Bump org.eclipse.jetty:jetty-bom from 11.0.7 to 12.0.2 #99

dependabot · 2023-10-10T20:04:05Z

Bumps org.eclipse.jetty:jetty-bom from 11.0.7 to 12.0.2.

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.2

Security Updates

This release addresses:

CVE-2023-44487

Changelog

#10679 - Review HTTP/2 rate control

#10672 - Changed default implementation of Session.Listener.onNewStream() and …

#10618 - Reduced mildly expensive HttpMethod.is calls by reordering boolean logic

#10613 - Fix incorrect call to super in BufferedResponseHandler

#10563 - An omnibus PR for changes needed to support webfunctions

#10558 - NPE when forwarding a request to default servlet which should redirect to a subdirectory with trailing slash

#10553 - Reintroduce an Exception type for invalid UTF-8

#10547 - Cannot customize Executor on WebSocketClient

#10542 - Added WebSocket migration documentation, pointing to existing WebSock…

#10526 - do not run this in parallel as some conflicted jdni entries with ServerWithJNDITest

#10513 - Lockup processing POST request body with Jetty 12.0.1 using http/2

#10508 - Jetty 12 IllegalArgumentExeption when setting a HTTP header to null

#10502 - Introduced CompletableResponseListener

#10500 - Jetty 12 HTTP SPI does not preserve double-quotes on valid request headers

#10498 - NullPointerException from call to UpgradeRequest#getUserPrincipal with Jetty 12

#10483 - Improve BufferedResponseHandler

#10482 - RewriteHandler with multiple HeaderPatternRules

#10479 - Fix parsing of JSESSIONID only

#10474 - Jetty 12 default error handler throws IllegalStateException for application/json

#10473 - Startup Script reports ok too fast, and doesn't wait for actual start of Jetty

#10466 - Review HTTP session documentation

#10463 - Jetty 12 throws Exception handling static files when using response wrapper

#10442 - Reduce verbosity when JMX finds overloaded setter

#10441 - Jetty 12 ee8 jaspi is missing

#10440 - ClassCastException with <jettyEnvXml> use in jetty-ee10-maven-plugin

#10361 - Introduce QoSHandler

#10328 - Review ResourceFactory.newSystemResource(String) behavior & javadoc

#10324 - Improve migration from Servlets to Handler

#10219 - Review HTTP Cookie parsing

#9665 - HttpCookieStore incorrectly rejects cookies for domains that are an IPv6 address

12.0.1

Important Notes

New Environment System (ee10 / ee9 / ee8)

Supports ee10 / ee9 / ee8 at the same time (in different deployed webapps)

See Jetty 11 to 12 Migration Docs for help finding the new maven coordinates for EE specific artifacts.

Jetty Core no longer has dependencies on any Jakarta EE Spec

Special Thanks to the following Eclipse Jetty community members

... (truncated)

Commits

b01e361 Updating to version 12.0.2
0468f67 Merge pull request #10685 from eclipse/fix/jetty-12.0.x-dumpStackOverflow
70b1fd4 fix infinite recursion in server dump with Path
3458f0e Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'.
8a93d85 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
67b0778 Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode.
7bd6c52 Fixes #10679 - Review HTTP/2 rate control. (#10682)
e6c57e2 Merged branch 'jetty-11.0.x' into 'jetty-12.0.x'.
b4fdf22 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
dbb9451 Fixes #10679 - Review HTTP/2 rate control. (#10681)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.eclipse.jetty:jetty-bom](https://github.com/eclipse/jetty.project) from 11.0.7 to 12.0.2. - [Release notes](https://github.com/eclipse/jetty.project/releases) - [Commits](jetty/jetty.project@jetty-11.0.7...jetty-12.0.2) --- updated-dependencies: - dependency-name: org.eclipse.jetty:jetty-bom dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>