Bump jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009 #338

dependabot · 2023-10-10T22:25:57Z

Bumps jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009.
Updates org.eclipse.jetty:jetty-server from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-server's releases.

9.4.53.v20231009

Security Updates

This release addresses:

CVE-2023-44487

CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

#10679 - backport HTTP/2 rate control from Jetty 10.0.x

#10573 - backport hpack improvements from Jetty 10.0.x

#10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser

CVE-2023-40167

CVE-2023-36479

CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

@RangerRick (Benjamin Reed)

Changelog

#10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)

#10337 - SizeLimitHandler does not enforce 0 responseLimit

#10169 - make sure that a ServiceLoader is retrieved before iterating (@RangerRick)

#10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround

#9887 - Deprecate CGI Servlet (CVE-2023-36479)

#9716 - Deprecate PushSessionCacheFilter

#9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)

#9476 - onCompleteFailure called multiple times

Commits

27bde00 Updating to version 9.4.53.v20231009
2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
0f246d1 Fixes #10679 - Review HTTP/2 rate control.
2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
52f117d Bump asm.version from 9.5 to 9.6
3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-util from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-util's releases.

9.4.53.v20231009

Security Updates

This release addresses:

CVE-2023-44487

CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

#10679 - backport HTTP/2 rate control from Jetty 10.0.x

#10573 - backport hpack improvements from Jetty 10.0.x

#10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser

CVE-2023-40167

CVE-2023-36479

CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

@RangerRick (Benjamin Reed)

Changelog

#10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)

#10337 - SizeLimitHandler does not enforce 0 responseLimit

#10169 - make sure that a ServiceLoader is retrieved before iterating (@RangerRick)

#10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround

#9887 - Deprecate CGI Servlet (CVE-2023-36479)

#9716 - Deprecate PushSessionCacheFilter

#9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)

#9476 - onCompleteFailure called multiple times

Commits

27bde00 Updating to version 9.4.53.v20231009
2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
0f246d1 Fixes #10679 - Review HTTP/2 rate control.
2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
52f117d Bump asm.version from 9.5 to 9.6
3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-security from 9.4.51.v20230217 to 9.4.53.v20231009

Release notes

Sourced from org.eclipse.jetty:jetty-security's releases.

9.4.53.v20231009

Security Updates

This release addresses:

CVE-2023-44487

CVE-2023-36478

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Changelog

#10679 - backport HTTP/2 rate control from Jetty 10.0.x

#10573 - backport hpack improvements from Jetty 10.0.x

#10546 - backport jetty-http Huffman encoders/decoders from Jetty 10.0.x

9.4.52.v20230823

Sponsored Release

This is a release of the End of Community Support Jetty 9.x series that was sponsored by a support contract from Webtide.com

Security Updates

This release addresses:

GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser

CVE-2023-40167

CVE-2023-36479

CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

@RangerRick (Benjamin Reed)

Changelog

#10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)

#10337 - SizeLimitHandler does not enforce 0 responseLimit

#10169 - make sure that a ServiceLoader is retrieved before iterating (@RangerRick)

#10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround

#9887 - Deprecate CGI Servlet (CVE-2023-36479)

#9716 - Deprecate PushSessionCacheFilter

#9660 - OpenId Revoked authentication allows one request (CVE-2023-41900)

#9476 - onCompleteFailure called multiple times

Commits

27bde00 Updating to version 9.4.53.v20231009
2a512c2 Merge pull request #10680 from eclipse/fix/jetty-9.4-10679-review-http2-rate-...
0f246d1 Fixes #10679 - Review HTTP/2 rate control.
2691ad0 Merge pull request #10645 from eclipse/dependabot/maven/jetty-9.4.x/commons-i...
b7c040a Merge pull request #10643 from eclipse/dependabot/maven/jetty-9.4.x/asm.versi...
e83c61f Bump commons-io:commons-io from 2.13.0 to 2.14.0
52f117d Bump asm.version from 9.5 to 9.6
3ea8e97 Merge pull request #10602 from eclipse/fix/9.4.x/dependency-rollup-sept-2023
0bd07f9 Revert "Bump org.infinispan.protostream:protostream"
3249711 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/exam.versio...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `jettyVersion` from 9.4.51.v20230217 to 9.4.53.v20231009. Updates `org.eclipse.jetty:jetty-server` from 9.4.51.v20230217 to 9.4.53.v20231009 - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-9.4.51.v20230217...jetty-9.4.53.v20231009) Updates `org.eclipse.jetty:jetty-util` from 9.4.51.v20230217 to 9.4.53.v20231009 - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-9.4.51.v20230217...jetty-9.4.53.v20231009) Updates `org.eclipse.jetty:jetty-security` from 9.4.51.v20230217 to 9.4.53.v20231009 - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-9.4.51.v20230217...jetty-9.4.53.v20231009) --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-server dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-util dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.eclipse.jetty:jetty-security dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 10, 2023

dependabot bot mentioned this pull request Oct 10, 2023

Bump jettyVersion from 9.4.51.v20230217 to 9.4.52.v20230823 #337

Closed

elharo merged commit 8a3ff13 into master Oct 21, 2023

elharo deleted the dependabot/maven/jettyVersion-9.4.53.v20231009 branch October 21, 2023 12:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009 #338

Bump jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009 #338

Uh oh!

dependabot bot commented on behalf of github Oct 10, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009 #338

Bump jettyVersion from 9.4.51.v20230217 to 9.4.53.v20231009 #338

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 10, 2023

9.4.53.v20231009

Security Updates

Sponsored Release

Changelog

9.4.52.v20230823

Sponsored Release

Security Updates

Special Thanks to the following Eclipse Jetty community members

Changelog

9.4.53.v20231009

Security Updates

Sponsored Release

Changelog

9.4.52.v20230823

Sponsored Release

Security Updates

Special Thanks to the following Eclipse Jetty community members

Changelog

9.4.53.v20231009

Security Updates

Sponsored Release

Changelog

9.4.52.v20230823

Sponsored Release

Security Updates

Special Thanks to the following Eclipse Jetty community members

Changelog

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant