From 4eb75c030f3935bbec0654400118c7d130d51e5bb6ea4232ed20700611899201 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 15 Oct 2024 22:12:00 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/Java:packages/jetty-minimal?expand=0&rev=84 --- jetty-alpn.changes | 6 +++++- jetty-http2.changes | 6 +++++- jetty-minimal.changes | 6 +++++- jetty-unixsocket.changes | 6 +++++- jetty-websocket.changes | 6 +++++- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/jetty-alpn.changes b/jetty-alpn.changes index 65af09d..9c7f04d 100644 --- a/jetty-alpn.changes +++ b/jetty-alpn.changes @@ -3,10 +3,14 @@ Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: - + CVE-2024-6763, bsc#1231652, ThreadLimitHandler.getRemote() + + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + + #11938 - Updating URL refs from eclipse.org/jetty and + eclipse.dev/jetty to jetty.org (including XML dtd references) + + #10805 - Jetty response with an invalid HTTP2 packet if the + client set the hpack table size as 0 ------------------------------------------------------------------- Fri Oct 11 10:31:15 UTC 2024 - Fridrich Strba diff --git a/jetty-http2.changes b/jetty-http2.changes index 316d1c2..fe30ad9 100644 --- a/jetty-http2.changes +++ b/jetty-http2.changes @@ -3,10 +3,14 @@ Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: - + CVE-2024-6763, bsc#1231652, ThreadLimitHandler.getRemote() + + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + + #11938 - Updating URL refs from eclipse.org/jetty and + eclipse.dev/jetty to jetty.org (including XML dtd references) + + #10805 - Jetty response with an invalid HTTP2 packet if the + client set the hpack table size as 0 ------------------------------------------------------------------- Fri Oct 11 17:30:25 UTC 2024 - Fridrich Strba diff --git a/jetty-minimal.changes b/jetty-minimal.changes index 4beb72b..9be6c4b 100644 --- a/jetty-minimal.changes +++ b/jetty-minimal.changes @@ -3,10 +3,14 @@ Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: - + CVE-2024-6763, bsc#1231652, ThreadLimitHandler.getRemote() + + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + + #11938 - Updating URL refs from eclipse.org/jetty and + eclipse.dev/jetty to jetty.org (including XML dtd references) + + #10805 - Jetty response with an invalid HTTP2 packet if the + client set the hpack table size as 0 ------------------------------------------------------------------- Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba diff --git a/jetty-unixsocket.changes b/jetty-unixsocket.changes index f47025b..58f0772 100644 --- a/jetty-unixsocket.changes +++ b/jetty-unixsocket.changes @@ -3,10 +3,14 @@ Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: - + CVE-2024-6763, bsc#1231652, ThreadLimitHandler.getRemote() + + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + + #11938 - Updating URL refs from eclipse.org/jetty and + eclipse.dev/jetty to jetty.org (including XML dtd references) + + #10805 - Jetty response with an invalid HTTP2 packet if the + client set the hpack table size as 0 ------------------------------------------------------------------- Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba diff --git a/jetty-websocket.changes b/jetty-websocket.changes index 98c0fe9..4a8ea3f 100644 --- a/jetty-websocket.changes +++ b/jetty-websocket.changes @@ -3,10 +3,14 @@ Tue Oct 15 21:27:27 UTC 2024 - Fridrich Strba - Upgrade to version 9.4.56.v20240826 * Security fixes: - + CVE-2024-6763, bsc#1231652, ThreadLimitHandler.getRemote() + + CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks * Changes: + #12201 backport ThreadLimitHandler improvements from Jetty 12 + + #11938 - Updating URL refs from eclipse.org/jetty and + eclipse.dev/jetty to jetty.org (including XML dtd references) + + #10805 - Jetty response with an invalid HTTP2 packet if the + client set the hpack table size as 0 ------------------------------------------------------------------- Tue Feb 27 12:27:27 UTC 2024 - Fridrich Strba