diff --git a/jetty-minimal.changes b/jetty-minimal.changes index 19da076..07c60ff 100644 --- a/jetty-minimal.changes +++ b/jetty-minimal.changes @@ -8,11 +8,11 @@ Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba Fri May 14 17:01:58 UTC 2021 - Ferdinand Thiessen - Update to version 9.4.40.v20210413 - * Fix: CVE-2021-28165 - jetty server high CPU when client send - data length > 17408 - * Fix: CVE-2021-28164 - Normalize ambiguous URIs - * Fix: CVE-2021-28163 - Exclude webapps directory from deployment - scan + * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when + client send data length > 17408 + * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs + * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory + from deployment scan ------------------------------------------------------------------- Fri Mar 12 11:11:07 UTC 2021 - Fridrich Strba diff --git a/jetty-websocket.changes b/jetty-websocket.changes index 2688a4a..901a5e9 100644 --- a/jetty-websocket.changes +++ b/jetty-websocket.changes @@ -8,11 +8,11 @@ Wed Jun 9 14:07:47 UTC 2021 - Fridrich Strba Fri May 14 16:57:01 UTC 2021 - Ferdinand Thiessen - Update to version 9.4.40.v20210413 - * Fix: CVE-2021-28165 - jetty server high CPU when client send - data length > 17408 - * Fix: CVE-2021-28164 - Normalize ambiguous URIs - * Fix: CVE-2021-28163 - Exclude webapps directory from deployment - scan + * Fix: bsc#1184367 CVE-2021-28165 - jetty server high CPU when + client send data length > 17408 + * Fix: bsc#1184368 CVE-2021-28164 - Normalize ambiguous URIs + * Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory + from deployment scan * Improve handling of unconsumed content * Jetty start.jar always reports jetty.tag.version as master * HttpConnection.getBytesIn() incorrect for requests with chunked