The Jetty team is happy to announce the immediate availability of a new release for the Eclipse Jetty 9.4.x branch.
This Jetty 9.4.11 includes important CVE fixes (see upcoming email for details) and a number of bug fixes and improvements. It is recommended that all users upgrade as soon as they are able. A full list of changes for this release is listed at the end of this email.
As a reminder, the “Patch for a Patch” promotion for Jetty is still available, so get your patches, pull requests, etc. submitted. For each accepted patch, you are now eligible for a free Jetty embroidered patch yourself (while supplies last). We ship worldwide!
This release available on the Eclipse Jetty project download page or from the Maven Central repository:
Documentation for this release can be found on the Eclipse Jetty project site:
If you find any issues with this release, or if you want to suggest future enhancements, please file an issue on the Jetty GitHub page:
Commercial production and development support for Jetty is offered through Webtide (
webtide.com). Please contact us for more information or email
jesse@xxxxxxxxxxx to discuss your specific needs.
+ 1785 Support for vhost@connectorname syntax of virtual hosts
+ 2346 Revert stack trace logging for HTTPChannel.onException
+ 2439 Remove HTTP/2 data copy
+ 2472 central.maven.org doesn't work with https
+ 2484 Repeated null check in MimeTypes.getDefaultMimeByExtension
+ 2496 Jetty Maven Plugin should skip execution on projects it cannot support
+ 2516 NPE at SslClientConnectionFactory.newConnection()
+ 2518 HttpClient cannot handle bad servers that report multiple 100-continue
responses in the same conversation
+ 2525 Deprecate BlockingTimeout mechanism for removal in future release
+ 2529 HttpParser CVE cleanup
+ 2532 Improve parser handing of tokens
+ 2545 Slow HTTP2 per-stream download performance
+ 2546 Incorrect parsing of PROXY protocol v2
+ 2548 Possible deadlock failing HTTP/2 stream creation
+ 2549 ConsumeAll and requestRecycle
+ 2550 Coalesce overlapping HTTP requested byte ranges
+ 2556 "file:" prefix in jetty.base variable
+ 2559 Use Configurator declared in ServerEndpointConfig over one declared in
the @ServerEndpoint annotation
+ 2560 PathResource exception handling
+ 2568 QueuedThreadPool.getBusyThreads() should take into account
ReservedThreadExecutor.getAvailable()
+ 2571 Jetty Client 9.4.x incorrectly handles too large fields from nginx 1.14
server
+ 2574 Clarify max request queued exception message
+ 2575 Work around broken OSGi implementations Bundle.getEntry() behavior returning
with unescaped URLs
+ 2580 Stop creating unnecessary exceptions with MultiException
+ 2586 Update to asm 6.2
+ 2603 WebSocket ByteAccumulator initialized with wrong maximum
+ 2604 WebSocket ByteAccumulator should report sizes in
MessageTooLargeException
+ 2616 Trailers preventing client from processing all the data
+ 2619 QueuedThreadPool race can shrink newly created idle threads before use
Best Regards,
The Jetty Development Team