The Jetty team is happy to announce the immediate availability of a new release for the Eclipse Jetty 9.4.x branch.
This release includes several bug fixes and enhancements. Additionally, cookie parsing has been overhauled to maintain compliance with revised specs. It is recommended that users upgrade to the latest version. Patch notes for the release can be found at the end of this email.
This release available on the Eclipse Jetty project download page or from the Maven Central repository:
jetty-9.4.6.v20170531 - 31 May 2017 + 523 TLS close behaviour breaking session resumption + 1108 Please improve logging in SslContextFactory when there are no approved cipher suites + 1505 Adding jetty.base.uri and jetty.home.uri + 1514 websocket dump badly formatted + 1516 Delay starting of WebSocketClient until an attempt to connect is made + 1520 PropertyUserStore should extract packed config file + 1526 MongoSessionDataStore old session scavenging is broken due to the missing $ sign in "and" operation + 1527 Jetty BOM should not depend on jetty-parent + 1528 Internal HttpClient usages should have common configurable technique + 1536 Jetty BOM should include more artifacts + 1538 NPE in Response.putHeaders + 1539 JarFileResource mishandles paths with spaces + 1544 Disabling JSR-356 doesn't indicate context it was disabled for + 1546 Improve handling of quotes in cookies + 1553 X509.isCertSign() can throw ArrayIndexOutOfBoundsException on non-standard implementations + 1556 A timing channel in Password.java + 1558 When creating WebAppContext without session-config and with NO_SESSIONS throws NPE + 1567 XmlConfiguration will start the same object multiple times + 1568 ServletUpgradeRequest mangles query strings containing percent-escapes by re-escaping them + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy + 1579 NPE in Quoted Quality CSV