext.velocity/1.1.5/org.restlet.ext.velocity-1.1.5.jar|lib/jminix/org.restlet.ext.velocity-1.1.5.jar
> +https://maven.restlet.talend.com/org/restlet/org.restlet/1.1.5/org.restlet-1.1.5.jar|lib/jminix/org.restlet-1.1.5.jar
> +https://maven.restlet.talend.com/org/restlet/org.restlet.ext.velocity/1.1.5/org.restlet.ext.velocity-1.1.5.jar|lib/jminix/org.restlet.ext.velocity-1.1.5.jar
> maven://org.apache.velocity/velocity/1.5|lib/jminix/velocity-1.5.jar
> maven://oro/oro/2.0.8|lib/jminix/oro-2.0.8.jar
> -http://maven.restlet.com/com/noelios/restlet/com.noelios.restlet/1.1.5/com.noelios.restlet-1.1.5.jar|lib/jminix/com.noelios.restlet-1.1.5.jar
> -http://maven.restlet.com/com/noelios/restlet/com.noelios.restlet.ext.servlet/1.1.5/com.noelios.restlet.ext.servlet-1.1.5.jar|lib/jminix/com.noelios.restlet.ext.servlet-1.1.5.jar
> +https://maven.restlet.talend.com/com/noelios/restlet/com.noelios.restlet/1.1.5/com.noelios.restlet-1.1.5.jar|lib/jminix/com.noelios.restlet-1.1.5.jar
> +https://maven.restlet.talend.com/com/noelios/restlet/com.noelios.restlet.ext.servlet/1.1.5/com.noelios.restlet.ext.servlet-1.1.5.jar|lib/jminix/com.noelios.restlet.ext.servlet-1.1.5.jar
> maven://net.sf.json-lib/json-lib/2.2.3/jar/jdk15|lib/jminix/json-lib-2.2.3-jdk15.jar
> maven://commons-lang/commons-lang/2.4|lib/jminix/commons-lang-2.4.jar
> maven://commons-beanutils/commons-beanutils/1.7.0|lib/jminix/commons-beanutils-1.7.0.jar
> diff -Nru jetty9-9.4.38/jetty-http/pom.xml jetty9-9.4.39/jetty-http/pom.xml
> --- jetty9-9.4.38/jetty-http/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-http</artifactId>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-alpn-tests/pom.xml jetty9-9.4.39/jetty-http2/http2-alpn-tests/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-alpn-tests/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-alpn-tests/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-client/pom.xml jetty9-9.4.39/jetty-http2/http2-client/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-common/pom.xml jetty9-9.4.39/jetty-http2/http2-common/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-common/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-common/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-hpack/pom.xml jetty9-9.4.39/jetty-http2/http2-hpack/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-hpack/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-hpack/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-http-client-transport/pom.xml jetty9-9.4.39/jetty-http2/http2-http-client-transport/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-http-client-transport/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-http-client-transport/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/http2-server/pom.xml jetty9-9.4.39/jetty-http2/http2-server/pom.xml
> --- jetty9-9.4.38/jetty-http2/http2-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/http2-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.http2</groupId>
> <artifactId>http2-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http2/pom.xml jetty9-9.4.39/jetty-http2/pom.xml
> --- jetty9-9.4.38/jetty-http2/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http2/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-http-spi/pom.xml jetty9-9.4.39/jetty-http-spi/pom.xml
> --- jetty9-9.4.38/jetty-http-spi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-http-spi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-http-spi</artifactId>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-common/pom.xml jetty9-9.4.39/jetty-infinispan/infinispan-common/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/infinispan-common/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-common/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>infinispan-common</artifactId>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-embedded/pom.xml jetty9-9.4.39/jetty-infinispan/infinispan-embedded/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/infinispan-embedded/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-embedded/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>infinispan-embedded</artifactId>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-embedded-query/pom.xml jetty9-9.4.39/jetty-infinispan/infinispan-embedded-query/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/infinispan-embedded-query/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-embedded-query/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>infinispan-embedded-query</artifactId>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-remote/pom.xml jetty9-9.4.39/jetty-infinispan/infinispan-remote/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/infinispan-remote/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-remote/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>infinispan-remote</artifactId>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-remote-query/pom.xml jetty9-9.4.39/jetty-infinispan/infinispan-remote-query/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/infinispan-remote-query/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-remote-query/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>infinispan-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>infinispan-remote-query</artifactId>
> @@ -138,5 +138,10 @@
> <artifactId>testcontainers</artifactId>
> <scope>test</scope>
> </dependency>
> + <dependency>
> + <groupId>org.testcontainers</groupId>
> + <artifactId>junit-jupiter</artifactId>
> + <scope>test</scope>
> + </dependency>
> </dependencies>
> </project>
> diff -Nru jetty9-9.4.38/jetty-infinispan/infinispan-remote-query/src/test/java/org/eclipse/jetty/server/session/infinispan/RemoteQueryManagerTest.java jetty9-9.4.39/jetty-infinispan/infinispan-remote-query/src/test/java/org/eclipse/jetty/server/session/infinispan/RemoteQueryManagerTest.java
> --- jetty9-9.4.38/jetty-infinispan/infinispan-remote-query/src/test/java/org/eclipse/jetty/server/session/infinispan/RemoteQueryManagerTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/infinispan-remote-query/src/test/java/org/eclipse/jetty/server/session/infinispan/RemoteQueryManagerTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -49,11 +49,13 @@
> import org.testcontainers.containers.GenericContainer;
> import org.testcontainers.containers.output.Slf4jLogConsumer;
> import org.testcontainers.containers.wait.strategy.LogMessageWaitStrategy;
> +import org.testcontainers.junit.jupiter.Testcontainers;
>
> import static org.junit.jupiter.api.Assertions.assertEquals;
> import static org.junit.jupiter.api.Assertions.assertNotNull;
> import static org.junit.jupiter.api.Assertions.assertTrue;
>
> +@Testcontainers(disabledWithoutDocker = true)
> public class RemoteQueryManagerTest
> {
> public static final String DEFAULT_CACHE_NAME = "remote-session-test";
> diff -Nru jetty9-9.4.38/jetty-infinispan/pom.xml jetty9-9.4.39/jetty-infinispan/pom.xml
> --- jetty9-9.4.38/jetty-infinispan/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-infinispan/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-io/pom.xml jetty9-9.4.39/jetty-io/pom.xml
> --- jetty9-9.4.38/jetty-io/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-io/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-io</artifactId>
> diff -Nru jetty9-9.4.38/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java jetty9-9.4.39/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
> --- jetty9-9.4.38/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java 2021-03-25 15:36:22.000000000 +0100
> @@ -729,8 +729,15 @@
> return filled = -1;
>
> case BUFFER_UNDERFLOW:
> + if (BufferUtil.space(_encryptedInput) == 0)
> + {
> + BufferUtil.clear(_encryptedInput);
> + throw new SSLHandshakeException("Encrypted buffer max length exceeded");
> + }
> +
> if (netFilled > 0)
> continue; // try filling some more
> +
> _underflown = true;
> if (netFilled < 0 && _sslEngine.getUseClientMode())
> {
> @@ -739,7 +746,7 @@
> {
> Throwable handshakeFailure = new SSLHandshakeException("Abruptly closed by peer");
> if (closeFailure != null)
> - handshakeFailure.initCause(closeFailure);
> + handshakeFailure.addSuppressed(closeFailure);
> throw handshakeFailure;
> }
> return filled = -1;
> diff -Nru jetty9-9.4.38/jetty-jaas/pom.xml jetty9-9.4.39/jetty-jaas/pom.xml
> --- jetty9-9.4.38/jetty-jaas/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jaas/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-jaas</artifactId>
> diff -Nru jetty9-9.4.38/jetty-jaspi/pom.xml jetty9-9.4.39/jetty-jaspi/pom.xml
> --- jetty9-9.4.38/jetty-jaspi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jaspi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-jmh/pom.xml jetty9-9.4.39/jetty-jmh/pom.xml
> --- jetty9-9.4.38/jetty-jmh/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jmh/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-jmx/pom.xml jetty9-9.4.39/jetty-jmx/pom.xml
> --- jetty9-9.4.38/jetty-jmx/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jmx/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-jmx</artifactId>
> diff -Nru jetty9-9.4.38/jetty-jndi/pom.xml jetty9-9.4.39/jetty-jndi/pom.xml
> --- jetty9-9.4.38/jetty-jndi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jndi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-jndi</artifactId>
> diff -Nru jetty9-9.4.38/jetty-jspc-maven-plugin/pom.xml jetty9-9.4.39/jetty-jspc-maven-plugin/pom.xml
> --- jetty9-9.4.38/jetty-jspc-maven-plugin/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-jspc-maven-plugin/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-jspc-maven-plugin</artifactId>
> diff -Nru jetty9-9.4.38/jetty-maven-plugin/pom.xml jetty9-9.4.39/jetty-maven-plugin/pom.xml
> --- jetty9-9.4.38/jetty-maven-plugin/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-maven-plugin/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-maven-plugin</artifactId>
> diff -Nru jetty9-9.4.38/jetty-memcached/jetty-memcached-sessions/pom.xml jetty9-9.4.39/jetty-memcached/jetty-memcached-sessions/pom.xml
> --- jetty9-9.4.38/jetty-memcached/jetty-memcached-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-memcached/jetty-memcached-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.memcached</groupId>
> <artifactId>memcached-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-memcached/pom.xml jetty9-9.4.39/jetty-memcached/pom.xml
> --- jetty9-9.4.38/jetty-memcached/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-memcached/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-nosql/pom.xml jetty9-9.4.39/jetty-nosql/pom.xml
> --- jetty9-9.4.38/jetty-nosql/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-nosql/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-nosql</artifactId>
> diff -Nru jetty9-9.4.38/jetty-openid/pom.xml jetty9-9.4.39/jetty-openid/pom.xml
> --- jetty9-9.4.38/jetty-openid/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-openid/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/jetty-osgi-alpn/pom.xml jetty9-9.4.39/jetty-osgi/jetty-osgi-alpn/pom.xml
> --- jetty9-9.4.38/jetty-osgi/jetty-osgi-alpn/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/jetty-osgi-alpn/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-osgi-alpn</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/jetty-osgi-boot/pom.xml jetty9-9.4.39/jetty-osgi/jetty-osgi-boot/pom.xml
> --- jetty9-9.4.38/jetty-osgi/jetty-osgi-boot/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/jetty-osgi-boot/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-osgi-boot</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/jetty-osgi-boot-jsp/pom.xml jetty9-9.4.39/jetty-osgi/jetty-osgi-boot-jsp/pom.xml
> --- jetty9-9.4.38/jetty-osgi/jetty-osgi-boot-jsp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/jetty-osgi-boot-jsp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-osgi-boot-jsp</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/jetty-osgi-boot-warurl/pom.xml jetty9-9.4.39/jetty-osgi/jetty-osgi-boot-warurl/pom.xml
> --- jetty9-9.4.38/jetty-osgi/jetty-osgi-boot-warurl/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/jetty-osgi-boot-warurl/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/jetty-osgi-httpservice/pom.xml jetty9-9.4.39/jetty-osgi/jetty-osgi-httpservice/pom.xml
> --- jetty9-9.4.38/jetty-osgi/jetty-osgi-httpservice/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/jetty-osgi-httpservice/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-httpservice</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/pom.xml jetty9-9.4.39/jetty-osgi/pom.xml
> --- jetty9-9.4.38/jetty-osgi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi-context/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi-context/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi-context/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi-context/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>test-jetty-osgi-context</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi-fragment/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi-fragment/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi-fragment/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi-fragment/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi-server/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi-server/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>test-jetty-osgi-server</artifactId>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi-webapp/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi-webapp/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-osgi/test-jetty-osgi-webapp-resources/pom.xml jetty9-9.4.39/jetty-osgi/test-jetty-osgi-webapp-resources/pom.xml
> --- jetty9-9.4.38/jetty-osgi/test-jetty-osgi-webapp-resources/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-osgi/test-jetty-osgi-webapp-resources/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.osgi</groupId>
> <artifactId>jetty-osgi-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>test-jetty-osgi-webapp-resources</artifactId>
> diff -Nru jetty9-9.4.38/jetty-plus/pom.xml jetty9-9.4.39/jetty-plus/pom.xml
> --- jetty9-9.4.38/jetty-plus/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-plus/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-plus</artifactId>
> diff -Nru jetty9-9.4.38/jetty-proxy/pom.xml jetty9-9.4.39/jetty-proxy/pom.xml
> --- jetty9-9.4.38/jetty-proxy/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-proxy/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-proxy</artifactId>
> diff -Nru jetty9-9.4.38/jetty-quickstart/pom.xml jetty9-9.4.39/jetty-quickstart/pom.xml
> --- jetty9-9.4.38/jetty-quickstart/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-quickstart/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <groupId>org.eclipse.jetty</groupId>
> diff -Nru jetty9-9.4.38/jetty-rewrite/pom.xml jetty9-9.4.39/jetty-rewrite/pom.xml
> --- jetty9-9.4.38/jetty-rewrite/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-rewrite/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-rewrite</artifactId>
> diff -Nru jetty9-9.4.38/jetty-runner/pom.xml jetty9-9.4.39/jetty-runner/pom.xml
> --- jetty9-9.4.38/jetty-runner/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-runner/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-runner</artifactId>
> diff -Nru jetty9-9.4.38/jetty-security/pom.xml jetty9-9.4.39/jetty-security/pom.xml
> --- jetty9-9.4.38/jetty-security/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-security/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-security</artifactId>
> diff -Nru jetty9-9.4.38/jetty-server/pom.xml jetty9-9.4.39/jetty-server/pom.xml
> --- jetty9-9.4.38/jetty-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-server</artifactId>
> diff -Nru jetty9-9.4.38/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java jetty9-9.4.39/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
> --- jetty9-9.4.38/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java 2021-03-25 15:36:22.000000000 +0100
> @@ -1824,7 +1824,8 @@
> setMethod(request.getMethod());
> HttpURI uri = request.getURI();
>
> - if (uri.isAmbiguous())
> + boolean ambiguous = uri.isAmbiguous();
> + if (ambiguous)
> {
> // replaced in jetty-10 with URICompliance from the HttpConfiguration
> Connection connection = _channel == null ? null : _channel.getConnection();
> @@ -1852,6 +1853,13 @@
> else if (encoded.startsWith("/"))
> {
> path = (encoded.length() == 1) ? "/" : uri.getDecodedPath();
> +
> + // Strictly speaking if a URI is legal and encodes ambiguous segments, then they should be
> + // reflected in the decoded string version. However, previous behaviour was to always normalize
> + // so we will continue to do so. If an application wishes to see ambiguous URIs, then they can look
> + // at the encoded form of the URI
> + if (ambiguous)
> + path = URIUtil.canonicalPath(path);
> }
> else if ("*".equals(encoded) || HttpMethod.CONNECT.is(getMethod()))
> {
> diff -Nru jetty9-9.4.38/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java jetty9-9.4.39/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
> --- jetty9-9.4.38/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java 2021-03-25 15:36:22.000000000 +0100
> @@ -1667,29 +1667,56 @@
> if (LOG.isDebugEnabled())
> LOG.debug("Got Session ID {} from cookie {}", id, sessionCookie);
>
> - HttpSession s = getHttpSession(id);
> -
> - if (requestedSessionId == null)
> - {
> - //no previous id, always accept this one
> - requestedSessionId = id;
> - session = s;
> - }
> - else if (requestedSessionId.equals(id))
> - {
> - //really a bad request, but will forgive the duplication
> - }
> - else if (session == null || !isValid(session))
> + if (session == null)
> {
> - //no previous session or invalid, accept this one
> - requestedSessionId = id;
> - session = s;
> + //we currently do not have a session selected, use this one if it is valid
> + HttpSession s = getHttpSession(id);
> + if (s != null && isValid(s))
> + {
> + //associate it with the request so its reference count is decremented as the
> + //request exits
> + requestedSessionId = id;
> + session = s;
> + baseRequest.enterSession(session);
> + baseRequest.setSession(session);
> +
> + if (LOG.isDebugEnabled())
> + LOG.debug("Selected session {}", session);
> + }
> + else
> + {
> + if (LOG.isDebugEnabled())
> + LOG.debug("No session found for session cookie id {}", id);
> +
> + //if we don't have a valid session id yet, just choose the current id
> + if (requestedSessionId == null)
> + requestedSessionId = id;
> + }
> }
> else
> {
> - //previous session is valid, use it unless both valid
> - if (s != null && isValid(s))
> - throw new BadMessageException("Duplicate valid session cookies: " + requestedSessionId + "," + id);
> + //we currently have a valid session selected. We will throw an error
> + //if there is a _different_ valid session id cookie. Duplicate ids, or
> + //invalid session ids are ignored
> + if (!session.getId().equals(getSessionIdManager().getId(id)))
> + {
> + //load the session to see if it is valid or not
> + HttpSession s = getHttpSession(id);
> + if (s != null && isValid(s))
> + {
> + //associate it with the request so its reference count is decremented as the
> + //request exits
> + baseRequest.enterSession(s);
> + if (LOG.isDebugEnabled())
> + LOG.debug("Multiple different valid session ids: {}, {}", requestedSessionId, id);
> + throw new BadMessageException("Duplicate valid session cookies: " + requestedSessionId + " ," + id);
> + }
> + }
> + else
> + {
> + if (LOG.isDebugEnabled())
> + LOG.debug("Duplicate valid session cookie id: {}", id);
> + }
> }
> }
> }
> @@ -1718,24 +1745,22 @@
>
> requestedSessionId = uri.substring(s, i);
> requestedSessionIdFromCookie = false;
> +
> if (LOG.isDebugEnabled())
> LOG.debug("Got Session ID {} from URL", requestedSessionId);
> +
> session = getHttpSession(requestedSessionId);
> + if (session != null && isValid(session))
> + {
> + baseRequest.enterSession(session); //request enters this session for first time
> + baseRequest.setSession(session); //associate the session with the request
> + }
> }
> }
> }
>
> baseRequest.setRequestedSessionId(requestedSessionId);
> baseRequest.setRequestedSessionIdFromCookie(requestedSessionId != null && requestedSessionIdFromCookie);
> -
> - if (requestedSessionId != null)
> - {
> - if (session != null && isValid(session))
> - {
> - baseRequest.enterSession(session); //request enters this session for first time
> - baseRequest.setSession(session); //associate the session with the request
> - }
> - }
> }
>
> /**
> diff -Nru jetty9-9.4.38/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java jetty9-9.4.39/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java
> --- jetty9-9.4.38/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -32,6 +32,7 @@
> import java.util.Queue;
> import java.util.concurrent.LinkedBlockingQueue;
> import java.util.function.Consumer;
> +import java.util.stream.Collectors;
> import javax.net.ssl.SNIHostName;
> import javax.net.ssl.SNIServerName;
> import javax.net.ssl.SSLEngine;
> @@ -61,6 +62,7 @@
> import org.eclipse.jetty.util.IO;
> import org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager;
> import org.eclipse.jetty.util.ssl.SslContextFactory;
> +import org.eclipse.jetty.util.ssl.X509;
> import org.hamcrest.Matchers;
> import org.junit.jupiter.api.AfterEach;
> import org.junit.jupiter.api.BeforeEach;
> @@ -189,7 +191,27 @@
> @Test
> public void testSNIConnect() throws Exception
> {
> - start("src/test/resources/keystore_sni.p12");
> + start(ssl ->
> + {
> + ssl.setKeyStorePath("src/test/resources/keystore_sni.p12");
> + ssl.setSNISelector((keyType, issuers, session, sniHost, certificates) ->
> + {
> + // Make sure the *.domain.com comes before sub.domain.com
> + // to test that we prefer more specific domains.
> + List<X509> sortedCertificates = certificates.stream()
> + // As sorted() sorts ascending, make *.domain.com the smallest.
> + .sorted((x509a, x509b) ->
> + {
> + if (x509a.matches("domain.com"))
> + return -1;
> + if (x509b.matches("domain.com"))
> + return 1;
> + return 0;
> + })
> + .collect(Collectors.toList());
> + return ssl.sniSelect(keyType, issuers, session, sniHost, sortedCertificates);
> + });
> + });
>
> String response = getResponse("jetty.eclipse.org", "jetty.eclipse.org");
> assertThat(response, Matchers.containsString("X-HOST: jetty.eclipse.org"));
> @@ -200,6 +222,9 @@
> response = getResponse("foo.domain.com", "*.domain.com");
> assertThat(response, Matchers.containsString("X-HOST: foo.domain.com"));
>
> + response = getResponse("sub.domain.com", "sub.domain.com");
> + assertThat(response, Matchers.containsString("X-HOST: sub.domain.com"));
> +
> response = getResponse("m.san.com", "san example");
> assertThat(response, Matchers.containsString("X-HOST: m.san.com"));
>
> diff -Nru jetty9-9.4.38/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java jetty9-9.4.39/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
> --- jetty9-9.4.38/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -34,19 +34,31 @@
> import java.net.SocketException;
> import java.net.SocketTimeoutException;
> import java.net.URL;
> +import java.nio.ByteBuffer;
> +import java.util.Arrays;
> +import java.util.concurrent.atomic.AtomicLong;
> +import javax.net.SocketFactory;
> import javax.net.ssl.HostnameVerifier;
> import javax.net.ssl.HttpsURLConnection;
> import javax.net.ssl.SSLContext;
> +import javax.net.ssl.SSLEngine;
> +import javax.net.ssl.SSLEngineResult;
> +import javax.net.ssl.SSLException;
> import javax.net.ssl.SSLSession;
> import javax.servlet.ServletException;
> import javax.servlet.ServletOutputStream;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
> +import org.eclipse.jetty.io.EndPoint;
> +import org.eclipse.jetty.io.ssl.SslConnection;
> +import org.eclipse.jetty.server.ConnectionFactory;
> +import org.eclipse.jetty.server.Connector;
> import org.eclipse.jetty.server.HttpConnectionFactory;
> import org.eclipse.jetty.server.Request;
> import org.eclipse.jetty.server.Server;
> import org.eclipse.jetty.server.ServerConnector;
> +import org.eclipse.jetty.server.SslConnectionFactory;
> import org.eclipse.jetty.server.handler.AbstractHandler;
> import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
> import org.eclipse.jetty.util.IO;
> @@ -59,6 +71,7 @@
> import static org.hamcrest.MatcherAssert.assertThat;
> import static org.hamcrest.Matchers.greaterThan;
> import static org.hamcrest.Matchers.is;
> +import static org.hamcrest.Matchers.lessThan;
> import static org.junit.jupiter.api.Assertions.assertEquals;
> import static org.junit.jupiter.api.Assertions.assertNotNull;
>
> @@ -106,12 +119,13 @@
>
> private Server server;
> private ServerConnector connector;
> + private SslContextFactory.Server sslContextFactory;
>
> @BeforeEach
> public void startServer() throws Exception
> {
> String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
> - SslContextFactory sslContextFactory = new SslContextFactory.Server();
> + sslContextFactory = new SslContextFactory.Server();
> sslContextFactory.setKeyStorePath(keystore);
> sslContextFactory.setKeyStorePassword("storepwd");
> sslContextFactory.setKeyManagerPassword("keypwd");
> @@ -192,6 +206,61 @@
> }
>
> @Test
> + public void testInvalidLargeTLSFrame() throws Exception
> + {
> + AtomicLong unwraps = new AtomicLong();
> + ConnectionFactory http = connector.getConnectionFactory(HttpConnectionFactory.class);
> + ConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, http.getProtocol())
> + {
> + @Override
> + protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine)
> + {
> + return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption())
> + {
> + @Override
> + protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException
> + {
> + unwraps.incrementAndGet();
> + return super.unwrap(sslEngine, input, output);
> + }
> + };
> + }
> + };
> + ServerConnector tlsConnector = new ServerConnector(server, 1, 1, ssl, http);
> + server.addConnector(tlsConnector);
> + server.setHandler(new HelloWorldHandler());
> + server.start();
> +
> + // Create raw TLS record.
> + byte[] bytes = new byte[20005];
> + Arrays.fill(bytes, (byte)1);
> +
> + bytes[0] = 22; // record type
> + bytes[1] = 3; // major version
> + bytes[2] = 3; // minor version
> + bytes[3] = 78; // record length 2 bytes / 0x4E20 / decimal 20,000
> + bytes[4] = 32; // record length
> + bytes[5] = 1; // message type
> + bytes[6] = 0; // message length 3 bytes / 0x004E17 / decimal 19,991
> + bytes[7] = 78;
> + bytes[8] = 23;
> +
> + SocketFactory socketFactory = SocketFactory.getDefault();
> + try (Socket client = socketFactory.createSocket("localhost", tlsConnector.getLocalPort()))
> + {
> + client.getOutputStream().write(bytes);
> +
> + // Sleep to see if the server spins.
> + Thread.sleep(1000);
> + assertThat(unwraps.get(), lessThan(128L));
> +
> + // Read until -1 or read timeout.
> + client.setSoTimeout(1000);
> + IO.readBytes(client.getInputStream());
> + }
> + }
> +
> + @Test
> public void testRequestJettyHttps() throws Exception
> {
> server.setHandler(new HelloWorldHandler());
> Binary files /tmp/xNV5seqXro/jetty9-9.4.38/jetty-server/src/test/resources/keystore_sni.p12 and /tmp/7J4C5W4awH/jetty9-9.4.39/jetty-server/src/test/resources/keystore_sni.p12 differ
> diff -Nru jetty9-9.4.38/jetty-servlet/pom.xml jetty9-9.4.39/jetty-servlet/pom.xml
> --- jetty9-9.4.38/jetty-servlet/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-servlet/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-servlet</artifactId>
> diff -Nru jetty9-9.4.38/jetty-servlets/pom.xml jetty9-9.4.39/jetty-servlets/pom.xml
> --- jetty9-9.4.38/jetty-servlets/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-servlets/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-servlets</artifactId>
> diff -Nru jetty9-9.4.38/jetty-spring/pom.xml jetty9-9.4.39/jetty-spring/pom.xml
> --- jetty9-9.4.38/jetty-spring/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-spring/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-spring</artifactId>
> diff -Nru jetty9-9.4.38/jetty-start/pom.xml jetty9-9.4.39/jetty-start/pom.xml
> --- jetty9-9.4.38/jetty-start/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-start/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-start</artifactId>
> diff -Nru jetty9-9.4.38/jetty-unixsocket/pom.xml jetty9-9.4.39/jetty-unixsocket/pom.xml
> --- jetty9-9.4.38/jetty-unixsocket/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-unixsocket/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-unixsocket</artifactId>
> diff -Nru jetty9-9.4.38/jetty-util/pom.xml jetty9-9.4.39/jetty-util/pom.xml
> --- jetty9-9.4.38/jetty-util/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-util</artifactId>
> diff -Nru jetty9-9.4.38/jetty-util/src/main/config/modules/log4j2-api.mod jetty9-9.4.39/jetty-util/src/main/config/modules/log4j2-api.mod
> --- jetty9-9.4.38/jetty-util/src/main/config/modules/log4j2-api.mod 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/config/modules/log4j2-api.mod 2021-03-25 15:36:22.000000000 +0100
> @@ -23,6 +23,6 @@
> http://www.apache.org/licenses/LICENSE-2.0.html
>
> [ini]
> -log4j2.version?=2.11.2
> +log4j2.version?=2.14.0
> disruptor.version=3.4.2
> jetty.webapp.addServerClasses+=,${jetty.base.uri}/lib/log4j2/
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/ModuleLocation.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/ModuleLocation.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/ModuleLocation.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/ModuleLocation.java 2021-03-25 15:36:22.000000000 +0100
> @@ -23,6 +23,7 @@
> import java.lang.reflect.Method;
> import java.net.URI;
> import java.util.Optional;
> +import java.util.function.Function;
>
> import org.eclipse.jetty.util.log.Log;
> import org.eclipse.jetty.util.log.Logger;
> @@ -53,7 +54,7 @@
> *
> * In Jetty 10, this entire class can be moved to direct calls to java.lang.Module in TypeUtil.getModuleLocation()
> */
> -class ModuleLocation
> +class ModuleLocation implements Function<Class<?>, URI>
> {
> private static final Logger LOG = Log.getLogger(ModuleLocation.class);
>
> @@ -100,7 +101,8 @@
> }
> }
>
> - public URI getModuleLocation(Class<?> clazz)
> + @Override
> + public URI apply(Class<?> clazz)
> {
> try
> {
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java 2021-03-25 15:36:22.000000000 +0100
> @@ -29,7 +29,9 @@
> import java.net.URLConnection;
> import java.nio.channels.FileChannel;
> import java.nio.channels.ReadableByteChannel;
> +import java.nio.file.Files;
> import java.nio.file.InvalidPathException;
> +import java.nio.file.Path;
> import java.nio.file.StandardOpenOption;
> import java.security.Permission;
>
> @@ -184,6 +186,30 @@
> _alias = checkFileAlias(_uri, _file);
> }
>
> + @Override
> + public boolean isSame(Resource resource)
> + {
> + try
> + {
> + if (resource instanceof PathResource)
> + {
> + Path path = ((PathResource)resource).getPath();
> + return Files.isSameFile(getFile().toPath(), path);
> + }
> + if (resource instanceof FileResource)
> + {
> + Path path = ((FileResource)resource).getFile().toPath();
> + return Files.isSameFile(getFile().toPath(), path);
> + }
> + }
> + catch (IOException e)
> + {
> + if (LOG.isDebugEnabled())
> + LOG.debug("ignored", e);
> + }
> + return false;
> + }
> +
> private static URI normalizeURI(File file, URI uri) throws URISyntaxException
> {
> String u = uri.toASCIIString();
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/PathResource.java 2021-03-25 15:36:22.000000000 +0100
> @@ -337,6 +337,30 @@
> }
>
> @Override
> + public boolean isSame(Resource resource)
> + {
> + try
> + {
> + if (resource instanceof PathResource)
> + {
> + Path path = ((PathResource)resource).getPath();
> + return Files.isSameFile(getPath(), path);
> + }
> + if (resource instanceof FileResource)
> + {
> + Path path = ((FileResource)resource).getFile().toPath();
> + return Files.isSameFile(getPath(), path);
> + }
> + }
> + catch (IOException e)
> + {
> + if (LOG.isDebugEnabled())
> + LOG.debug("ignored", e);
> + }
> + return false;
> + }
> +
> + @Override
> public Resource addPath(final String subpath) throws IOException
> {
> String cpath = URIUtil.canonicalPath(subpath);
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/Resource.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/Resource.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/resource/Resource.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/resource/Resource.java 2021-03-25 15:36:22.000000000 +0100
> @@ -312,6 +312,18 @@
> public abstract boolean isContainedIn(Resource r) throws MalformedURLException;
>
> /**
> + * Return true if the passed Resource represents the same resource as the Resource.
> + * For many resource types, this is equivalent to {@link #equals(Object)}, however
> + * for resources types that support aliasing, this maybe some other check (e.g. {@link java.nio.file.Files#isSameFile(Path, Path)}).
> + * @param resource The resource to check
> + * @return true if the passed resource represents the same resource.
> + */
> + public boolean isSame(Resource resource)
> + {
> + return equals(resource);
> + }
> +
> + /**
> * Release any temporary resources held by the resource.
> *
> * @deprecated use {@link #close()}
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java 2021-03-25 15:36:22.000000000 +0100
> @@ -54,6 +54,7 @@
> import java.util.Set;
> import java.util.function.Consumer;
> import java.util.regex.Pattern;
> +import java.util.stream.Collectors;
> import javax.net.ssl.CertPathTrustManagerParameters;
> import javax.net.ssl.HostnameVerifier;
> import javax.net.ssl.KeyManager;
> @@ -63,7 +64,6 @@
> import javax.net.ssl.SNIServerName;
> import javax.net.ssl.SSLContext;
> import javax.net.ssl.SSLEngine;
> -import javax.net.ssl.SSLHandshakeException;
> import javax.net.ssl.SSLParameters;
> import javax.net.ssl.SSLPeerUnverifiedException;
> import javax.net.ssl.SSLServerSocket;
> @@ -2292,7 +2292,7 @@
> }
>
> @Override
> - public String sniSelect(String keyType, Principal[] issuers, SSLSession session, String sniHost, Collection<X509> certificates) throws SSLHandshakeException
> + public String sniSelect(String keyType, Principal[] issuers, SSLSession session, String sniHost, Collection<X509> certificates)
> {
> if (sniHost == null)
> {
> @@ -2301,12 +2301,24 @@
> }
> else
> {
> - // Match the SNI host, or let the JDK decide unless unmatched SNIs are rejected.
> - return certificates.stream()
> + // Match the SNI host.
> + List<X509> matching = certificates.stream()
> .filter(x509 -> x509.matches(sniHost))
> - .findFirst()
> + .collect(Collectors.toList());
> +
> + // No match, let the JDK decide unless unmatched SNIs are rejected.
> + if (matching.isEmpty())
> + return isSniRequired() ? null : SniX509ExtendedKeyManager.SniSelector.DELEGATE;
> +
> + String alias = matching.get(0).getAlias();
> + if (matching.size() == 1)
> + return alias;
> +
> + // Prefer strict matches over wildcard matches.
> + return matching.stream()
> + .min(Comparator.comparingInt(cert -> cert.getWilds().size()))
> .map(X509::getAlias)
> - .orElse(_sniRequired ? null : SniX509ExtendedKeyManager.SniSelector.DELEGATE);
> + .orElse(alias);
> }
> }
>
> diff -Nru jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/TypeUtil.java jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/TypeUtil.java
> --- jetty9-9.4.38/jetty-util/src/main/java/org/eclipse/jetty/util/TypeUtil.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/main/java/org/eclipse/jetty/util/TypeUtil.java 2021-03-25 15:36:22.000000000 +0100
> @@ -19,9 +19,6 @@
> package org.eclipse.jetty.util;
>
> import java.io.IOException;
> -import java.lang.invoke.MethodHandle;
> -import java.lang.invoke.MethodHandles;
> -import java.lang.invoke.MethodType;
> import java.lang.reflect.Constructor;
> import java.lang.reflect.InvocationTargetException;
> import java.lang.reflect.Method;
> @@ -38,12 +35,11 @@
> import java.util.HashMap;
> import java.util.List;
> import java.util.Map;
> +import java.util.function.Function;
>
> import org.eclipse.jetty.util.log.Log;
> import org.eclipse.jetty.util.log.Logger;
>
> -import static java.lang.invoke.MethodType.methodType;
> -
> /**
> * TYPE Utilities.
> * Provides various static utility methods for manipulating types and their
> @@ -177,38 +173,32 @@
> }
> }
>
> - private static final MethodHandle[] LOCATION_METHODS;
> - private static final ModuleLocation MODULE_LOCATION;
> + private static final List<Function<Class<?>, URI>> LOCATION_METHODS = new ArrayList<>();
> + private static final Function<Class<?>, URI> MODULE_LOCATION;
>
> static
> {
> - List<MethodHandle> locationMethods = new ArrayList<>();
> -
> - MethodHandles.Lookup lookup = MethodHandles.lookup();
> - MethodType type = methodType(URI.class, Class.class);
> -
> + // Lookup order in LOCATION_METHODS is important.
> + LOCATION_METHODS.add(TypeUtil::getCodeSourceLocation);
> + Function<Class<?>, URI> moduleFunc = null;
> try
> {
> - locationMethods.add(lookup.findStatic(TypeUtil.class, "getCodeSourceLocation", type));
> - ModuleLocation moduleLocation = null;
> - try
> + Class<?> clazzModuleLocation = TypeUtil.class.getClassLoader().loadClass(TypeUtil.class.getPackage().getName() + ".ModuleLocation");
> + Object obj = clazzModuleLocation.getConstructor().newInstance();
> + if (obj instanceof Function)
> {
> - moduleLocation = new ModuleLocation();
> - locationMethods.add(lookup.findStatic(TypeUtil.class, "getModuleLocation", type));
> + //noinspection unchecked
> + moduleFunc = (Function<Class<?>, URI>)obj;
> + LOCATION_METHODS.add(moduleFunc);
> }
> - catch (UnsupportedOperationException e)
> - {
> - LOG.debug("JVM Runtime does not support Modules");
> - }
> - MODULE_LOCATION = moduleLocation;
> - locationMethods.add(lookup.findStatic(TypeUtil.class, "getClassLoaderLocation", type));
> - locationMethods.add(lookup.findStatic(TypeUtil.class, "getSystemClassLoaderLocation", type));
> - LOCATION_METHODS = locationMethods.toArray(new MethodHandle[0]);
> }
> - catch (Exception e)
> + catch (Throwable t)
> {
> - throw new RuntimeException("Unable to establish Location Lookup Handles", e);
> + LOG.debug("This JVM Runtime does not support Modules, disabling Jetty internal support");
> }
> + MODULE_LOCATION = moduleFunc;
> + LOCATION_METHODS.add(TypeUtil::getClassLoaderLocation);
> + LOCATION_METHODS.add(TypeUtil::getSystemClassLoaderLocation);
> }
>
> /**
> @@ -627,13 +617,11 @@
> */
> public static URI getLocationOfClass(Class<?> clazz)
> {
> - URI location;
> -
> - for (MethodHandle locationMethod : LOCATION_METHODS)
> + for (Function<Class<?>, URI> locationFunction : LOCATION_METHODS)
> {
> try
> {
> - location = (URI)locationMethod.invoke(clazz);
> + URI location = locationFunction.apply(clazz);
> if (location != null)
> {
> return location;
> @@ -723,7 +711,7 @@
> // In Jetty 10, this method can be implemented directly, without reflection
> if (MODULE_LOCATION != null)
> {
> - return MODULE_LOCATION.getModuleLocation(clazz);
> + return MODULE_LOCATION.apply(clazz);
> }
> return null;
> }
> diff -Nru jetty9-9.4.38/jetty-util/src/test/java/org/eclipse/jetty/util/resource/PathResourceTest.java jetty9-9.4.39/jetty-util/src/test/java/org/eclipse/jetty/util/resource/PathResourceTest.java
> --- jetty9-9.4.38/jetty-util/src/test/java/org/eclipse/jetty/util/resource/PathResourceTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util/src/test/java/org/eclipse/jetty/util/resource/PathResourceTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -32,6 +32,7 @@
> import java.util.Map;
>
> import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
> +import org.hamcrest.Matchers;
> import org.junit.jupiter.api.Test;
>
> import static java.nio.charset.StandardCharsets.UTF_8;
> @@ -146,4 +147,20 @@
> File file = resource.getFile();
> assertThat("File for default FileSystem", file, is(exampleJar.toFile()));
> }
> +
> + @Test
> + public void testSame() throws Exception
> + {
> + Path rpath = MavenTestingUtils.getTestResourcePathFile("resource.txt");
> + Path epath = MavenTestingUtils.getTestResourcePathFile("example.jar");
> + PathResource rPathResource = new PathResource(rpath);
> + FileResource rFileResource = new FileResource(rpath.toFile());
> + PathResource ePathResource = new PathResource(epath);
> + FileResource eFileResource = new FileResource(epath.toFile());
> +
> + assertThat(rPathResource.isSame(rPathResource), Matchers.is(true));
> + assertThat(rPathResource.isSame(rFileResource), Matchers.is(true));
> + assertThat(rPathResource.isSame(ePathResource), Matchers.is(false));
> + assertThat(rPathResource.isSame(eFileResource), Matchers.is(false));
> + }
> }
> diff -Nru jetty9-9.4.38/jetty-util-ajax/pom.xml jetty9-9.4.39/jetty-util-ajax/pom.xml
> --- jetty9-9.4.38/jetty-util-ajax/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-util-ajax/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-util-ajax</artifactId>
> diff -Nru jetty9-9.4.38/jetty-webapp/pom.xml jetty9-9.4.39/jetty-webapp/pom.xml
> --- jetty9-9.4.38/jetty-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-webapp</artifactId>
> diff -Nru jetty9-9.4.38/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java jetty9-9.4.39/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java
> --- jetty9-9.4.38/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppContextTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -33,8 +33,10 @@
> import javax.servlet.ServletRequest;
> import javax.servlet.ServletResponse;
>
> +import org.eclipse.jetty.http.HttpCompliance;
> import org.eclipse.jetty.http.HttpStatus;
> import org.eclipse.jetty.http.HttpTester;
> +import org.eclipse.jetty.server.HttpConnectionFactory;
> import org.eclipse.jetty.server.LocalConnector;
> import org.eclipse.jetty.server.Server;
> import org.eclipse.jetty.server.ServerConnector;
> @@ -248,6 +250,42 @@
> }
>
> @Test
> + public void testProtectedTarget() throws Exception
> + {
> + Server server = newServer();
> + server.getConnectors()[0].getConnectionFactory(HttpConnectionFactory.class).setHttpCompliance(HttpCompliance.LEGACY);
> +
> + HandlerList handlers = new HandlerList();
> + ContextHandlerCollection contexts = new ContextHandlerCollection();
> + WebAppContext context = new WebAppContext();
> + Path testWebapp = MavenTestingUtils.getProjectDirPath("src/test/webapp");
> + context.setBaseResource(new PathResource(testWebapp));
> + context.setContextPath("/");
> + server.setHandler(handlers);
> + handlers.addHandler(contexts);
> + contexts.addHandler(context);
> +
> + LocalConnector connector = new LocalConnector(server);
> + server.addConnector(connector);
> +
> + server.start();
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/%2e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%2e%2e/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.OK_200));
> +
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF/ HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /web-inf/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2e/%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /foo/%2e%2e/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /%2E/WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET //WEB-INF/test.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + assertThat(HttpTester.parseResponse(connector.getResponse("GET /WEB-INF%2ftest.xml HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n")).getStatus(), is(HttpStatus.NOT_FOUND_404));
> + }
> +
> + @Test
> public void testNullPath() throws Exception
> {
> Server server = newServer();
> diff -Nru jetty9-9.4.38/jetty-webapp/src/test/webapp/test.xml jetty9-9.4.39/jetty-webapp/src/test/webapp/test.xml
> --- jetty9-9.4.38/jetty-webapp/src/test/webapp/test.xml 1970-01-01 01:00:00.000000000 +0100
> +++ jetty9-9.4.39/jetty-webapp/src/test/webapp/test.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -0,0 +1 @@
> +test
> diff -Nru jetty9-9.4.38/jetty-webapp/src/test/webapp/WEB-INF/test.xml jetty9-9.4.39/jetty-webapp/src/test/webapp/WEB-INF/test.xml
> --- jetty9-9.4.38/jetty-webapp/src/test/webapp/WEB-INF/test.xml 1970-01-01 01:00:00.000000000 +0100
> +++ jetty9-9.4.39/jetty-webapp/src/test/webapp/WEB-INF/test.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -0,0 +1 @@
> +test
> diff -Nru jetty9-9.4.38/jetty-websocket/javax-websocket-client-impl/pom.xml jetty9-9.4.39/jetty-websocket/javax-websocket-client-impl/pom.xml
> --- jetty9-9.4.38/jetty-websocket/javax-websocket-client-impl/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/javax-websocket-client-impl/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/javax-websocket-server-impl/pom.xml jetty9-9.4.39/jetty-websocket/javax-websocket-server-impl/pom.xml
> --- jetty9-9.4.38/jetty-websocket/javax-websocket-server-impl/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/javax-websocket-server-impl/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/jetty-websocket-tests/pom.xml jetty9-9.4.39/jetty-websocket/jetty-websocket-tests/pom.xml
> --- jetty9-9.4.38/jetty-websocket/jetty-websocket-tests/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/jetty-websocket-tests/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/PermessageDeflateBufferTest.java jetty9-9.4.39/jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/PermessageDeflateBufferTest.java
> --- jetty9-9.4.38/jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/PermessageDeflateBufferTest.java 1970-01-01 01:00:00.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/jetty-websocket-tests/src/test/java/org/eclipse/jetty/websocket/tests/PermessageDeflateBufferTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -0,0 +1,135 @@
> +//
> +// ========================================================================
> +// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
> +// ------------------------------------------------------------------------
> +// All rights reserved. This program and the accompanying materials
> +// are made available under the terms of the Eclipse Public License v1.0
> +// and Apache License v2.0 which accompanies this distribution.
> +//
> +// The Eclipse Public License is available at
> +// http://www.eclipse.org/legal/epl-v10.html
> +//
> +// The Apache License v2.0 is available at
> +// http://www.opensource.org/licenses/apache2.0.php
> +//
> +// You may elect to redistribute this code under either of these licenses.
> +// ========================================================================
> +//
> +
> +package org.eclipse.jetty.websocket.tests;
> +
> +import java.net.URI;
> +import java.util.Arrays;
> +import java.util.List;
> +import java.util.Random;
> +import java.util.concurrent.TimeUnit;
> +
> +import org.eclipse.jetty.server.Server;
> +import org.eclipse.jetty.server.ServerConnector;
> +import org.eclipse.jetty.servlet.ServletContextHandler;
> +import org.eclipse.jetty.websocket.api.Session;
> +import org.eclipse.jetty.websocket.api.annotations.WebSocket;
> +import org.eclipse.jetty.websocket.client.ClientUpgradeRequest;
> +import org.eclipse.jetty.websocket.client.WebSocketClient;
> +import org.eclipse.jetty.websocket.server.NativeWebSocketServletContainerInitializer;
> +import org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter;
> +import org.junit.jupiter.api.AfterEach;
> +import org.junit.jupiter.api.BeforeEach;
> +import org.junit.jupiter.api.Test;
> +
> +import static org.hamcrest.MatcherAssert.assertThat;
> +import static org.hamcrest.Matchers.is;
> +import static org.junit.jupiter.api.Assertions.assertTrue;
> +
> +public class PermessageDeflateBufferTest
> +{
> + private Server server;
> + private ServerConnector connector;
> + private WebSocketClient client;
> +
> + // @checkstyle-disable-check : AvoidEscapedUnicodeCharactersCheck
> + private static final List<String> DICT = Arrays.asList(
> + "\uD83C\uDF09",
> + "\uD83C\uDF0A",
> + "\uD83C\uDF0B",
> + "\uD83C\uDF0C",
> + "\uD83C\uDF0D",
> + "\uD83C\uDF0F",
> + "\uD83C\uDFC0",
> + "\uD83C\uDFC1",
> + "\uD83C\uDFC2",
> + "\uD83C\uDFC3",
> + "\uD83C\uDFC4",
> + "\uD83C\uDFC5"
> + );
> +
> + private static String randomText()
> + {
> + Random rnd = new Random();
> + StringBuilder sb = new StringBuilder();
> + for (int i = 0; i < 15000; i++)
> + {
> + sb.append(DICT.get(rnd.nextInt(DICT.size())));
> + }
> + return sb.toString();
> + }
> +
> + @BeforeEach
> + public void before() throws Exception
> + {
> + server = new Server();
> + connector = new ServerConnector(server);
> + server.addConnector(connector);
> +
> + ServletContextHandler contextHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
> + contextHandler.setContextPath("/");
> + server.setHandler(contextHandler);
> + WebSocketUpgradeFilter.configure(contextHandler);
> + NativeWebSocketServletContainerInitializer.configure(contextHandler, (context, container) ->
> + {
> + container.getPolicy().setMaxTextMessageBufferSize(65535);
> + container.getPolicy().setInputBufferSize(16384);
> + container.addMapping("/", ServerSocket.class);
> + });
> +
> + server.start();
> + client = new WebSocketClient();
> + client.start();
> + }
> +
> + @AfterEach
> + public void after() throws Exception
> + {
> + client.stop();
> + server.stop();
> + }
> +
> + @WebSocket
> + public static class ServerSocket extends EchoSocket
> + {
> + @Override
> + public void onError(Throwable cause)
> + {
> + cause.printStackTrace();
> + super.onError(cause);
> + }
> + }
> +
> + @Test
> + public void testPermessageDeflateAggregation() throws Exception
> + {
> + EventSocket socket = new EventSocket();
> + ClientUpgradeRequest clientUpgradeRequest = new ClientUpgradeRequest();
> + clientUpgradeRequest.addExtensions("permessage-deflate");
> +
> + URI uri = URI.create("ws://localhost:" + connector.getLocalPort());
> + Session session = client.connect(socket, uri, clientUpgradeRequest).get(5, TimeUnit.SECONDS);
> +
> + String s = randomText();
> + session.getRemote().sendString(s);
> + assertThat(socket.textMessages.poll(5, TimeUnit.SECONDS), is(s));
> +
> + session.close();
> + assertTrue(socket.closeLatch.await(5, TimeUnit.SECONDS));
> + }
> +}
> diff -Nru jetty9-9.4.38/jetty-websocket/pom.xml jetty9-9.4.39/jetty-websocket/pom.xml
> --- jetty9-9.4.38/jetty-websocket/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <artifactId>jetty-project</artifactId>
> <groupId>org.eclipse.jetty</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-api/pom.xml jetty9-9.4.39/jetty-websocket/websocket-api/pom.xml
> --- jetty9-9.4.38/jetty-websocket/websocket-api/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-api/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-client/pom.xml jetty9-9.4.39/jetty-websocket/websocket-client/pom.xml
> --- jetty9-9.4.38/jetty-websocket/websocket-client/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-client/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-common/pom.xml jetty9-9.4.39/jetty-websocket/websocket-common/pom.xml
> --- jetty9-9.4.38/jetty-websocket/websocket-common/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-common/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/extensions/compress/CompressExtension.java jetty9-9.4.39/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/extensions/compress/CompressExtension.java
> --- jetty9-9.4.38/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/extensions/compress/CompressExtension.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-common/src/main/java/org/eclipse/jetty/websocket/common/extensions/compress/CompressExtension.java 2021-03-25 15:36:22.000000000 +0100
> @@ -197,14 +197,15 @@
>
> while (true)
> {
> + // The buffer returned by the accumulator might not be empty, so we must append starting from the limit.
> ByteBuffer buffer = accumulator.ensureBuffer(DECOMPRESS_BUF_SIZE);
> - int read = inflater.inflate(buffer.array(), buffer.arrayOffset() + buffer.position(), buffer.capacity() - buffer.limit());
> - buffer.limit(buffer.limit() + read);
> - accumulator.addLength(read);
> + int decompressed = inflater.inflate(buffer.array(), buffer.arrayOffset() + buffer.limit(), buffer.capacity() - buffer.limit());
> + buffer.limit(buffer.limit() + decompressed);
> + accumulator.addLength(decompressed);
> if (LOG.isDebugEnabled())
> - LOG.debug("Decompressed {} bytes into buffer {} from {}", read, BufferUtil.toDetailString(buffer), toDetail(inflater));
> + LOG.debug("Decompressed {} bytes into buffer {} from {}", decompressed, BufferUtil.toDetailString(buffer), toDetail(inflater));
>
> - if (read <= 0)
> + if (decompressed <= 0)
> break;
> }
> }
> @@ -495,8 +496,9 @@
> {
> while (true)
> {
> + // The buffer returned by the accumulator might not be empty, so we must append starting from the limit.
> ByteBuffer buffer = accumulator.ensureBuffer(8, outputLength);
> - int compressed = deflater.deflate(buffer.array(), buffer.arrayOffset() + buffer.position(), buffer.capacity() - buffer.limit(), Deflater.SYNC_FLUSH);
> + int compressed = deflater.deflate(buffer.array(), buffer.arrayOffset() + buffer.limit(), buffer.capacity() - buffer.limit(), Deflater.SYNC_FLUSH);
> buffer.limit(buffer.limit() + compressed);
>
> if (LOG.isDebugEnabled())
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-server/pom.xml jetty9-9.4.39/jetty-websocket/websocket-server/pom.xml
> --- jetty9-9.4.38/jetty-websocket/websocket-server/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-server/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-websocket/websocket-servlet/pom.xml jetty9-9.4.39/jetty-websocket/websocket-servlet/pom.xml
> --- jetty9-9.4.38/jetty-websocket/websocket-servlet/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-websocket/websocket-servlet/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.websocket</groupId>
> <artifactId>websocket-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/jetty-xml/pom.xml jetty9-9.4.39/jetty-xml/pom.xml
> --- jetty9-9.4.38/jetty-xml/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-xml/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jetty-xml</artifactId>
> diff -Nru jetty9-9.4.38/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java jetty9-9.4.39/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java
> --- jetty9-9.4.38/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/jetty-xml/src/test/java/org/eclipse/jetty/xml/XmlParserTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -33,6 +33,8 @@
>
> URL configURL = XmlConfiguration.class.getClassLoader().getResource("org/eclipse/jetty/xml/configure_9_3.dtd");
> parser.redirectEntity("configure.dtd", configURL);
> + parser.redirectEntity("configure_9_3.dtd", configURL);
> + //parser.redirectEntity("http://www.eclipse.org/jetty/configure_9_3.dtd";, configURL);
> parser.redirectEntity("http://jetty.eclipse.org/configure.dtd";, configURL);
> parser.redirectEntity("-//Mort Bay Consulting//DTD Configure//EN", configURL);
>
> diff -Nru jetty9-9.4.38/pom.xml jetty9-9.4.39/pom.xml
> --- jetty9-9.4.38/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <modelVersion>4.0.0</modelVersion>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <name>Jetty :: Project</name>
> <description>The Eclipse Jetty Project</description>
> <packaging>pom</packaging>
> @@ -19,7 +19,7 @@
> <build-support.version>1.5</build-support.version>
> <checkstyle.version>8.37</checkstyle.version>
> <slf4j.version>1.7.30</slf4j.version>
> - <log4j2.version>2.11.2</log4j2.version>
> + <log4j2.version>2.14.0</log4j2.version>
> <disruptor.version>3.4.2</disruptor.version>
> <logback.version>1.2.3</logback.version>
> <jetty-test-policy.version>1.2</jetty-test-policy.version>
> diff -Nru jetty9-9.4.38/tests/pom.xml jetty9-9.4.39/tests/pom.xml
> --- jetty9-9.4.38/tests/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty</groupId>
> <artifactId>jetty-project</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> diff -Nru jetty9-9.4.38/tests/test-continuation/pom.xml jetty9-9.4.39/tests/test-continuation/pom.xml
> --- jetty9-9.4.38/tests/test-continuation/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-continuation/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-distribution/pom.xml jetty9-9.4.39/tests/test-distribution/pom.xml
> --- jetty9-9.4.38/tests/test-distribution/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-distribution/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -2,7 +2,7 @@
> <parent>
> <artifactId>tests-parent</artifactId>
> <groupId>org.eclipse.jetty.tests</groupId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
>
> diff -Nru jetty9-9.4.38/tests/test-http-client-transport/pom.xml jetty9-9.4.39/tests/test-http-client-transport/pom.xml
> --- jetty9-9.4.38/tests/test-http-client-transport/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-http-client-transport/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-integration/pom.xml jetty9-9.4.39/tests/test-integration/pom.xml
> --- jetty9-9.4.38/tests/test-integration/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-integration/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>test-integration</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-jmx/jmx-webapp/pom.xml jetty9-9.4.39/tests/test-jmx/jmx-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-jmx/jmx-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-jmx/jmx-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-jmx-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>jmx-webapp</artifactId>
> <packaging>war</packaging>
> diff -Nru jetty9-9.4.38/tests/test-jmx/jmx-webapp-it/pom.xml jetty9-9.4.39/tests/test-jmx/jmx-webapp-it/pom.xml
> --- jetty9-9.4.38/tests/test-jmx/jmx-webapp-it/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-jmx/jmx-webapp-it/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-jmx-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>jmx-webapp-it</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-jmx/pom.xml jetty9-9.4.39/tests/test-jmx/pom.xml
> --- jetty9-9.4.38/tests/test-jmx/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-jmx/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> <artifactId>test-jmx-parent</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-loginservice/pom.xml jetty9-9.4.39/tests/test-loginservice/pom.xml
> --- jetty9-9.4.38/tests/test-loginservice/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-loginservice/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-loginservice</artifactId>
> <name>Jetty Tests :: Login Service</name>
> diff -Nru jetty9-9.4.38/tests/test-quickstart/pom.xml jetty9-9.4.39/tests/test-quickstart/pom.xml
> --- jetty9-9.4.38/tests/test-quickstart/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-quickstart/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-sessions-parent</artifactId>
> <name>Jetty Tests :: Sessions :: Parent</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-file-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-file-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-file-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-file-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-file-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: File</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-gcloud-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-gcloud-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-gcloud-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-gcloud-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-gcloud-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: GCloud</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-hazelcast-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-hazelcast-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-hazelcast-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-hazelcast-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-hazelcast-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: Hazelcast</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-infinispan-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-infinispan-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-infinispan-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-infinispan-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-infinispan-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: Infinispan</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-jdbc-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-jdbc-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-jdbc-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-jdbc-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-jdbc-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: JDBC</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-memcached-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-memcached-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-memcached-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-memcached-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-memcached-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: Memcached</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-mongodb-sessions/pom.xml jetty9-9.4.39/tests/test-sessions/test-mongodb-sessions/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-mongodb-sessions/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-mongodb-sessions/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-mongodb-sessions</artifactId>
> <name>Jetty Tests :: Sessions :: Mongo</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-sessions-common/pom.xml jetty9-9.4.39/tests/test-sessions/test-sessions-common/pom.xml
> --- jetty9-9.4.38/tests/test-sessions/test-sessions-common/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-sessions-common/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-sessions-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-sessions-common</artifactId>
> <name>Jetty Tests :: Sessions :: Common</name>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/DuplicateCookieTest.java jetty9-9.4.39/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/DuplicateCookieTest.java
> --- jetty9-9.4.38/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/DuplicateCookieTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/DuplicateCookieTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -65,13 +65,15 @@
> try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> {
> //create a valid session
> - createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s4422 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "4422");
>
> client = new HttpClient();
> client.start();
>
> + assertEquals(0, s4422.getRequests());
> +
> //make a request with another session cookie in there that does not exist
> Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> request.header("Cookie", "JSESSIONID=123"); //doesn't exist
> @@ -79,6 +81,66 @@
> ContentResponse response = request.send();
> assertEquals(HttpServletResponse.SC_OK, response.getStatus());
> assertEquals("4422", response.getContentAsString());
> +
> + assertEquals(0, s4422.getRequests());
> + }
> + finally
> + {
> + server1.stop();
> + client.stop();
> + }
> + }
> +
> + @Test
> + public void testMultipleSessionCookiesValidFirst() throws Exception
> + {
> + String contextPath = "";
> + String servletMapping = "/server";
> + HttpClient client = null;
> +
> + DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
> + SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
> +
> + TestServer server1 = new TestServer(0, -1, -1, cacheFactory, storeFactory);
> + TestServlet servlet = new TestServlet();
> + ServletHolder holder = new ServletHolder(servlet);
> + ServletContextHandler contextHandler = server1.addContext(contextPath);
> + contextHandler.addServlet(holder, servletMapping);
> + server1.start();
> + int port1 = server1.getPort();
> +
> + try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> + {
> + //create a valid session
> + Session s1122 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "1122");
> + //create an invalid session
> + Session s2233 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "2233");
> + //create another invalid session
> + Session s2255 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "2255");
> +
> + client = new HttpClient();
> + client.start();
> +
> + assertEquals(0, s1122.getRequests());
> + assertEquals(0, s2233.getRequests());
> + assertEquals(0, s2255.getRequests());
> +
> + //make a request where the valid session cookie is first
> + Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> + request.header("Cookie", "JSESSIONID=1122"); //is valid
> + request.header("Cookie", "JSESSIONID=2233"); //is invalid
> + request.header("Cookie", "JSESSIONID=2255"); //is invalid
> + ContentResponse response = request.send();
> + assertEquals(HttpServletResponse.SC_OK, response.getStatus());
> + assertEquals("1122", response.getContentAsString());
> +
> + assertEquals(0, s1122.getRequests());
> }
> finally
> {
> @@ -88,7 +150,7 @@
> }
>
> @Test
> - public void testMultipleSessionCookiesOnlyOneValid() throws Exception
> + public void testMultipleSessionCookiesInvalidFirst() throws Exception
> {
> String contextPath = "";
> String servletMapping = "/server";
> @@ -108,24 +170,93 @@
> try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> {
> //create a valid session
> - createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s1122 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "1122");
> //create an invalid session
> - createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s2233 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "2233");
> + //create another invalid session
> + Session s2255 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "2255");
>
> client = new HttpClient();
> client.start();
>
> - //make a request with another session cookie in there that is not valid
> + assertEquals(0, s1122.getRequests());
> + assertEquals(0, s2233.getRequests());
> + assertEquals(0, s2255.getRequests());
> +
> + //make a request with the valid session cookie last
> Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> + request.header("Cookie", "JSESSIONID=2233"); //is invalid
> + request.header("Cookie", "JSESSIONID=2255"); //is invalid
> request.header("Cookie", "JSESSIONID=1122"); //is valid
> + ContentResponse response = request.send();
> + assertEquals(HttpServletResponse.SC_OK, response.getStatus());
> + assertEquals("1122", response.getContentAsString());
> +
> + assertEquals(0, s1122.getRequests());
> + }
> + finally
> + {
> + server1.stop();
> + client.stop();
> + }
> + }
> +
> + @Test
> + public void testMultipleSessionCookiesInvalidValidInvalid() throws Exception
> + {
> + String contextPath = "";
> + String servletMapping = "/server";
> + HttpClient client = null;
> +
> + DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
> + SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
> +
> + TestServer server1 = new TestServer(0, -1, -1, cacheFactory, storeFactory);
> + TestServlet servlet = new TestServlet();
> + ServletHolder holder = new ServletHolder(servlet);
> + ServletContextHandler contextHandler = server1.addContext(contextPath);
> + contextHandler.addServlet(holder, servletMapping);
> + server1.start();
> + int port1 = server1.getPort();
> +
> + try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> + {
> + //create a valid session
> + Session s1122 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "1122");
> + //create an invalid session
> + Session s2233 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "2233");
> + //create another invalid session
> + Session s2255 = createInvalidSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "2255");
> +
> + client = new HttpClient();
> + client.start();
> +
> + assertEquals(0, s1122.getRequests());
> + assertEquals(0, s2233.getRequests());
> + assertEquals(0, s2255.getRequests());
> +
> + //make a request with another session cookie with the valid session surrounded by invalids
> + Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> request.header("Cookie", "JSESSIONID=2233"); //is invalid
> + request.header("Cookie", "JSESSIONID=1122"); //is valid
> + request.header("Cookie", "JSESSIONID=2255"); //is invalid
> ContentResponse response = request.send();
> assertEquals(HttpServletResponse.SC_OK, response.getStatus());
> assertEquals("1122", response.getContentAsString());
> +
> + assertEquals(0, s1122.getRequests());
> }
> finally
> {
> @@ -155,25 +286,83 @@
> try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> {
> //create some of unexpired sessions
> - createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s1234 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "1234");
> - createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s5678 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "5678");
> - createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + Session s9111 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> "9111");
>
> client = new HttpClient();
> client.start();
>
> + //check that the request count is 0
> + assertEquals(0, s1234.getRequests());
> + assertEquals(0, s5678.getRequests());
> + assertEquals(0, s9111.getRequests());
> +
> //make a request with multiple valid session ids
> Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> request.header("Cookie", "JSESSIONID=1234");
> request.header("Cookie", "JSESSIONID=5678");
> ContentResponse response = request.send();
> assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
> +
> + //check that all valid sessions have their request counts decremented correctly after the request, back to 0
> + assertEquals(0, s1234.getRequests());
> + assertEquals(0, s5678.getRequests());
> + assertEquals(0, s9111.getRequests());
> + }
> + finally
> + {
> + server1.stop();
> + client.stop();
> + }
> + }
> +
> + @Test
> + public void testMultipleIdenticalSessionCookies() throws Exception
> + {
> + String contextPath = "";
> + String servletMapping = "/server";
> + HttpClient client = null;
> +
> + DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
> + SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
> +
> + TestServer server1 = new TestServer(0, -1, -1, cacheFactory, storeFactory);
> + TestServlet servlet = new TestServlet();
> + ServletHolder holder = new ServletHolder(servlet);
> + ServletContextHandler contextHandler = server1.addContext(contextPath);
> + contextHandler.addServlet(holder, servletMapping);
> + server1.start();
> + int port1 = server1.getPort();
> +
> + try (StacklessLogging stackless = new StacklessLogging(Log.getLogger("org.eclipse.jetty.server.session")))
> + {
> + //create a valid unexpired session
> + Session s1234 = createUnExpiredSession(contextHandler.getSessionHandler().getSessionCache(),
> + contextHandler.getSessionHandler().getSessionCache().getSessionDataStore(),
> + "1234");
> +
> + client = new HttpClient();
> + client.start();
> +
> + //check that the request count is 0
> + assertEquals(0, s1234.getRequests());
> +
> + //make a request with multiple valid session ids
> + Request request = client.newRequest("http://localhost:"; + port1 + contextPath + servletMapping + "?action=check");
> + request.header("Cookie", "JSESSIONID=1234");
> + request.header("Cookie", "JSESSIONID=1234");
> + ContentResponse response = request.send();
> + assertEquals(HttpServletResponse.SC_OK, response.getStatus());
> +
> + //check that all valid sessions have their request counts decremented correctly after the request, back to 0
> + assertEquals(0, s1234.getRequests());
> }
> finally
> {
> @@ -189,6 +378,7 @@
> data.setExpiry(now + TimeUnit.DAYS.toMillis(1));
> Session s = cache.newSession(data);
> cache.add(id, s);
> + s.complete(); //pretend a request that created the session is finished
> return s;
> }
>
> diff -Nru jetty9-9.4.38/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionInvalidationTest.java jetty9-9.4.39/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionInvalidationTest.java
> --- jetty9-9.4.38/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionInvalidationTest.java 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionInvalidationTest.java 2021-03-25 15:36:22.000000000 +0100
> @@ -30,8 +30,11 @@
> import org.eclipse.jetty.client.api.Request;
> import org.eclipse.jetty.servlet.ServletContextHandler;
> import org.eclipse.jetty.servlet.ServletHolder;
> +import org.eclipse.jetty.util.StringUtil;
> import org.junit.jupiter.api.Test;
>
> +import static org.hamcrest.MatcherAssert.assertThat;
> +import static org.hamcrest.Matchers.containsStringIgnoringCase;
> import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
> import static org.junit.jupiter.api.Assertions.assertEquals;
> import static org.junit.jupiter.api.Assertions.assertNotNull;
> @@ -96,6 +99,63 @@
> }
> }
>
> + @Test
> + public void testCreateInvalidateCheckWithNullCache() throws Exception
> + {
> + String contextPath = "";
> + String servletMapping = "/server";
> + int scavengePeriod = -1;
> +
> + NullSessionCacheFactory cacheFactory = new NullSessionCacheFactory();
> + SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
> + ((AbstractSessionDataStoreFactory)storeFactory).setGracePeriodSec(scavengePeriod);
> +
> + TestServer server = new TestServer(0, 0, scavengePeriod,
> + cacheFactory, storeFactory);
> + ServletContextHandler context = server.addContext(contextPath);
> + TestServlet servlet = new TestServlet();
> + ServletHolder holder = new ServletHolder(servlet);
> + context.addServlet(holder, servletMapping);
> +
> + try
> + {
> + server.start();
> + int port1 = server.getPort();
> +
> + HttpClient client = new HttpClient();
> + client.start();
> + try
> + {
> + String url = "http://localhost:"; + port1 + contextPath + servletMapping;
> + // Create the session
> + ContentResponse response1 = client.GET(url + "?action=init");
> + assertEquals(HttpServletResponse.SC_OK, response1.getStatus());
> + String sessionCookie = response1.getHeaders().get("Set-Cookie");
> + assertTrue(sessionCookie != null);
> +
> + // Make a request which will invalidate the existing session
> + Request request2 = client.newRequest(url + "?action=test");
> + ContentResponse response2 = request2.send();
> + assertEquals(HttpServletResponse.SC_OK, response2.getStatus());
> +
> + //Make a request to get the session - should not exist
> + Request request3 = client.newRequest(url + "?action=get");
> + ContentResponse response3 = request3.send();
> + assertEquals(HttpServletResponse.SC_OK, response3.getStatus());
> + assertThat(response3.getContentAsString(), containsStringIgnoringCase("session=null"));
> +
> + }
> + finally
> + {
> + client.stop();
> + }
> + }
> + finally
> + {
> + server.stop();
> + }
> + }
> +
> public static class TestServlet extends HttpServlet
> {
> private static final long serialVersionUID = 1L;
> @@ -131,6 +191,12 @@
> assertThrows(IllegalStateException.class, () -> session.setAttribute("a", "b"));
> assertDoesNotThrow(() -> session.getId());
> }
> + else if ("get".equals(action))
> + {
> + HttpSession session = request.getSession(false);
> +
> + httpServletResponse.getWriter().println("SESSION=" + (session == null ? "null" : session.getId()));
> + }
> }
> }
> }
> diff -Nru jetty9-9.4.38/tests/test-webapps/pom.xml jetty9-9.4.39/tests/test-webapps/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>tests-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <artifactId>test-webapps-parent</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-cdi-common-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-cdi-common-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-cdi-common-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-cdi-common-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-felix-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-felix-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-felix-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-felix-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-http2-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-http2-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-http2-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-http2-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-jaas-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-jaas-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-jaas-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-jaas-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-jaas-webapp</artifactId>
> <name>Jetty Tests :: WebApp :: JAAS</name>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-jetty-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-jetty-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-jetty-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-jetty-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-jndi-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-jndi-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-jndi-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-jndi-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-jndi-webapp</artifactId>
> <name>Jetty Tests :: WebApp :: JNDI</name>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-mock-resources/pom.xml jetty9-9.4.39/tests/test-webapps/test-mock-resources/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-mock-resources/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-mock-resources/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <name>Jetty Tests :: WebApp :: Mock Resources</name>
> <artifactId>test-mock-resources</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-owb-cdi-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-owb-cdi-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-owb-cdi-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-owb-cdi-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-proxy-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-proxy-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-proxy-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-proxy-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> <relativePath>../pom.xml</relativePath>
> </parent>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-servlet-spec/pom.xml jetty9-9.4.39/tests/test-webapps/test-servlet-spec/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-servlet-spec/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-servlet-spec/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-servlet-spec-parent</artifactId>
> <name>Jetty Tests :: Spec Test WebApp :: Parent</name>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-container-initializer/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-servlet-spec-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-container-initializer</artifactId>
> <packaging>jar</packaging>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-spec-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-servlet-spec-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <name>Jetty Tests :: Webapps :: Spec Webapp</name>
> <artifactId>test-spec-webapp</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-servlet-spec/test-web-fragment/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-servlet-spec-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <name>Jetty Tests :: WebApp :: Servlet Spec :: Fragment Jar</name>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-simple-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-simple-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-simple-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-simple-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <artifactId>test-simple-webapp</artifactId>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-webapp-rfc2616/pom.xml jetty9-9.4.39/tests/test-webapps/test-webapp-rfc2616/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-webapp-rfc2616/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-webapp-rfc2616/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -4,7 +4,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
> <artifactId>test-webapp-rfc2616</artifactId>
> <name>Jetty Tests :: WebApp :: RFC2616</name>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-websocket-client-provided-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-websocket-client-provided-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-websocket-client-provided-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-websocket-client-provided-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-websocket-client-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-websocket-client-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-websocket-client-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-websocket-client-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/tests/test-webapps/test-weld-cdi-webapp/pom.xml jetty9-9.4.39/tests/test-webapps/test-weld-cdi-webapp/pom.xml
> --- jetty9-9.4.38/tests/test-webapps/test-weld-cdi-webapp/pom.xml 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/tests/test-webapps/test-weld-cdi-webapp/pom.xml 2021-03-25 15:36:22.000000000 +0100
> @@ -3,7 +3,7 @@
> <parent>
> <groupId>org.eclipse.jetty.tests</groupId>
> <artifactId>test-webapps-parent</artifactId>
> - <version>9.4.38.v20210224</version>
> + <version>9.4.39.v20210325</version>
> </parent>
>
> <modelVersion>4.0.0</modelVersion>
> diff -Nru jetty9-9.4.38/VERSION.txt jetty9-9.4.39/VERSION.txt
> --- jetty9-9.4.38/VERSION.txt 2021-02-24 21:16:09.000000000 +0100
> +++ jetty9-9.4.39/VERSION.txt 2021-03-25 15:36:22.000000000 +0100
> @@ -1,5 +1,19 @@
> +jetty-9.4.39.v20210325 - 25 March 2021
> + + 6034 SslContextFactory may select a wildcard certificate during SNI
> + selection when a more specific SSL certificate is present
> + + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
> + + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
> + work on Android
> + + 6063 Allow override of hazelcast version when using module
> + + 6072 jetty server high CPU when client send data length > 17408
> + + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
> + Message
> + + 6101 Normalise ambiguous URIs
> + + 6102 Exclude webapps directory from deployment scan
> +
> jetty-9.4.38.v20210224 - 24 February 2021
> + 4275 Path Normalization/Traversal - Context Matching
> + + 5963 Improve QuotedQualityCSV for CVE-2020-27223
> + 5977 Cache-Control header set by a filter is override by the value from
> DefaultServlet configuration
> + 5994 QueuedThreadPool "free" threads
> @@ -16,6 +30,7 @@
> + 5909 Cannot disable HTTP OPTIONS Method
> + 5937 Unnecessary blocking in ResourceService
> + 5950 Deadlock due to logging inside classloaders
> + + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
> + 5973 Proxy client TLS authentication example
> + 5977 Cache-Control header set by a filter is override by the value from
> DefaultServlet configuration
> @@ -71,7 +86,7 @@
> produced by ForwardedHeader
> + 5443 Request without Host header fails with NullPointerException in
> ForwardedRequestCustomizer
> - + 5451 Improve Working Directory creation
> + + 5451 Improve Working Directory creation - Resolves CVE-2020-27216
> + 5454 Request error context is not reset
> + 5475 Update to spifly 1.3.2 and asm 9
> + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown
> @@ -170,7 +185,8 @@
> + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
> before
> + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
> - + 4936 Response header overflow leads to buffer corruptions
> + + 4936 Response header overflow leads to buffer corruptions - Resolves
> + CVE-2019-17638
>
> jetty-9.4.29.v20200521 - 21 May 2020
> + 2188 Lock contention creating HTTP/2 streams
> @@ -307,7 +323,7 @@
> + 3083 The ini-template for jetty.console-capture.dir does not match the
> default value
> + 4128 OpenIdCredetials can't decode JWT ID token
> - + 4334 Better test ErrorHandler changes
> + + 4334 Better test ErrorHandler changes - Resolves CVE-2019-17632
>
> jetty-9.4.23.v20191118 - 18 November 2019
> + 1485 Add systemd service file
> @@ -397,6 +413,8 @@
> inclusion of sessionid
>
> jetty-9.4.21.v20190926 - 26 September 2019
> + + Includes fixes for CVE-2019-9511, CVE-2019-9512, CVE-2019-9514,
> + CVE-2019-9515, CVE-2019-9516, and CVE-2019-9518
> + 97 Permanent UnavailableException thrown during servlet request handling
> should cause servlet destroy
> + 137 Support OAuth
> @@ -542,8 +560,10 @@
> jetty-9.4.17.v20190418 - 18 April 2019
> + 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions
> + 3464 Split SslContextFactory into Client and Server
> - + 3549 Directory Listing on Windows reveals Resource Base path
> - + 3555 DefaultHandler Reveals Base Resource Path of each Context
> + + 3549 Directory Listing on Windows reveals Resource Base path - Resolves
> + CVE-2019-10246
> + + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves
> + CVE-2019-10247
>
> jetty-9.4.16.v20190411 - 11 April 2019
> + 1861 Limit total bytes pooled by ByteBufferPools
> @@ -551,7 +571,8 @@
> + 3159 WebSocket permessage-deflate RSV1 validity check
> + 3274 OSGi versions of java.base classes in
> org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
> - + 3319 Modernize Directory Listing: HTML5 and Sorting
> + + 3319 Modernize Directory Listing: HTML5 and Sorting - Resolves
> + CVE-2019-10241
> + 3361 HandlerCollection.addHandler is lacking synchronization
> + 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder
> + 3389 Websockets jsr356 willDecode not invoked during decoding
> @@ -624,8 +645,10 @@
> + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
>
> jetty-9.3.27.v20190418 - 18 April 2019
> - + 3549 Directory Listing on Windows reveals Resource Base path
> - + 3555 DefaultHandler Reveals Base Resource Path of each Context
> + + 3549 Directory Listing on Windows reveals Resource Base path - Resolves
> + CVE-2019-10246
> + + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves
> + CVE-2019-10247
>
> jetty-9.3.26.v20190403 - 03 April 2019
> + 2954 Improve cause reporting for HttpClient failures
> @@ -633,17 +656,20 @@
> org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
> + 3302 Support host:port in X-Forwarded-For header in
> ForwardedRequestCustomizer
> - + 3319 Allow reverse sort for directory listed files
> + + 3319 Allow reverse sort for directory listed files - Resolves CVE-2019-10241
>
> jetty-9.2.29.v20191105 - 05 November 2019
> + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
>
> jetty-9.2.28.v20190418 - 18 April 2019
> - + 3549 Directory Listing on Windows reveals Resource Base path
> - + 3555 DefaultHandler Reveals Base Resource Path of each Context
> + + 3549 Directory Listing on Windows reveals Resource Base path - Resolves
> + CVE-2019-10246
> + + 3555 DefaultHandler Reveals Base Resource Path of each Context - Resolves
> + CVE-2019-10247
>
> jetty-9.2.27.v20190403 - 03 April 2019
> - + 3319 Refactored Directory Listing to modernize and avoid XSS
> + + 3319 Refactored Directory Listing to modernize and avoid XSS - Resolves
> + CVE-2019-10241
>
> jetty-9.4.14.v20181114 - 14 November 2018
> + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls
--
Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature