From: Greg W. <gr...@mo...> - 2007-12-26 23:27:52
|
Jetty release 6.1.7 is now available via http://jetty.mortbay.org This release fixes a high priority security vulnerability (introduced in 6.1.5rc1). It is highly recommended that all users of jetty 6.1.x upgrade to 6.1.7. The vulnerability allows static content within WEB-INF and behind security constraints to be viewed. http://docs.codehaus.org/display/JETTY/Jetty+Security jetty-6.1.7 - 22 December 2007 + Added BayeuxService + Added JSON.Convertor and non static JSON instances + Add "mvn jetty:stop" + allow sessions to be periodically persisted to disk + Cookie support in BayeuxClient + grizzly fixed for posts + jetty-6.1 branch created from 6.1.6 and r593 of jetty-contrib trunk + Optimizations and improvements of Cometd, more pooled objects + Update java5 patch + JETTY-386 backout fix and replaced with ContextHandler.setCompactPath(boolean) + JETTY-467 allow URL rewriting to be disabled. + JETTY-468 unique holder names for addServletWithMapping + JETTY-474 Fixed case sensitivity issue with HttpFields + JETTY-486 Improved jetty.sh script + JETTY-487 Handle empty chunked request |