forked from pool/jetty-minimal
46 lines
1.8 KiB
Plaintext
46 lines
1.8 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Aug 22 05:02:35 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 9.4.58.v20250814
|
|
* Changes
|
|
+ #13461 - 9.4.x HTTP2Session cleanups - Addresses
|
|
CVE-2025-5115, bsc#1244252
|
|
+ #13261 - Improve handling of failed HTTP/2 requests
|
|
+ #461 - Move ServletTester to the test source directory
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 26 10:30:44 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 9.4.57.v20241219
|
|
* Security fixes:
|
|
+ CVE-2024-6763, bsc#1231652: the HttpURI class does
|
|
insufficient validation on the authority segment of a URI
|
|
+ CVE-2024-13009, bsc#1243271: Gzip Request Body Buffer
|
|
Corruption
|
|
* Changes:
|
|
+ #12268 - IteratingCallback may iterate too much when process()
|
|
returns Action.IDLE
|
|
+ #12648 - Backport improved handling of bad Gzip content (and
|
|
Gzip Exceptions)
|
|
+ #12532 - Backport of deprecation of UserInfo on URI (in
|
|
violation of RFC2616 spec)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Upgrade to version 9.4.56.v20240826
|
|
* Security fixes:
|
|
+ CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
|
|
vulnerable to remote DoS attacks
|
|
* Changes:
|
|
+ #12201 backport ThreadLimitHandler improvements from Jetty 12
|
|
+ #11938 - Updating URL refs from eclipse.org/jetty and
|
|
eclipse.dev/jetty to jetty.org (including XML dtd references)
|
|
+ #10805 - Jetty response with an invalid HTTP2 packet if the
|
|
client set the hpack table size as 0
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 11 17:30:25 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Initial packaging
|