You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@karaf.apache.org by Grzegorz Grzybek <gr...@gmail.com> on 2023/10/19 16:46:25 UTC
[ANN] Pax Web 8.0.23 and 9.0.12 released
Hello
I'd like to announce new minor releases of Pax Web: 8.0.23 and 9.0.12.
Current runtime versions are:
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x)
- Tomcat 9.0.82
- Undertow 2.2.28.Final
These are important fixes related to recent CVE-2023-44487: HTTP/2 Rapid
Reset Attack <https://nvd.nist.gov/vuln/detail/CVE-2023-44487>.
There's also a minor QoL improvements/fixes:
- OSGi security (ServletContextHelper.handleSecurity()) - user was not
visible in access log (thanks François de Parscau!)
- Keycloak 19+ (up to 22) integration was not complete
- Additional Tomcat valves (from context.xml) were removed on restart
(thanks Stephan Siano!)
- ServletContext.getServletContextName() returned wrong value for WABs
(thanks Amichai Rothman!)
For completeness, the changelogs are available for 8.0.23[1] and 9.0.12[2].
kind regards
Grzegorz Grzybek
===
[1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/252?closed=1
[2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/253?closed=1
[ANN] Pax Web 8.0.27 and 9.0.16 released
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I'd like to announce new releases of Pax Web: 8.0.27 and 9.0.16. Only
runtimes are upgraded (Tomcat and Undertow)
Current runtime versions are:
- Jetty 9.4.54.v20240208 (8.0.x) and 10.0.20 (9.0.x)
- Tomcat 9.0.87
- Undertow 2.2.31.Final
For completeness, the changelogs are available for 8.0.27[1] and 9.0.16[2].
kind regards
Grzegorz Grzybek
===
[1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/260?closed=1
[2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/261?closed=1
[ANN] Pax Web 8.0.26 and 9.0.15 released
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I'd like to announce new bugfix releases of Pax Web: 8.0.26 and 9.0.15.
Current runtime versions are:
- Jetty 9.4.54.v20240208 (8.0.x) and 10.0.20 (9.0.x)
- Tomcat 9.0.86
- Undertow 2.2.30.Final
There's also one fix for a problem reported by Ivaylo Milev about
non-working "org.ops4j.pax.web.session.cookie.secure" option.
For completeness, the changelogs are available for 8.0.26[1] and 9.0.15[2].
kind regards
Grzegorz Grzybek
===
[1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/258?closed=1
[2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/259?closed=1
[ANN] Pax Web 8.0.25 and 9.0.14 released
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I'd like to announce new bugfix releases of Pax Web: 8.0.25 and 9.0.14.
Current runtime versions are:
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.19 (9.0.x)
- Tomcat 9.0.85
- Undertow 2.2.28.Final
There's one fix for a problem reported by @liao-qing-hua that
"org.ops4j.pax.web.session.timeout" option was ignored.
For completeness, the changelogs are available for 8.0.25[1] and 9.0.14[2].
kind regards
Grzegorz Grzybek
===
[1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/256?closed=1
[2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/257?closed=1
[ANN] Pax Web 8.0.24 and 9.0.13 released
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I'd like to announce new bugfix releases of Pax Web: 8.0.24 and 9.0.13.
Current runtime versions are:
- Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x)
- Tomcat 9.0.82
- Undertow 2.2.28.Final
There's one fix for a problem reported by Amichai Rothman as
https://issues.apache.org/jira/browse/KARAF-7773. It is a case where
- dynamic filters registered by ServletContextListeners are not
destroyed by Jetty
- ServletContextListeners are not removed during WAB undeployment
For completeness, the changelogs are available for 8.0.24[1] and 9.0.13[2].
kind regards
Grzegorz Grzybek
===
[1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/254?closed=1
[2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/255?closed=1