Name: jetty-util-ajax	Distribution: openSUSE Tumbleweed
Version: 9.4.54	Vendor: openSUSE
Release: 1.1	Build date: Wed Feb 28 00:12:28 2024
Group: Productivity/Networking/Web/Servers	Build host: i04-ch2a
Size: 60741	Source RPM: jetty-minimal-9.4.54-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.eclipse.org/jetty/
Summary: The util-ajax module for Jetty

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you
do not need to configure and run a separate web server (like Apache) in order
to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully
featured web server for static and dynamic content. Unlike separate
server/container solutions, this means that your web server and web
application run in the same process, without interconnection overheads
and complications. Furthermore, as a pure java component, Jetty can be simply
included in your application for demonstration, distribution or deployment.
Jetty is available on all Java supported platforms.

This package contains The util-ajax module for Jetty.

Provides

Requires

java-headless >= 1.8
javapackages-filesystem
mvn(org.eclipse.jetty:jetty-util) = 9.4.54.v20240208
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1

License

Apache-2.0 OR EPL-1.0

Changelog

* Tue Feb 27 2024 Fridrich Strba <fstrba@suse.com>
  - Upgrade to version 9.4.54.v20240208
    * Security fixes
      + CVE-2024-22201, bsc#1220437: HTTP/2 connection not closed
      after idle timeout when TCP congested
    * Other changes
      + #1256 DoSFilter leaks USER_AUTH entries
      + #11389 Strip default ports on ws/wss scheme uris too
* Mon Oct 30 2023 Fridrich Strba <fstrba@suse.com>
  - Do not force Java 11 to build on i586
* Thu Oct 12 2023 Fridrich Strba <fstrba@suse.com>
  - Upgrade to version 9.4.53.v20231009
    * Fixes of 9.4.53.v20231009
      + CVE-2023-44487, bsc#1216169
      + CVE-2023-36478, bsc#1216162
      + #10679 - backport HTTP/2 rate control from Jetty 10.0.x
      + #10573 - backport hpack improvements from Jetty 10.0.x
      + #10546 - backport jetty-http Huffman encoders/decoders from
      Jetty 10.0.x
    * Fixes of 9.4.52.v20230823
      + #10352 - Jetty accepts "+" prefixed value in Content-Length
      (CVE-2023-40167, bsc#1215417)
      + #10337 - SizeLimitHandler does not enforce 0 responseLimit
      + #10169 - make sure that a ServiceLoader is retrieved before
      iterating
      + #10066 - Allow SAXParserFactory or SAXParser to be configured
      in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh
      workaround
      + #9887 - Deprecate CGI Servlet (CVE-2023-36479, bsc#1215415)
      + #9716 - Deprecate PushSessionCacheFilter
      + #9660 - OpenId Revoked authentication allows one request
      (CVE-2023-41900, bsc#1215416)
      + #9476 - onCompleteFailure called multiple times
* Sat Sep 09 2023 Fridrich Strba <fstrba@suse.com>
  - Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
* Sun May 21 2023 Fridrich Strba <fstrba@suse.com>
  - Update to version 9.4.51.v20230217
    * Fixes of 9.4.49.v20220914:
      + #8578 - getRequestURL can append "null" if getRequestURI is
      unspecified in an authority-form request-target
      + #8493 - Review HTTP client feature setRemoveIdleDestinations
    * Fixes of 9.4.50.v20221201:
      + #8774 - Added SizeLimitHandler
      + #8678 - Jetty client is not responding to GO_AWAY packet
      received from (Jetty) Server and continue to send traffic on
      same connection
    * Fixes of 9.4.51.v20230217:
      + #9352 - Update / Fix CookieCutter
      + #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
      + #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
      bsc#1210621
* Thu May 04 2023 Dominique Leuenberger <dimstar@opensuse.org>
  - Add _multibuild to define 2nd spec file as additional flavor.
    Eliminates the need for source package links in OBS.
* Thu Oct 13 2022 Fridrich Strba <fstrba@suse.com>
  - Force building with java 11 on ix86 in order to avoid random
    build failures
* Fri Jul 08 2022 Fridrich Strba <fstrba@suse.com>
  - Upgrade to version 9.4.48.v20220622
    * Fixes
      + #8184 - All suffix globs except first fail to match if path
      has "." character in prefix section
      + #8145 - RegexPathSpec backport of optional group name/info
      lookup if regex fails
      + #8088 - Add option to configure exitVm on ShutdownMonitor from
      System properties
      + #8067 - Wall time usage in DoSFilter RateTracker results in
      false positive alert
      + #8014 - Review HttpRequest URI construction (Resolves
      CVE-2022-2047, bsc#1201317)
      + #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578
      parser
      + #7947 - Improved PathSpec handling for servletName & pathInfo
      + #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048,
      bsc#1201316)
      + #7918 - PathMappings.asPathSpec does not allow root
      ServletPathSpec
      + #7863 - Default servlet drops first accept-encoding header if
      there is more than one.
      + #7858 - GZipHandler does not play nice with other handlers in
      HandlerCollection
      + #7837 - Fix StatisticsHandler in the case a Handler throws
      exception
      + #7809 - Jetty 9.4.x 7801 duplicate set session cookies
      + #7748 - Allow overriding of url-pattern mapping in
      ServletContextHandler to allow for regex or uri-template
      matching
* Tue Mar 29 2022 Fridrich Strba <fstrba@suse.com>
  - Upgrade to version 9.4.46.v20220328
    * Changes
      + Option --write-module-graph produces wrong .dot file
      + ArrayTrie getBest fails to match the empty string entry in
      certain cases
      + Interrupt flag is not always cleared in between requests
      + Gzip compression not working for multipart/form-data when
      added to the allowed list using addIncludedMimeTypes.
      + Miconfigured headerCacheSize in can result in
      IllegalArgumentException
      + HttpServletResponse.encodeURL not working for URLs starting
      with ../
* Tue Mar 22 2022 Fridrich Strba <fstrba@suse.com>
  - Build with java source and target levels 8
  - Fix javadoc generation on JDK >= 13
* Tue Oct 19 2021 Fridrich Strba <fstrba@suse.com>
  - Make importing of package sun.misc optional since not all jdk
    versions export it
* Mon Jul 19 2021 Fridrich Strba <fstrba@suse.com>
  - Splitting the jetty-unixsocket artifact into a separate spec file
    in order to avoid extra dependencies for the jetty-minimal
    package.
* Mon Jul 19 2021 Fridrich Strba <fstrba@suse.com>
  - Update to version 9.4.43.v20210629
    * Fix: bsc#1188438, CVE-2021-34429
    * Changes:
      + Improve alias checking in PathResource
      + java.nio.ReadOnlyBufferException
      + Deprecate support for UTF16 encoding in URIs
      + Update to spifly 1.3.3
      + Update to asm 9.1
* Mon Jun 28 2021 Anton Shvetz <shvetz.anton@gmail.com>
  - Package modules: ant, cdi, deploy, fcgi, http-spi, quickstart,
    rewrite, start, unixsocket
* Wed Jun 09 2021 Fridrich Strba <fstrba@suse.com>
  - Update to version 9.4.42.v20210604
    * Fix: bsc#1187117, CVE-2021-28169
* Fri May 14 2021 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to version 9.4.40.v20210413
    * Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when
      client send data length > 17408
    * Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs
    * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory
      from deployment scan
* Fri Mar 12 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to upstream version 9.4.38.v20210224
    * Fixes bsc#1182898, CVE-2020-27223

Files

/usr/share/java/jetty
/usr/share/java/jetty/jetty-util-ajax.jar
/usr/share/maven-metadata/jetty-minimal-jetty-util-ajax.xml
/usr/share/maven-poms/jetty
/usr/share/maven-poms/jetty/jetty-util-ajax.pom

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Mar 11 23:53:03 2024

jetty-util-ajax-9.4.54-1.1 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

Provides

Requires

License

Changelog

Files