File jetty-websocket.changes of Package jetty-minimal.29061

-------------------------------------------------------------------
Sun May 21 05:09:16 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Update to version 9.4.51.v20230217
  * Fixes of 9.4.49.v20220914:
    + #8578 - getRequestURL can append "null" if getRequestURI is
      unspecified in an authority-form request-target
    + #8493 - Review HTTP client feature setRemoveIdleDestinations
  * Fixes of 9.4.50.v20221201:
    + #8774 - Added SizeLimitHandler
    + #8678 - Jetty client is not responding to GO_AWAY packet
      received from (Jetty) Server and continue to send traffic on
      same connection
  * Fixes of 9.4.51.v20230217:
    + #9352 - Update / Fix CookieCutter
    + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
    + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
      bsc#1210621

-------------------------------------------------------------------
Fri Jul  8 15:15:05 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 9.4.48.v20220622
  * Fixes
    + #8184 - All suffix globs except first fail to match if path
      has "." character in prefix section
    + #8145 - RegexPathSpec backport of optional group name/info
      lookup if regex fails
    + #8088 - Add option to configure exitVm on ShutdownMonitor from
      System properties
    + #8067 - Wall time usage in DoSFilter RateTracker results in
      false positive alert
    + #8014 - Review HttpRequest URI construction (Resolves
      CVE-2022-2047, bsc#1201317)
    + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
      parser
    + #7947 - Improved PathSpec handling for servletName & pathInfo
    + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
      bsc#1201316)
    + #7918 - PathMappings.asPathSpec does not allow root
      ServletPathSpec
    + #7863 - Default servlet drops first accept-encoding header if
      there is more than one.
    + #7858 - GZipHandler does not play nice with other handlers in
      HandlerCollection
    + #7837 - Fix StatisticsHandler in the case a Handler throws
      exception
    + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
    + #7748 - Allow overriding of url-pattern mapping in
      ServletContextHandler to allow for regex or uri-template
      matching

-------------------------------------------------------------------
Tue Mar 29 14:13:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 9.4.46.v20220328
  * Changes
    + Option --write-module-graph produces wrong .dot file
    + ArrayTrie getBest fails to match the empty string entry in
      certain cases
    + Interrupt flag is not always cleared in between requests
    + Gzip compression not working for multipart/form-data when
      added to the allowed list using addIncludedMimeTypes.
    + Miconfigured headerCacheSize in can result in
      IllegalArgumentException
    + HttpServletResponse.encodeURL not working for URLs starting
      with ../

-------------------------------------------------------------------
Tue Mar 22 15:49:28 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Build with java source and target levels 8
- Fix javadoc generation on JDK >= 13

-------------------------------------------------------------------
Tue Oct 19 07:13:12 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Make importing of package sun.misc optional since not all jdk
  versions export it

-------------------------------------------------------------------
Mon Jul 19 06:58:23 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Update to version 9.4.43.v20210629
  * Fix: bsc#1188438, CVE-2021-34429
  * Changes:
    + Improve alias checking in PathResource
    + java.nio.ReadOnlyBufferException
    + Deprecate support for UTF16 encoding in URIs
    + Update to spifly 1.3.3
    + Update to asm 9.1

-------------------------------------------------------------------
Wed Jun  9 14:07:47 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Update to version 9.4.42.v20210604
  * Fix: bsc#1187117, CVE-2021-28169

-------------------------------------------------------------------
Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>

- Update to version 9.4.40.v20210413
  * Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when
    client send data length > 17408
  * Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs
  * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory
    from deployment scan
  * Improve handling of unconsumed content
  * Jetty start.jar always reports jetty.tag.version as master
  * HttpConnection.getBytesIn() incorrect for requests with chunked
    content
  * SslConnection compacting

-------------------------------------------------------------------
Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream version 9.4.38.v20210224
  * Fixes bsc#1182898, CVE-2020-27223

-------------------------------------------------------------------
Mon Dec  7 18:12:50 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream version 9.4.35.v20201120
  * Fixes bsc#1179727, CVE-2020-27218

-------------------------------------------------------------------
Thu Nov 19 13:05:09 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream version 9.4.30.v20200611

-------------------------------------------------------------------
Thu Apr  2 09:25:19 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstream version 9.4.27.v20200227

-------------------------------------------------------------------
Thu Nov 28 09:02:29 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Removed patch:
  * jetty-annotations-asm6.patch
    + not needed when building against ASM7

-------------------------------------------------------------------
Fri Nov  8 10:42:50 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of the websocket submodules of jetty
  9.4.22.v20191022
openSUSE Build Service is sponsored by