[Git][java-team/jetty9][stretch] 31 commits: New upstream version 9.2.22

Sat Jul 3 20:20:34 BST 2021

Markus Koschany pushed to branch stretch at Debian Java Maintainers / jetty9

Commits:
2696c4eb by Emmanuel Bourg at 2017-06-09T16:06:07+02:00
New upstream version 9.2.22
- - - - -
95cd089a by Emmanuel Bourg at 2018-01-05T17:18:36+01:00
New upstream version 9.2.23
- - - - -
bb8f32e3 by Emmanuel Bourg at 2018-05-18T00:09:59+02:00
New upstream version 9.2.24
- - - - -
f4cd8d98 by Emmanuel Bourg at 2018-07-03T13:32:33+02:00
New upstream version 9.2.25
- - - - -
4719fe26 by Emmanuel Bourg at 2018-09-05T12:23:24+02:00
New upstream version 9.2.26
- - - - -
0039f9e5 by Emmanuel Bourg at 2018-12-05T01:23:45+01:00
New upstream version 9.4.14
- - - - -
e43ce8af by Emmanuel Bourg at 2019-02-25T01:01:12+01:00
New upstream version 9.4.15
- - - - -
4fc17536 by tony mancill at 2019-05-04T21:54:32-07:00
New upstream version 9.4.18
- - - - -
a08f2487 by Emmanuel Bourg at 2020-01-27T22:56:05+01:00
New upstream version 9.4.19
- - - - -
49e77cb6 by Emmanuel Bourg at 2020-01-27T23:09:43+01:00
New upstream version 9.4.20
- - - - -
07ce4223 by Emmanuel Bourg at 2020-01-27T23:30:15+01:00
New upstream version 9.4.21
- - - - -
2bab93ca by Emmanuel Bourg at 2020-01-27T23:44:52+01:00
New upstream version 9.4.22
- - - - -
cdad63e3 by Emmanuel Bourg at 2020-01-27T23:50:14+01:00
New upstream version 9.4.23
- - - - -
50cd5a46 by Emmanuel Bourg at 2020-01-28T00:01:19+01:00
New upstream version 9.4.24
- - - - -
7352bbb9 by Emmanuel Bourg at 2020-01-28T00:06:00+01:00
New upstream version 9.4.25
- - - - -
f046479b by Emmanuel Bourg at 2020-01-28T00:15:57+01:00
New upstream version 9.4.26
- - - - -
13a15041 by Emmanuel Bourg at 2020-03-01T15:07:38+01:00
New upstream version 9.4.27
- - - - -
bf726174 by Emmanuel Bourg at 2020-04-13T22:35:45+02:00
New upstream version 9.4.28
- - - - -
3f7fc1f5 by Emmanuel Bourg at 2020-05-27T17:52:15+02:00
New upstream version 9.4.29
- - - - -
3d1fd2ee by Emmanuel Bourg at 2020-09-03T14:21:45+02:00
New upstream version 9.4.30
- - - - -
b78d9e13 by Emmanuel Bourg at 2020-09-03T14:22:08+02:00
New upstream version 9.4.31
- - - - -
2d25cfcc by Emmanuel Bourg at 2020-10-22T09:46:42+02:00
New upstream version 9.4.32
- - - - -
25dac476 by Emmanuel Bourg at 2020-10-22T09:47:05+02:00
New upstream version 9.4.33
- - - - -
16c43b48 by Emmanuel Bourg at 2020-12-28T19:31:51+01:00
New upstream version 9.4.34
- - - - -
9e7eca9d by Emmanuel Bourg at 2020-12-28T19:32:16+01:00
New upstream version 9.4.35
- - - - -
cbd13ba3 by Emmanuel Bourg at 2021-01-17T23:44:08+01:00
New upstream version 9.4.36
- - - - -
86a0d38a by Emmanuel Bourg at 2021-02-28T21:39:35+01:00
New upstream version 9.4.37
- - - - -
2e0a5348 by Emmanuel Bourg at 2021-02-28T21:40:02+01:00
New upstream version 9.4.38
- - - - -
ddb35e5e by Emmanuel Bourg at 2021-04-12T00:00:37+02:00
New upstream version 9.4.39
- - - - -
61214828 by Markus Koschany at 2021-07-03T21:19:16+02:00
Import Upstream version 9.2.30
- - - - -
d90bcf5d by Sylvain Beucler at 2021-07-03T21:19:30+02:00
Import Debian changes 9.2.30-0+deb9u2

jetty9 (9.2.30-0+deb9u2) stretch-security; urgency=high
..
  * Non-maintainer upload by the LTS Security Team.
  * CVE-2021-28169: requests to the ConcatServlet with a doubly encoded
    path may access protected resources within the WEB-INF directory. For
    example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the
    web.xml file. This can reveal sensitive information regarding the
    implementation of a web application.
..
jetty9 (9.2.30-0+deb9u1) stretch-security; urgency=high
..
  * Non-maintainer upload by the LTS Security Team.
  * Fix FTBFS due to modified .pom files in newer tomcat8.
  * New upstream release, last upstream 9.2.x release before EOL.
    Fixes CVE-2017-9735 CVE-2018-12536 CVE-2019-10241 CVE-2019-10247.
  * CVE-2020-27216: race condition in system's temporary directory.

- - - - -

30 changed files:

- Jenkinsfile
- VERSION.txt
- aggregates/jetty-all/pom.xml
- aggregates/jetty-websocket-all/pom.xml
- apache-jsp/pom.xml
- apache-jsp/src/main/java/org/eclipse/jetty/apache/jsp/JettyJasperInitializer.java
- apache-jsp/src/main/java/org/eclipse/jetty/apache/jsp/JuliLog.java
- apache-jsp/src/main/java/org/eclipse/jetty/jsp/JettyJspServlet.java
- apache-jstl/pom.xml
- debian/changelog
- debian/maven.rules
- debian/patches/01-maven-bundle-plugin-version.patch
- debian/patches/05-remove-bundle-required-execution-environment.patch
- − debian/patches/06-CVE-2017-7658_CVE-2017-7657_CVE-2017-7656.patch
- + debian/patches/CVE-2020-27216.patch
- + debian/patches/CVE-2021-28169.patch
- + debian/patches/ecj-dependency.patch
- debian/patches/series
- examples/async-rest/async-rest-jar/pom.xml
- examples/async-rest/async-rest-jar/src/main/java/org/eclipse/jetty/example/asyncrest/AbstractRestServlet.java
- examples/async-rest/async-rest-jar/src/main/java/org/eclipse/jetty/example/asyncrest/AsyncRestServlet.java
- examples/async-rest/async-rest-jar/src/main/java/org/eclipse/jetty/example/asyncrest/SerialRestServlet.java
- examples/async-rest/async-rest-webapp/pom.xml
- examples/async-rest/async-rest-webapp/src/test/java/org/eclipse/jetty/example/asyncrest/DemoServer.java
- examples/async-rest/pom.xml
- examples/embedded/pom.xml
- examples/embedded/src/main/java/HelloWorld.java
- examples/embedded/src/main/java/org/eclipse/jetty/embedded/AsyncEchoServlet.java
- examples/embedded/src/main/java/org/eclipse/jetty/embedded/DumpServlet.java
- examples/embedded/src/main/java/org/eclipse/jetty/embedded/ExampleServer.java

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/java-team/jetty9/-/compare/9e483e1820fd9ef2e62b2a51e918f5bb71bc2dd7...d90bcf5d23e4284fbf45bfe66554e0c2a525c562

-- 
View it on GitLab: https://salsa.debian.org/java-team/jetty9/-/compare/9e483e1820fd9ef2e62b2a51e918f5bb71bc2dd7...d90bcf5d23e4284fbf45bfe66554e0c2a525c562
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210703/df3c4002/attachment.htm>