[jetty-users] Jetty releases 7.6.0 and 8.1.0

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-users] Jetty releases 7.6.0 and 8.1.0

Greg Wilkins-3

Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and will soon be available for download via http://eclipse.org/jetty

These releases represent a major effort by the team to refactor the IO layer to handle several issues that have emerged over the last year with respect to the latest JVMs and browsers, such as several 100% CPU spins fixed that resulted from strangely closed SSL connection.   Furthermore, the releases contain some additional protection from some denial of service attacks that have been discovered that affect a wide range of web servers.

We recommend that you plan to evaluate and upgrade to these releases as soon as possible.  Do to the nature of these changes, it is impossible to back the most significant ones to Jetty-6 and thus these releases represent the effective EOL for jetty-6, as no more general releases are planned.

Thanks to the jetty team who have  worked extremely hard over the last few months on these releases.  We've also very much appreciate the efforts of users who have raised issues, provided debug/traces and have tried out various snapshots and RCs.


jetty-8.1.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-8.1.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 NPE in HttpGenerator.prepareBuffers() test case.
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-8.1.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is  stopped.
 + 367548 jetty-osgi-boot must not import the nested package twice
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368112 NPE on <jsp-config><taglib> element parsing web.xml
 + 368113 Support servlet mapping to ""
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368215 Remove debug from jaspi
 + 368240 Better handling of locally created ThreadPool. Forgot to null out    field.
 + 368291 Change warning to info for NoSuchFieldException on    BeanELResolver.properties
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-8.1.0.RC2 - 22 December 2011
 + 359329 jetty-jaspi must exports its packages. jetty-plus must import   javax.security
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to  cope
 + 364921 Made test less time sensitive
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + 367383 jsp-config element must be returned for    ServletContext.getJspConfigDescriptor
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-8.1.0.RC1 - 06 December 2011
 + 360245 The version of the javax.servlet packages to import is 2.6 instead of 3.0
 + 365370 ServletHandler can fall through to nested handler

jetty-8.1.0.RC0 - 30 November 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets

  jetty-7.6.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-7.6.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 avoid non-blocking flush when writing to avoid setting !_writable
   without _writeblocked
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-7.6.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368215 Remove debug from jaspi
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties

jetty-7.6.0.RC3 - 05 January 2012
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-7.6.0.RC2 - 22 December 2011
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive for ssl
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-7.6.0.RC1 - 04 December 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets
 + 365370 ServletHandler can fall through to nested handler

jetty-7.6.0.RC0 - 29 November 2011
 + Refactored NIO layer for better half close handling
 + 349110 fixed bypass chunk handling
 + 360546 handle set count exceeding max integer
 + 362111 StdErrLog.isDebugEnabled() returns true too often
 + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
 + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
 + 362447 add setMaxNonceAge() to DigestAuthenticator
 + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
 + 362614 NPE in accepting connection
 + 362626 IllegalStateException thrown when SslContextFactory preconfigured
   with SSLContext
 + 362696 expand virtual host configuration options to ContextHandler and add
   associated test case for new behavior
 + 362742 improved UTF8 exception reason
 + 363124 improved websocket close handling
 + 363381 Throw IllegalStateException if Request uri is null on getServerName
 + 363408 GzipFilter should not attempt to compress HTTP status 204
 + 363488 ShutdownHandler use stopper thread
 + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
 + 363757 partial fix
 + 363785 StdErrLog must use system-dependent EOL.
 + 363943 ignore null attribute values
 + 363993 EOFException parsing HEAD response in HttpTester
 + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
   controls onIdleExpired callback. 364921 a second onIdleExpired callback will
   result in close rather than a shutdown output.
 + 364657 Support HTTP only cookies from standard API
 + JETTY-1442 add _hostHeader setter for ProxyRule



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Filipe Sousa
Hi.

I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact for 7.6.0.v20120127. The last version in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/  

Am I missing something?

Thanks.

On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:

Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and will soon be available for download via http://eclipse.org/jetty

These releases represent a major effort by the team to refactor the IO layer to handle several issues that have emerged over the last year with respect to the latest JVMs and browsers, such as several 100% CPU spins fixed that resulted from strangely closed SSL connection.   Furthermore, the releases contain some additional protection from some denial of service attacks that have been discovered that affect a wide range of web servers.

We recommend that you plan to evaluate and upgrade to these releases as soon as possible.  Do to the nature of these changes, it is impossible to back the most significant ones to Jetty-6 and thus these releases represent the effective EOL for jetty-6, as no more general releases are planned.

Thanks to the jetty team who have  worked extremely hard over the last few months on these releases.  We've also very much appreciate the efforts of users who have raised issues, provided debug/traces and have tried out various snapshots and RCs.


jetty-8.1.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-8.1.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 NPE in HttpGenerator.prepareBuffers() test case.
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-8.1.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is  stopped.
 + 367548 jetty-osgi-boot must not import the nested package twice
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368112 NPE on <jsp-config><taglib> element parsing web.xml
 + 368113 Support servlet mapping to ""
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368215 Remove debug from jaspi
 + 368240 Better handling of locally created ThreadPool. Forgot to null out    field.
 + 368291 Change warning to info for NoSuchFieldException on    BeanELResolver.properties
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-8.1.0.RC2 - 22 December 2011
 + 359329 jetty-jaspi must exports its packages. jetty-plus must import   javax.security
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to  cope
 + 364921 Made test less time sensitive
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + 367383 jsp-config element must be returned for    ServletContext.getJspConfigDescriptor
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-8.1.0.RC1 - 06 December 2011
 + 360245 The version of the javax.servlet packages to import is 2.6 instead of 3.0
 + 365370 ServletHandler can fall through to nested handler

jetty-8.1.0.RC0 - 30 November 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets

  jetty-7.6.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-7.6.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments.
 + 368948 POM for jetty-jndi references unknown version for javax.activation.
 + 368992 avoid non-blocking flush when writing to avoid setting !_writable
   without _writeblocked
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-7.6.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop().
 + 368060 do not encode sendRedirect URLs
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool.
 + 368215 Remove debug from jaspi
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties

jetty-7.6.0.RC3 - 05 January 2012
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection.
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-7.6.0.RC2 - 22 December 2011
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive for ssl
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST.
 + 367219 WebSocketClient.open() fails when URI uses default ports.
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-7.6.0.RC1 - 04 December 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets
 + 365370 ServletHandler can fall through to nested handler

jetty-7.6.0.RC0 - 29 November 2011
 + Refactored NIO layer for better half close handling
 + 349110 fixed bypass chunk handling
 + 360546 handle set count exceeding max integer
 + 362111 StdErrLog.isDebugEnabled() returns true too often
 + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
 + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
 + 362447 add setMaxNonceAge() to DigestAuthenticator
 + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
 + 362614 NPE in accepting connection
 + 362626 IllegalStateException thrown when SslContextFactory preconfigured
   with SSLContext
 + 362696 expand virtual host configuration options to ContextHandler and add
   associated test case for new behavior
 + 362742 improved UTF8 exception reason
 + 363124 improved websocket close handling
 + 363381 Throw IllegalStateException if Request uri is null on getServerName
 + 363408 GzipFilter should not attempt to compress HTTP status 204
 + 363488 ShutdownHandler use stopper thread
 + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
 + 363757 partial fix
 + 363785 StdErrLog must use system-dependent EOL.
 + 363943 ignore null attribute values
 + 363993 EOFException parsing HEAD response in HttpTester
 + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
   controls onIdleExpired callback. 364921 a second onIdleExpired callback will
   result in close rather than a shutdown output.
 + 364657 Support HTTP only cookies from standard API
 + JETTY-1442 add _hostHeader setter for ProxyRule



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users




--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Jan Bartel-3
Nope, you're not missing anything. Its not produced any more as its not needed.

cheers
Jan

On 30 January 2012 06:31, Filipe Sousa <[hidden email]> wrote:

> Hi.
>
> I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact
> for 7.6.0.v20120127. The last version
> in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/
>
> Am I missing something?
>
> Thanks.
>
> On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:
>>
>>
>> Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and
>> will soon be available for download via http://eclipse.org/jetty
>>
>> These releases represent a major effort by the team to refactor the IO
>> layer to handle several issues that have emerged over the last year with
>> respect to the latest JVMs and browsers, such as several 100% CPU spins
>> fixed that resulted from strangely closed SSL connection.   Furthermore, the
>> releases contain some additional protection from some denial of service
>> attacks that have been discovered that affect a wide range of web servers.
>>
>> We recommend that you plan to evaluate and upgrade to these releases as
>> soon as possible.  Do to the nature of these changes, it is impossible to
>> back the most significant ones to Jetty-6 and thus these releases represent
>> the effective EOL for jetty-6, as no more general releases are planned.
>>
>> Thanks to the jetty team who have  worked extremely hard over the last few
>> months on these releases.  We've also very much appreciate the efforts of
>> users who have raised issues, provided debug/traces and have tried out
>> various snapshots and RCs.
>>
>>
>> jetty-8.1.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-8.1.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 NPE in HttpGenerator.prepareBuffers() test case.
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-8.1.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is  stopped.
>>  + 367548 jetty-osgi-boot must not import the nested package twice
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368112 NPE on <jsp-config><taglib> element parsing web.xml
>>  + 368113 Support servlet mapping to ""
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368215 Remove debug from jaspi
>>  + 368240 Better handling of locally created ThreadPool. Forgot to null
>> out    field.
>>  + 368291 Change warning to info for NoSuchFieldException on
>> BeanELResolver.properties
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-8.1.0.RC2 - 22 December 2011
>>  + 359329 jetty-jaspi must exports its packages. jetty-plus must import
>> javax.security
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to  cope
>>  + 364921 Made test less time sensitive
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + 367383 jsp-config element must be returned for
>> ServletContext.getJspConfigDescriptor
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-8.1.0.RC1 - 06 December 2011
>>  + 360245 The version of the javax.servlet packages to import is 2.6
>> instead of 3.0
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-8.1.0.RC0 - 30 November 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>
>>   jetty-7.6.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-7.6.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 avoid non-blocking flush when writing to avoid setting
>> !_writable
>>    without _writeblocked
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-7.6.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368215 Remove debug from jaspi
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368291 Change warning to info for NoSuchFieldException on
>>    BeanELResolver.properties
>>
>> jetty-7.6.0.RC3 - 05 January 2012
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is
>>    stopped.
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-7.6.0.RC2 - 22 December 2011
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to
>>    cope
>>  + 364921 Made test less time sensitive for ssl
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-7.6.0.RC1 - 04 December 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-7.6.0.RC0 - 29 November 2011
>>  + Refactored NIO layer for better half close handling
>>  + 349110 fixed bypass chunk handling
>>  + 360546 handle set count exceeding max integer
>>  + 362111 StdErrLog.isDebugEnabled() returns true too often
>>  + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
>>  + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
>>  + 362447 add setMaxNonceAge() to DigestAuthenticator
>>  + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
>>  + 362614 NPE in accepting connection
>>  + 362626 IllegalStateException thrown when SslContextFactory
>> preconfigured
>>    with SSLContext
>>  + 362696 expand virtual host configuration options to ContextHandler and
>> add
>>    associated test case for new behavior
>>  + 362742 improved UTF8 exception reason
>>  + 363124 improved websocket close handling
>>  + 363381 Throw IllegalStateException if Request uri is null on
>> getServerName
>>  + 363408 GzipFilter should not attempt to compress HTTP status 204
>>  + 363488 ShutdownHandler use stopper thread
>>  + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
>>  + 363757 partial fix
>>  + 363785 StdErrLog must use system-dependent EOL.
>>  + 363943 ignore null attribute values
>>  + 363993 EOFException parsing HEAD response in HttpTester
>>  + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
>>    controls onIdleExpired callback. 364921 a second onIdleExpired callback
>> will
>>    result in close rather than a shutdown output.
>>  + 364657 Support HTTP only cookies from standard API
>>  + JETTY-1442 add _hostHeader setter for ProxyRule
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Filipe Sousa
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Filipe Sousa
Hi

But without that I'm getting 
HTTP ERROR 500
Problem accessing /guia-ects/login.jsp. Reason:
JSP support not configured

Thanks

On Sun, Jan 29, 2012 at 10:18 PM, Jan Bartel <[hidden email]> wrote:
Nope, you're not missing anything. Its not produced any more as its not needed.

cheers
Jan

On 30 January 2012 06:31, Filipe Sousa <[hidden email]> wrote:
> Hi.
>
> I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact
> for 7.6.0.v20120127. The last version
> in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/
>
> Am I missing something?
>
> Thanks.
>
> On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:
>>
>>
>> Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and
>> will soon be available for download via http://eclipse.org/jetty
>>
>> These releases represent a major effort by the team to refactor the IO
>> layer to handle several issues that have emerged over the last year with
>> respect to the latest JVMs and browsers, such as several 100% CPU spins
>> fixed that resulted from strangely closed SSL connection.   Furthermore, the
>> releases contain some additional protection from some denial of service
>> attacks that have been discovered that affect a wide range of web servers.
>>
>> We recommend that you plan to evaluate and upgrade to these releases as
>> soon as possible.  Do to the nature of these changes, it is impossible to
>> back the most significant ones to Jetty-6 and thus these releases represent
>> the effective EOL for jetty-6, as no more general releases are planned.
>>
>> Thanks to the jetty team who have  worked extremely hard over the last few
>> months on these releases.  We've also very much appreciate the efforts of
>> users who have raised issues, provided debug/traces and have tried out
>> various snapshots and RCs.
>>
>>
>> jetty-8.1.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-8.1.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 NPE in HttpGenerator.prepareBuffers() test case.
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-8.1.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is  stopped.
>>  + 367548 jetty-osgi-boot must not import the nested package twice
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368112 NPE on <jsp-config><taglib> element parsing web.xml
>>  + 368113 Support servlet mapping to ""
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368215 Remove debug from jaspi
>>  + 368240 Better handling of locally created ThreadPool. Forgot to null
>> out    field.
>>  + 368291 Change warning to info for NoSuchFieldException on
>> BeanELResolver.properties
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-8.1.0.RC2 - 22 December 2011
>>  + 359329 jetty-jaspi must exports its packages. jetty-plus must import
>> javax.security
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to  cope
>>  + 364921 Made test less time sensitive
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + 367383 jsp-config element must be returned for
>> ServletContext.getJspConfigDescriptor
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-8.1.0.RC1 - 06 December 2011
>>  + 360245 The version of the javax.servlet packages to import is 2.6
>> instead of 3.0
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-8.1.0.RC0 - 30 November 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>
>>   jetty-7.6.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-7.6.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 avoid non-blocking flush when writing to avoid setting
>> !_writable
>>    without _writeblocked
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-7.6.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368215 Remove debug from jaspi
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368291 Change warning to info for NoSuchFieldException on
>>    BeanELResolver.properties
>>
>> jetty-7.6.0.RC3 - 05 January 2012
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is
>>    stopped.
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-7.6.0.RC2 - 22 December 2011
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to
>>    cope
>>  + 364921 Made test less time sensitive for ssl
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-7.6.0.RC1 - 04 December 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-7.6.0.RC0 - 29 November 2011
>>  + Refactored NIO layer for better half close handling
>>  + 349110 fixed bypass chunk handling
>>  + 360546 handle set count exceeding max integer
>>  + 362111 StdErrLog.isDebugEnabled() returns true too often
>>  + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
>>  + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
>>  + 362447 add setMaxNonceAge() to DigestAuthenticator
>>  + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
>>  + 362614 NPE in accepting connection
>>  + 362626 IllegalStateException thrown when SslContextFactory
>> preconfigured
>>    with SSLContext
>>  + 362696 expand virtual host configuration options to ContextHandler and
>> add
>>    associated test case for new behavior
>>  + 362742 improved UTF8 exception reason
>>  + 363124 improved websocket close handling
>>  + 363381 Throw IllegalStateException if Request uri is null on
>> getServerName
>>  + 363408 GzipFilter should not attempt to compress HTTP status 204
>>  + 363488 ShutdownHandler use stopper thread
>>  + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
>>  + 363757 partial fix
>>  + 363785 StdErrLog must use system-dependent EOL.
>>  + 363943 ignore null attribute values
>>  + 363993 EOFException parsing HEAD response in HttpTester
>>  + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
>>    controls onIdleExpired callback. 364921 a second onIdleExpired callback
>> will
>>    result in close rather than a shutdown output.
>>  + 364657 Support HTTP only cookies from standard API
>>  + JETTY-1442 add _hostHeader setter for ProxyRule
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Filipe Sousa
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Joakim Erdfelt-9
Look at the distribution's lib/jsp directory for a complete list of the dependencies you need.

Example (from jetty-distribution-8.1.0.v20120127.tar.gz)
$ ls -la lib/jsp/
-rw-rw-r-- 1 joakim joakim  129396 2012-01-27 09:26 com.sun.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim 1690519 2012-01-27 09:26 ecj-3.6.jar
-rw-rw-r-- 1 joakim joakim   51111 2012-01-27 09:26 javax.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim  106024 2012-01-27 09:26 javax.servlet.jsp_2.2.0.v201112011158.jar
-rw-rw-r-- 1 joakim joakim   51701 2012-01-27 09:26 javax.servlet.jsp.jstl_1.2.0.v201004190952.jar
-rw-rw-r-- 1 joakim joakim  592687 2012-01-27 09:26 org.apache.jasper.glassfish_2.2.2.v201112011158.jar
-rw-rw-r-- 1 joakim joakim  428831 2012-01-27 09:26 org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar

Note: we are trying to make this easier with maven starting in 7.6.1 and 8.1.1, stay tuned for details (we are still experimenting with a possible solution in git master)

--
Joakim Erdfelt

(the people behind jetty and cometd)



On Wed, Feb 1, 2012 at 10:28 AM, Filipe Sousa <[hidden email]> wrote:
Hi

But without that I'm getting 
HTTP ERROR 500
Problem accessing /guia-ects/login.jsp. Reason:
JSP support not configured

Thanks

On Sun, Jan 29, 2012 at 10:18 PM, Jan Bartel <[hidden email]> wrote:
Nope, you're not missing anything. Its not produced any more as its not needed.

cheers
Jan

On 30 January 2012 06:31, Filipe Sousa <[hidden email]> wrote:
> Hi.
>
> I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact
> for 7.6.0.v20120127. The last version
> in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/
>
> Am I missing something?
>
> Thanks.
>
> On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:
>>
>>
>> Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and
>> will soon be available for download via http://eclipse.org/jetty
>>
>> These releases represent a major effort by the team to refactor the IO
>> layer to handle several issues that have emerged over the last year with
>> respect to the latest JVMs and browsers, such as several 100% CPU spins
>> fixed that resulted from strangely closed SSL connection.   Furthermore, the
>> releases contain some additional protection from some denial of service
>> attacks that have been discovered that affect a wide range of web servers.
>>
>> We recommend that you plan to evaluate and upgrade to these releases as
>> soon as possible.  Do to the nature of these changes, it is impossible to
>> back the most significant ones to Jetty-6 and thus these releases represent
>> the effective EOL for jetty-6, as no more general releases are planned.
>>
>> Thanks to the jetty team who have  worked extremely hard over the last few
>> months on these releases.  We've also very much appreciate the efforts of
>> users who have raised issues, provided debug/traces and have tried out
>> various snapshots and RCs.
>>
>>
>> jetty-8.1.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-8.1.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 NPE in HttpGenerator.prepareBuffers() test case.
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-8.1.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is  stopped.
>>  + 367548 jetty-osgi-boot must not import the nested package twice
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368112 NPE on <jsp-config><taglib> element parsing web.xml
>>  + 368113 Support servlet mapping to ""
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368215 Remove debug from jaspi
>>  + 368240 Better handling of locally created ThreadPool. Forgot to null
>> out    field.
>>  + 368291 Change warning to info for NoSuchFieldException on
>> BeanELResolver.properties
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-8.1.0.RC2 - 22 December 2011
>>  + 359329 jetty-jaspi must exports its packages. jetty-plus must import
>> javax.security
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to  cope
>>  + 364921 Made test less time sensitive
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + 367383 jsp-config element must be returned for
>> ServletContext.getJspConfigDescriptor
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-8.1.0.RC1 - 06 December 2011
>>  + 360245 The version of the javax.servlet packages to import is 2.6
>> instead of 3.0
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-8.1.0.RC0 - 30 November 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>
>>   jetty-7.6.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-7.6.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 avoid non-blocking flush when writing to avoid setting
>> !_writable
>>    without _writeblocked
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-7.6.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368215 Remove debug from jaspi
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368291 Change warning to info for NoSuchFieldException on
>>    BeanELResolver.properties
>>
>> jetty-7.6.0.RC3 - 05 January 2012
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is
>>    stopped.
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-7.6.0.RC2 - 22 December 2011
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to
>>    cope
>>  + 364921 Made test less time sensitive for ssl
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-7.6.0.RC1 - 04 December 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-7.6.0.RC0 - 29 November 2011
>>  + Refactored NIO layer for better half close handling
>>  + 349110 fixed bypass chunk handling
>>  + 360546 handle set count exceeding max integer
>>  + 362111 StdErrLog.isDebugEnabled() returns true too often
>>  + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
>>  + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
>>  + 362447 add setMaxNonceAge() to DigestAuthenticator
>>  + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
>>  + 362614 NPE in accepting connection
>>  + 362626 IllegalStateException thrown when SslContextFactory
>> preconfigured
>>    with SSLContext
>>  + 362696 expand virtual host configuration options to ContextHandler and
>> add
>>    associated test case for new behavior
>>  + 362742 improved UTF8 exception reason
>>  + 363124 improved websocket close handling
>>  + 363381 Throw IllegalStateException if Request uri is null on
>> getServerName
>>  + 363408 GzipFilter should not attempt to compress HTTP status 204
>>  + 363488 ShutdownHandler use stopper thread
>>  + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
>>  + 363757 partial fix
>>  + 363785 StdErrLog must use system-dependent EOL.
>>  + 363943 ignore null attribute values
>>  + 363993 EOFException parsing HEAD response in HttpTester
>>  + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
>>    controls onIdleExpired callback. 364921 a second onIdleExpired callback
>> will
>>    result in close rather than a shutdown output.
>>  + 364657 Support HTTP only cookies from standard API
>>  + JETTY-1442 add _hostHeader setter for ProxyRule
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Filipe Sousa
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Filipe Sousa
Hi.

I will try to include one by one but in the past it was easier to include jetty-jsp-2.1
7.5.4.v20111024 and get all dependencies as you can see in the graph of the attachment.

BTW i'm using jetty in embedded way.

On Wed, Feb 1, 2012 at 6:09 PM, Joakim Erdfelt <[hidden email]> wrote:
Look at the distribution's lib/jsp directory for a complete list of the dependencies you need.

Example (from jetty-distribution-8.1.0.v20120127.tar.gz)
$ ls -la lib/jsp/
-rw-rw-r-- 1 joakim joakim  129396 2012-01-27 09:26 com.sun.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim 1690519 2012-01-27 09:26 ecj-3.6.jar
-rw-rw-r-- 1 joakim joakim   51111 2012-01-27 09:26 javax.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim  106024 2012-01-27 09:26 javax.servlet.jsp_2.2.0.v201112011158.jar
-rw-rw-r-- 1 joakim joakim   51701 2012-01-27 09:26 javax.servlet.jsp.jstl_1.2.0.v201004190952.jar
-rw-rw-r-- 1 joakim joakim  592687 2012-01-27 09:26 org.apache.jasper.glassfish_2.2.2.v201112011158.jar
-rw-rw-r-- 1 joakim joakim  428831 2012-01-27 09:26 org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar

Note: we are trying to make this easier with maven starting in 7.6.1 and 8.1.1, stay tuned for details (we are still experimenting with a possible solution in git master)

--
Joakim Erdfelt

(the people behind jetty and cometd)



On Wed, Feb 1, 2012 at 10:28 AM, Filipe Sousa <[hidden email]> wrote:
Hi

But without that I'm getting 
HTTP ERROR 500
Problem accessing /guia-ects/login.jsp. Reason:
JSP support not configured

Thanks

On Sun, Jan 29, 2012 at 10:18 PM, Jan Bartel <[hidden email]> wrote:
Nope, you're not missing anything. Its not produced any more as its not needed.

cheers
Jan

On 30 January 2012 06:31, Filipe Sousa <[hidden email]> wrote:
> Hi.
>
> I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact
> for 7.6.0.v20120127. The last version
> in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/
>
> Am I missing something?
>
> Thanks.
>
> On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:
>>
>>
>> Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and
>> will soon be available for download via http://eclipse.org/jetty
>>
>> These releases represent a major effort by the team to refactor the IO
>> layer to handle several issues that have emerged over the last year with
>> respect to the latest JVMs and browsers, such as several 100% CPU spins
>> fixed that resulted from strangely closed SSL connection.   Furthermore, the
>> releases contain some additional protection from some denial of service
>> attacks that have been discovered that affect a wide range of web servers.
>>
>> We recommend that you plan to evaluate and upgrade to these releases as
>> soon as possible.  Do to the nature of these changes, it is impossible to
>> back the most significant ones to Jetty-6 and thus these releases represent
>> the effective EOL for jetty-6, as no more general releases are planned.
>>
>> Thanks to the jetty team who have  worked extremely hard over the last few
>> months on these releases.  We've also very much appreciate the efforts of
>> users who have raised issues, provided debug/traces and have tried out
>> various snapshots and RCs.
>>
>>
>> jetty-8.1.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-8.1.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 NPE in HttpGenerator.prepareBuffers() test case.
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-8.1.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is  stopped.
>>  + 367548 jetty-osgi-boot must not import the nested package twice
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368112 NPE on <jsp-config><taglib> element parsing web.xml
>>  + 368113 Support servlet mapping to ""
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368215 Remove debug from jaspi
>>  + 368240 Better handling of locally created ThreadPool. Forgot to null
>> out    field.
>>  + 368291 Change warning to info for NoSuchFieldException on
>> BeanELResolver.properties
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-8.1.0.RC2 - 22 December 2011
>>  + 359329 jetty-jaspi must exports its packages. jetty-plus must import
>> javax.security
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to  cope
>>  + 364921 Made test less time sensitive
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + 367383 jsp-config element must be returned for
>> ServletContext.getJspConfigDescriptor
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-8.1.0.RC1 - 06 December 2011
>>  + 360245 The version of the javax.servlet packages to import is 2.6
>> instead of 3.0
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-8.1.0.RC0 - 30 November 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>
>>   jetty-7.6.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-7.6.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 avoid non-blocking flush when writing to avoid setting
>> !_writable
>>    without _writeblocked
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-7.6.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368215 Remove debug from jaspi
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368291 Change warning to info for NoSuchFieldException on
>>    BeanELResolver.properties
>>
>> jetty-7.6.0.RC3 - 05 January 2012
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is
>>    stopped.
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-7.6.0.RC2 - 22 December 2011
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to
>>    cope
>>  + 364921 Made test less time sensitive for ssl
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-7.6.0.RC1 - 04 December 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-7.6.0.RC0 - 29 November 2011
>>  + Refactored NIO layer for better half close handling
>>  + 349110 fixed bypass chunk handling
>>  + 360546 handle set count exceeding max integer
>>  + 362111 StdErrLog.isDebugEnabled() returns true too often
>>  + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
>>  + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
>>  + 362447 add setMaxNonceAge() to DigestAuthenticator
>>  + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
>>  + 362614 NPE in accepting connection
>>  + 362626 IllegalStateException thrown when SslContextFactory
>> preconfigured
>>    with SSLContext
>>  + 362696 expand virtual host configuration options to ContextHandler and
>> add
>>    associated test case for new behavior
>>  + 362742 improved UTF8 exception reason
>>  + 363124 improved websocket close handling
>>  + 363381 Throw IllegalStateException if Request uri is null on
>> getServerName
>>  + 363408 GzipFilter should not attempt to compress HTTP status 204
>>  + 363488 ShutdownHandler use stopper thread
>>  + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
>>  + 363757 partial fix
>>  + 363785 StdErrLog must use system-dependent EOL.
>>  + 363943 ignore null attribute values
>>  + 363993 EOFException parsing HEAD response in HttpTester
>>  + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
>>    controls onIdleExpired callback. 364921 a second onIdleExpired callback
>> will
>>    result in close rather than a shutdown output.
>>  + 364657 Support HTTP only cookies from standard API
>>  + JETTY-1442 add _hostHeader setter for ProxyRule
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Filipe Sousa
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users




--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users

report-test.pdf (67K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty releases 7.6.0 and 8.1.0

Filipe Sousa
After reading http://wiki.eclipse.org/Jetty/Howto/Configure_JSP I just had to include <dependency org="org.glassfish.web" name="jsp-impl" rev="2.1.3-b10"/>

bwt, I'm using java 6.

Thank you
On Thu, Feb 2, 2012 at 10:15 AM, Filipe Sousa <[hidden email]> wrote:
Hi.

I will try to include one by one but in the past it was easier to include jetty-jsp-2.1
7.5.4.v20111024 and get all dependencies as you can see in the graph of the attachment.

BTW i'm using jetty in embedded way.

On Wed, Feb 1, 2012 at 6:09 PM, Joakim Erdfelt <[hidden email]> wrote:
Look at the distribution's lib/jsp directory for a complete list of the dependencies you need.

Example (from jetty-distribution-8.1.0.v20120127.tar.gz)
$ ls -la lib/jsp/
-rw-rw-r-- 1 joakim joakim  129396 2012-01-27 09:26 com.sun.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim 1690519 2012-01-27 09:26 ecj-3.6.jar
-rw-rw-r-- 1 joakim joakim   51111 2012-01-27 09:26 javax.el_2.2.0.v201105051105.jar
-rw-rw-r-- 1 joakim joakim  106024 2012-01-27 09:26 javax.servlet.jsp_2.2.0.v201112011158.jar
-rw-rw-r-- 1 joakim joakim   51701 2012-01-27 09:26 javax.servlet.jsp.jstl_1.2.0.v201004190952.jar
-rw-rw-r-- 1 joakim joakim  592687 2012-01-27 09:26 org.apache.jasper.glassfish_2.2.2.v201112011158.jar
-rw-rw-r-- 1 joakim joakim  428831 2012-01-27 09:26 org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar

Note: we are trying to make this easier with maven starting in 7.6.1 and 8.1.1, stay tuned for details (we are still experimenting with a possible solution in git master)

--
Joakim Erdfelt

(the people behind jetty and cometd)



On Wed, Feb 1, 2012 at 10:28 AM, Filipe Sousa <[hidden email]> wrote:
Hi

But without that I'm getting 
HTTP ERROR 500
Problem accessing /guia-ects/login.jsp. Reason:
JSP support not configured

Thanks

On Sun, Jan 29, 2012 at 10:18 PM, Jan Bartel <[hidden email]> wrote:
Nope, you're not missing anything. Its not produced any more as its not needed.

cheers
Jan

On 30 January 2012 06:31, Filipe Sousa <[hidden email]> wrote:
> Hi.
>
> I'm using ivy for dependencies and I can't find the jetty-jsp-2.1 artifact
> for 7.6.0.v20120127. The last version
> in http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jsp-2.1/ is 7.5.4.v20111024/
>
> Am I missing something?
>
> Thanks.
>
> On Sat, Jan 28, 2012 at 9:50 PM, Greg Wilkins <[hidden email]> wrote:
>>
>>
>> Jetty releases 7.6.0 and 8.1.0 have been promoted to maven central and
>> will soon be available for download via http://eclipse.org/jetty
>>
>> These releases represent a major effort by the team to refactor the IO
>> layer to handle several issues that have emerged over the last year with
>> respect to the latest JVMs and browsers, such as several 100% CPU spins
>> fixed that resulted from strangely closed SSL connection.   Furthermore, the
>> releases contain some additional protection from some denial of service
>> attacks that have been discovered that affect a wide range of web servers.
>>
>> We recommend that you plan to evaluate and upgrade to these releases as
>> soon as possible.  Do to the nature of these changes, it is impossible to
>> back the most significant ones to Jetty-6 and thus these releases represent
>> the effective EOL for jetty-6, as no more general releases are planned.
>>
>> Thanks to the jetty team who have  worked extremely hard over the last few
>> months on these releases.  We've also very much appreciate the efforts of
>> users who have raised issues, provided debug/traces and have tried out
>> various snapshots and RCs.
>>
>>
>> jetty-8.1.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-8.1.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 NPE in HttpGenerator.prepareBuffers() test case.
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-8.1.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is  stopped.
>>  + 367548 jetty-osgi-boot must not import the nested package twice
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368112 NPE on <jsp-config><taglib> element parsing web.xml
>>  + 368113 Support servlet mapping to ""
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368215 Remove debug from jaspi
>>  + 368240 Better handling of locally created ThreadPool. Forgot to null
>> out    field.
>>  + 368291 Change warning to info for NoSuchFieldException on
>> BeanELResolver.properties
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-8.1.0.RC2 - 22 December 2011
>>  + 359329 jetty-jaspi must exports its packages. jetty-plus must import
>> javax.security
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to  cope
>>  + 364921 Made test less time sensitive
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + 367383 jsp-config element must be returned for
>> ServletContext.getJspConfigDescriptor
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-8.1.0.RC1 - 06 December 2011
>>  + 360245 The version of the javax.servlet packages to import is 2.6
>> instead of 3.0
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-8.1.0.RC0 - 30 November 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>
>>   jetty-7.6.0.v20120127 - 27 January 2012
>>  + 368773 allow authentication to be set by non securityHandler handlers
>>  + 368992 avoid update key while flushing during a write
>>  + 369216 turned off the shared resource cache
>>  + 369349 replace quotes with a space escape method
>>
>> jetty-7.6.0.RC5 - 20 January 2012
>>  + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
>>    authed user
>>  + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
>>  + 368633 fixed configure.dtd resource mappings
>>  + 368635 moved lifecycle state reporting from toString to dump
>>  + 368773 process data constraints without realm
>>  + 368787 always set token view to new header buffers in httpparser
>>  + 368821 improved test harness
>>  + 368920 JettyAwareLogger always formats the arguments.
>>  + 368948 POM for jetty-jndi references unknown version for
>> javax.activation.
>>  + 368992 avoid non-blocking flush when writing to avoid setting
>> !_writable
>>    without _writeblocked
>>  + JETTY-1475 made output state fields volatile to provide memory barrier
>> for
>>    non dispatched thread IO
>>
>> jetty-7.6.0.RC4 - 13 January 2012
>>  + 365048 jetty Http client does not send proxy authentication when
>> requesting
>>    a Https-resource through a web-proxy.
>>  + 366774 removed XSS vulnerbility
>>  + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum.
>>  + 367716 simplified maxIdleTime logic
>>  + 368035 WebSocketClientFactory does not invoke super.doStop().
>>  + 368060 do not encode sendRedirect URLs
>>  + 368114 Protect against non-Strings in System properties for Log
>>  + 368189 WebSocketClientFactory should not manage external thread pool.
>>  + 368215 Remove debug from jaspi
>>  + 368240 Improve AggregateLifeCycle handling of shared lifecycles
>>  + 368291 Change warning to info for NoSuchFieldException on
>>    BeanELResolver.properties
>>
>> jetty-7.6.0.RC3 - 05 January 2012
>>  + 367433 added tests to investigate
>>  + 367435 improved D00 test harness
>>  + 367485 HttpExchange canceled before response do not release connection.
>>  + 367502 WebSocket connections should be closed when application context
>> is
>>    stopped.
>>  + 367591 corrected configuration.xml version to 7.6
>>  + 367635 Added support for start.d directory
>>  + 367638 limit number of form parameters to avoid DOS
>>  + JETTY-1467 close half closed when idle
>>
>> jetty-7.6.0.RC2 - 22 December 2011
>>  + 364638 HttpParser closes if data received while seeking EOF. Tests
>> fixed to
>>    cope
>>  + 364921 Made test less time sensitive for ssl
>>  + 364936 use Resource for opening URL streams
>>  + 365267 NullPointerException in bad Address
>>  + 365375 ResourceHandler should be a HandlerWrapper
>>  + 365750 Support WebSocket over SSL, aka wss://
>>  + 365932 Produce jetty-websocket aggregate jar for android use
>>  + 365947 Set headers for Auth failure and retry in http-spi
>>  + 366316 Superfluous printStackTrace on 404
>>  + 366342 Dont persist DosFilter trackers in http session
>>  + 366730 pass the time idle to onIdleExpire
>>  + 367048 test harness for guard on suspended requests
>>  + 367175 SSL 100% CPU spin in case of blocked write and RST.
>>  + 367219 WebSocketClient.open() fails when URI uses default ports.
>>  + JETTY-1460 suppress PrintWriter exceptions
>>  + JETTY-1463 websocket D0 parser should return progress even if no fill
>> done
>>  + JETTY-1465 NPE in ContextHandler.toString
>>
>> jetty-7.6.0.RC1 - 04 December 2011
>>  + 352565 cookie httponly flag ignored
>>  + 353285 ServletSecurity annotation ignored
>>  + 357163 jetty 8 ought to proxy jetty8 javadocs
>>  + 357209 JSP tag listeners not called
>>  + 360051 SocketConnectionTest.testServerClosedConnection is excluded.
>>  + 361135 Allow session cookies to NEVER be marked as secure, even on
>> HTTPS
>>    requests.
>>  + 362249 update shell scripts to jetty8
>>  + 363878 Add ecj compiler to jetty-8 for jsp
>>  + 364283 can't parse the servlet multipart-config for the web.xml
>>  + 364430 Support web.xml enabled state for servlets
>>  + 365370 ServletHandler can fall through to nested handler
>>
>> jetty-7.6.0.RC0 - 29 November 2011
>>  + Refactored NIO layer for better half close handling
>>  + 349110 fixed bypass chunk handling
>>  + 360546 handle set count exceeding max integer
>>  + 362111 StdErrLog.isDebugEnabled() returns true too often
>>  + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
>>  + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
>>  + 362447 add setMaxNonceAge() to DigestAuthenticator
>>  + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
>>  + 362614 NPE in accepting connection
>>  + 362626 IllegalStateException thrown when SslContextFactory
>> preconfigured
>>    with SSLContext
>>  + 362696 expand virtual host configuration options to ContextHandler and
>> add
>>    associated test case for new behavior
>>  + 362742 improved UTF8 exception reason
>>  + 363124 improved websocket close handling
>>  + 363381 Throw IllegalStateException if Request uri is null on
>> getServerName
>>  + 363408 GzipFilter should not attempt to compress HTTP status 204
>>  + 363488 ShutdownHandler use stopper thread
>>  + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
>>  + 363757 partial fix
>>  + 363785 StdErrLog must use system-dependent EOL.
>>  + 363943 ignore null attribute values
>>  + 363993 EOFException parsing HEAD response in HttpTester
>>  + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
>>    controls onIdleExpired callback. 364921 a second onIdleExpired callback
>> will
>>    result in close rather than a shutdown output.
>>  + 364657 Support HTTP only cookies from standard API
>>  + JETTY-1442 add _hostHeader setter for ProxyRule
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [hidden email]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Filipe Sousa
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users




--
Filipe Sousa



--
Filipe Sousa

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users