Releases · jetty/jetty.project (original) (raw)

12.1.10 Changelog

#15180 - Upgrade to Quiche version 0.29.1
#15161 - Reduce memory footprint for persistent HttpConnections
#15136 - Refresh Digest authentication implementation
#15118 - Upgrade to Quiche version 0.29.0
#15094 - Jetty 12.1 Regression: Deferred Authentication provides Callback.NOT_CALLED leading to errors
#15074 - HTTP/2 extended connect responses contain Content-Length: 0
#15031 - IOResources#toRetainableByteBuffer data loss when using resources without path
#15021 - Resource handling regression in 12.1.9
#15011 - PathResource.resolve() fails on Microsoft Windows due to Illegal char <:>
#15009 - Make processing of RST_STREAM more lenient
#14984 - XmlConfiguration emits "Deprecated method ... setMaxThreads" WARN from shipped jetty-threadpool-virtual.xml
#14745 - NPE in HttpChannelState.completeStream() when _request is null during multipart cleanup
#14528 - BinaryStreamTest.testMoreThanLargestMessageOneByteAtATime() is flaky
#14522 - Bundle org.eclipse.jetty.websocket.server OSGI metadata exports internal instead of public package
#14006 - How to handle "Warning Logs in org.eclipse.jetty.ee8.nested.HttpChannelState and org.eclipse.jetty.server.internal.HttpChannelState"
#9799 - Declare EncodingException for HPACK/QPACK encoders and decoders

#15161 - Reduce memory footprint for persistent HttpConnections
#15136 - Refresh Digest authentication implementation
#14745 - NPE in HttpChannelState.completeStream() when _request is null during multipart cleanup
#14692 - 12.0.x: H2 client should abort the active channel's request during close or failure
#14006 - How to handle "Warning Logs in org.eclipse.jetty.ee8.nested.HttpChannelState and org.eclipse.jetty.server.internal.HttpChannelState"

#14972 - Jetty 12.1.8 jetty-home has lib/*-config.jar files
#14913 - Upgrade to Quiche version 0.28.0
#14870 - Refactor compliance checks
#14853 - CombinedResource.getRealURI() returns null when multiple members exist, causing 404 for all static resources
#14846 - NPE in MimeTypes$Mutable.getMimeByExtension on startup with web-fragment with mime mapping
#14824 - FileSystemPool doesn't always own its filesystems
#14821 - Websocket IllegalStateException ('Demand already fulfilled') since Jetty 12.1
#14805 - HTTP/3 server crashes on quiche_header_info
#14646 - Regression in Jetty 12.1: Invalid UTF-8 exception for application/x-www-form-urlencoded; charset=iso-8859-1
#14564 - Jetty 12.1.x TLS connections hang after several requests with internal HTTPS self-requests
#14541 - Jetty HTTP Client - setMaxRequestHeadersSize resulting in java.lang.OutOfMemoryError
#14196 - Using passivation with eviction: HttpServletRequest.getSession() may return null due to race-condition
#12110 - Request Authority checks needed
#8876 - Jetty 12 - JMX-ify HttpContent.Factory implementations

14757 Fixes for JASPI isMandatory, authType and isAuthenticationRequest params - Addresses CVE-2026-5795
#14752 - Jetty 12.1 Violation of RFC9113 with Host and :authority headers
#14747 - Revert usage of SLF4J2 fluent APIs
#14732 - possible race condition in jetty 12.x code
#14694 - Sync jetty-ee11 with jetty-ee10
#14689 - ThreadIdPool.take() bottlenecks QueuedThreadPool.tryExecute()
#14687 - Destinations don't keep track of redirections.
#14685 - CachingHttpContentFactory#getContent may return null if httpContent size is not set
#14651 - Retain negative Max-Age cookie attribute
#14494 - Review use of CharsetStringBuilder subclasses
#14431 - ServletContainerInitializers are always excluded when used with absolute-ordering
#14332 - Complete mess with idleTimeout
#13685 - Infinite loop on Content.copy() with Content.Source.from(... , Path, ) when Path has size 0.
#13513 - Make MemoryEndPoint use RBB.DynamicCapacity (@afarber)
#10906 - Add Slf4j ConsoleRequestLog (JettySlf4jRequestLog) module

#14798 - Fixes for JASPI isMandatory, authType and isAuthenticationRequest params - Addresses CVE-2026-5795
#14743 - Jetty 12.0.x Add isDebugEnabled guard before log.debug
#14642 - 12.0.x Remove usage of Slf4j fluent api
#14494 - Review use of CharsetStringBuilder subclasses
#14332 - Fix idleTimeout for websocket

#14566 - CompressionHandler/GzipEncoderSink not respect setSyncFlush(true)
#14495 - Support Transfer-Encoding chunk extensions - Addresses CVE-2026-2332
#14485 - Illegal header value on UTF-8 encoding when using HTTP/2
#14442 - Allow splitting of Transfer-Encoding chunks
#14436 - Jetty 12.1.6 HttpFields from(HttpField...) does not provide opportunity to set compliance listener (@afarber)
#14435 - NoSuchMethodError error raised by HttpStateChannel with Jetty 12.1.6 run with maven plugin
#14408 - Redundant database index created by JDBCSessionDataStore
#14373 - Response listener that avoids any data copies
#14366 - Clarify Deprecation Policy
#14165 - Integrating Eclipse Soteria with Jetty EE10+

#14570 - Backport of #14496.
#14520 - Backport fix and test the multipart auto cleanup in HttpChannelState in 12.0.x
#14495 - Support Transfer-Encoding chunk extensions

#14360 - jetty-ee8-cdi missing from jetty-ee8-bom
#14330 - VirtualThreadPool can create unlimited threads while doc mentions otherwise
#14319 - ZSTD CompressionHandler may duplicate bytes in response (@afarber)
#14280 - jetty-ee11-servlets mistakenly depends on jetty-client
#14264 - org.eclipse.jetty.server.Response.sendRedirect doesn't allow a location containing a fragment (/#fragment)
#14260 - Improve GZIP performance
#14209 - Unable to use custom XmlParser for WebAppContext / MetaData descriptor parsing
#14137 - 304 Not Modified produces incorrect ETag from CompressionHandler.
#14068 - Jetty tmpdir processing doesn't match Java on Windows
#14061 - Jetty 12.1.4 demo HTTP/3 wrong port in alt-svc response header (@afarber)
#13686 - Improve grow algorithms
#13670 - jetty-ee11-servlet getParameter does not throw IllegalStateException
#13353 - Create a glossary in the documentation (@afarber)
#13328 - Add option to share thread pool in ProxyHandler (@afarber)
#12806 - ComplianceViolation.Listener isn't very useful for helping identify clients that need to migrate to standards
#12660 - Tagging the ClientUpgradeRequest to be able to support per-request client ssl auth
#11505 - Document HttpURI methods (@afarber)
#10905 - Support cookie name prefixes (@afarber)
#10355 - Http3Fields efficiency
#10281 - pom.xml description tags need updated
#9019 - Server cannot be closed gracefully when ServerConnector's IdleTimeout is 0