------------------------------------------------------------------- Wed Sep 10 09:30:50 UTC 2025 - Fridrich Strba - Build also on SLE15-SP2, since we have the required compiler now. ------------------------------------------------------------------- Fri Aug 22 05:02:35 UTC 2025 - Fridrich Strba - Upgrade to version 9.4.58.v20250814 * Changes + #13461 - 9.4.x HTTP2Session cleanups - Addresses CVE-2025-5115, bsc#1244252 + #13261 - Improve handling of failed HTTP/2 requests + #461 - Move ServletTester to the test source directory ------------------------------------------------------------------- Mon May 26 10:30:44 UTC 2025 - Fridrich Strba - Upgrade to version 9.4.57.v20241219 * Security fixes: + CVE-2024-6763, bsc#1231652: the HttpURI class does insufficient validation on the authority segment of a URI + CVE-2024-13009, bsc#1243271: Gzip Request Body Buffer Corruption * Changes: + #12268 - IteratingCallback may iterate too much when process() returns Action.IDLE + #12648 - Backport improved handling of bad Gzip content (and Gzip Exceptions) + #12532 - Backport of deprecation of UserInfo on URI (in violation of RFC2616 spec) ------------------------------------------------------------------- Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + #11938 - Updating URL refs from eclipse.org/jetty and eclipse.dev/jetty to jetty.org (including XML dtd references) + #10805 - Jetty response with an invalid HTTP2 packet if the client set the hpack table size as 0 ------------------------------------------------------------------- Fri Oct 11 17:30:25 UTC 2024 - Fridrich Strba - Initial packaging