The Jetty team is happy to announce the immediate availability of a new release for the Eclipse Jetty 9.2.x branch.
This Jetty 9.2.25 includes important CVE fixes (see upcoming email for details) and a small number of bug fixes and improvements. It is recommended that all users upgrade as soon as they are able. A full list of changes for this release is listed at the end of this email.
As a reminder, the “Patch for a Patch” promotion for Jetty is still available, so get your patches, pull requests, etc. submitted. For each accepted patch, you are now eligible for a free Jetty embroidered patch yourself (while supplies last). We ship worldwide!
This release available on the Eclipse Jetty project download page or from the Maven Central repository:
Documentation for this release can be found on the Eclipse Jetty project site:
If you find any issues with this release, or if you want to suggest future enhancements, please file an issue on the Jetty GitHub page:
Commercial production and development support for Jetty is offered through Webtide (webtide.com). Please contact us for more information or email jesse@xxxxxxxxxxx to discuss your specific needs.
+ 2114 Fix NPE in JettyHttpServerProvider
+ 2135 Android 8.1 needs direct buffers for SSL/TLS to work
+ 2529 HttpParser CVE cleanup
+ 2603 WebSocket ByteAccumulator initialized with wrong maximum
+ 2604 WebSocket ByteAccumulator should report sizes in
MessageTooLargeException
Best Regards,
The Jetty Development Team
