VERSION.txt

jetty-12.0.16-SNAPSHOT

jetty-12.0.15 - 05 November 2024
 + 5685 AsyncProxyServlet calls onProxyResponseSuccess() when internally it
   throws "Response header too large" exception
 + 5888 Limit usage of HTTP/2 connections
 + 9980 Add format option to CustomRequestLog for request authority and request
   authority scheme
 + 11492 Auto add AliasChecker for custom Base Resource in DefaultServlet
 + 11749 InvalidArgumentExceptions due to invalid status codes are not handled
   properly
 + 12268 `IteratingCallback` may iterate too much when `process()` returns
   Action.IDLE
 + 12313 Jetty 12 ee9/ee10 doesn't invoke callbacks when h2 client sends
   RST_STREAM
 + 12341 QPack encoder must not send any encoder instructions when
   SETTINGS_QPACK_MAX_TABLE_CAPACITY is 0
 + 12348 HttpClientTransportDynamic does not initialize low-level clients
 + 12350 LdapLoginModule support for Jetty Password obfuscation
 + 12356 RuntimeIOException: Parser is terminated when doing lots of requests
   with Connection: Keep-Alive
 + 12378 Change default value for `SslContextFactory.renegotiationAllowed` to
   `false`
 + 12397 `.tgz` files are double-gzipped
 + 12404 Parsing URI with HttpUri.from(String uri) throws
   "IllegalArgumentException: Bad authority" when path is empty
 + 12430 Correct PrivilegedThreadFactory javadoc
 + 12435 Improve connection closing when stopping

jetty-12.0.14 - 30 September 2024
 + 929 Implement a utility class to save large downloads to a file (@arsenalzp)
 + 7515 Connection limit problem for "onAccepting" connections
 + 7951 OutputStreamContentProvider blocks forever during an HTTP2 upload after
   idle timeout is reached
 + 11092 Jetty 12.x startup fails because MetaInfConfiguration is throwing an
   exception while parsing java classpath with URIUtil when classpath contains
   wildcard ./mypath/*
 + 11298 Error 400 - Ambiguous URI Empty Segment
 + 12047 Server should NOT open connectors early in start sequence (@kelunik)
 + 12191 DebugListener module in `core` refers to non-existent
   `org.eclipse.jetty.server.DebugListener`
 + 12195 Integrate Eclipse Dash License Tool to our build
 + 12227 Improve HttpConnection buffer recycling
 + 12239 Optimize buffer release in HttpConnection
 + 12241 Unable to Add SameSite Cookie Attribute Value in Jetty 12 EE8
   environment with Java 17
 + 12249 HTTP/2 responses with Content-Length may have no content
 + 12255 Environment CookieConfig details not visible in Server Dump or JMX
 + 12256 Configuring Virtual Thread executor in Jetty Http client makes my
   Spring Boot app freeze
 + 12265 Jetty 12.0.13 fails to start when the `threadpool-all-virtual` module
   is enabled.
 + 12268 `IteratingCallback` may iterate too much when `process()` returns
   Action.IDLE
 + 12279 org.eclipse.jetty.maven.ServerSupport.configureHandlers(Server
   List<ContextHandler>, RequestLog)  removes handlers
 + 12284 Excessive heap consumption by SSLSessionImpl by Jetty Server with TLS
   1.3 and long-lived client
 + 12289 Improve ConcurrentPool concurrency
 + 12297 Avoid list copy on reverse iteration
 + 12303 Use sessionRequest for wrapping HTTP stream instead of original
   Request (@robbie01)
 + 12309 `SessionAuthentication._session` is not marked as `transient`

jetty-12.0.13 - 03 September 2024
 + 3184 Make LifeCycle implement AutoCloseable
 + 3553 Support sslSession() in Jetty Client
 + 6514 How to warm up SslConnection
 + 11322 Change jetty-nosql MongoDB dependency from unmaintained
   mongo-java-driver to mongodb-driver-sync
 + 11408 Jetty start module property values with ${expr} are not being expanded
 + 11434 resolve differences in EE9/EE10/Core AliasCheckerSymlinkTests
 + 11822 h2 server responses exceeding SETTINGS_MAX_HEADER_LIST_SIZE do not
   result in RST_STREAM or GOAWAY
 + 11926 File upload puzzle
 + 12063 Introduce Jetty module for HTTP/2 client dependencies
 + 12094 Possible regression in ContextFactory.getObjectInstance() between
   Jetty 11.0.22 and 12.0.11
 + 12104 Error handling on ee9 / ee8 with HTTP/1.0 can result in an empty
   `Connection: ` response header.
 + 12120 Introduce properties for cipher suites
 + 12122 NPE in HttpReceiver.responseContentAvailable()
 + 12124 JSP temp directory regression, possibly due to fix for #12044
 + 12128 How do I configure embedded Jetty to serve webjars?
 + 12154 Is it possible to define max number of virtual threads when
   VirtualThreadsExecutor is enabled, i.e. max number of http requests being
   handled in the same time?
 + 12158 Jetty12 migration help
 + 12163 HttpConfiguration dump is missing entries
 + 12171 QoSHandler does not resume on a virtual thread
 + 12173 Jetty Maven Plugin - jetty:run does not work with pom type
   dependencies
 + 12175 `SslContextFactory` is hardcoded to use `Password`
 + 12185 QosHandler suspend queue limit
 + 12207 Jetty Maven Plugin 12.x no longer configures `DefaultHandler`
 + 12212 ShutdownOutput for non-persistent HTTP/1 connections

jetty-10.0.24 - 26 August 2024
 + 12201 backport ThreadLimitHandler improvements from Jetty 12 (CVE-2024-8184)

jetty-11.0.24 - 26 August 2024
 + 12201 backport ThreadLimitHandler improvements from Jetty 12 (CVE-2024-8184)

jetty-10.0.24 - 26 August 2024
 + 12201 backport ThreadLimitHandler improvements from Jetty 12 (CVE-2024-8184)

jetty-9.4.56.v20240826 - 26 August 2024
 + 12200 Backport ThreadLimitHandler improvements from Jetty 12 (CVE-2024-8184)

jetty-11.0.23 - 13 August 2024
 + 12041 backport tracking retainable pool from Jetty 12
 + 12156 Improvements to HttpConnection when reading 0 bytes

jetty-10.0.23 - 13 August 2024
 + 12041 backport tracking retainable pool from Jetty 12
 + 12156 Improvements to HttpConnection when reading 0 bytes

jetty-12.0.12 - 25 July 2024
 + 265 list-config license enhancement
 + 10904 jetty.sh reports FAILED too early
 + 11965 Client: Some HTTP/2 requests are never sent
 + 11996 mTLS: client cert verification for QUIC/HTTP3
 + 12000 Cannot use Paths that have spaces with `jetty-ee10-maven-plugin`
 + 12012 Added a UriCompliance.Violation.USER_INFO to deprecate user info in
   HttpURI (CVE-2024-6763)
 + 12018 NPE when passing null value to Request.param
 + 12019 External property file not being read
 + 12022 Intermittent NPE in OutputStream.close with GzipHandler
 + 12044 Temp directory not deleted in jetty-12
 + 12070 lastAccessedTime and isNew not getting updated
 + 12086 Serve favicon.ico as image/vnd.microsoft.icon instead of image/x-icon

jetty-12.0.11 - 27 June 2024
 + 11803 Follow Reactive Stream TCK for ContentSourcePublisher implementation
 + 11811 getHeaderNames should return header name once also when request has it
   in different case
 + 11847 replacement for GlobalWebappConfigBinding
 + 11873 Server resources are not found if the server is subclassed in a
   different package
 + 11892 mtls not working with http/3
 + 11902 Un-deprecate WebAppClassLoading.addHiddenClasses(Attributes
   attributes, String... patterns) method
 + 11909 Start throws ConcurrentModificationException if an `eeX-webapp.ini`
   exists in `start.d` with a command line like: `java -jar
   ../jetty-home/start.jar --module=server,http,ee8-webapp,ee8-deploy`
 + 11911 11 -> 12 Migration guide wrongly suggests Request.getHttpURI as
   replacement for HttpServletRequest.getRequestURL
 + 11917 Update XML configure.dtd locations to new jetty.org website
 + 11925 java.lang.NullPointerException: Cannot invoke
   "String.startsWith(String)" because "etag" is null
 + 11932 Review HttpSender.ContentSender (and other ICB) to remove overridden
   succeeded method
 + 11944 Jetty Part#delete() implementation throws IOException

jetty-10.0.22 - 27 June 2024
 + 11917 Update XML configure.dtd locations to new jetty.org website

jetty-11.0.22 - 27 June 2024
 + 11917 Update XML configure.dtd locations to new jetty.org website

jetty-9.4.55.v20240627 - 27 June 2024
 + 10805 Jetty response with an invalid HTTP2 packet if the client set the
   hpack table size as 0
 + 11917 Update XML configure.dtd locations to new jetty.org website

jetty-12.0.10 - 30 May 2024
 + 1470 Replace Timer use with Jetty Scheduler
 + 9177 Add JVM info and OS info to Dumpable.dump()
 + 9778 Jetty 12 - Remove WriteFlusher.Listener
 + 11072 Jetty 12: CompleteCallbackHandler
 + 11507 org.eclipse.jetty.util.Attributes.getAttribute() should specify return
   type if no match is found
 + 11659 HTTP Fields with OWS (Optional WhiteSpace) in value are not properly
   parsed in Jetty 12
 + 11736 Issue with Response OutputStream#close() rethrowing same EofException
   instance
 + 11745 Issue while adding Module for Persistent HTTP Sessions: Google Cloud
   DataStore
 + 11748 Unexpected HTTP Response Status Code: 404 Not Found
 + 11756 ChunkAccumulator not working with empty chunks
 + 11760 request.getHttpURI().getScheme() is null on FORWARD dispatched
   request, causing NPE
 + 11761 Update documentation for #10077
 + 11763 Race condition in QoSHandler
 + 11766 Ensure ReadListener is nulled out when AsyncContext is completed
 + 11767 Backward compat API WebAppContext.getServerClassMatcher() is not
   updating the WebAppClassloader
 + 11776 NPE from `org.eclipse.jetty.ee8.nested.Request.getRequestURL`
 + 11778 jetty-http-spi does not properly provide SPI for modules
 + 11791 How to configure Jetty Server v12 ee10 for serving multiple static
   resources in the same base directory?
 + 11792 StdErrAppender should detect exception circular references
 + 11800 client: Allow AsyncContentListener.onContent to throw checked
   Exceptions
 + 11811 getHeaderNames should return header name once also when request has it
   in different case
 + 11851 jetty-ee8-websocket-javax-server export not honoured

jetty-11.0.21 - 14 May 2024
 + 10805 Jetty response with an invalid HTTP2 packet if the client set the
   hpack table size as 0
 + 11527 Reduce ByteBuffer churning in HttpOutput
 + 11634 Socks5Proxy does not support IP addresses with IP segments above 127
 + 11656 Upgrade jetty-quiche-native to version 0.21.0
 + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak

jetty-10.0.21 - 14 May 2024
 + 10805 Jetty response with an invalid HTTP2 packet if the client set the
   hpack table size as 0
 + 11527 Reduce ByteBuffer churning in HttpOutput
 + 11634 Socks5Proxy does not support IP addresses with IP segments above 127
 + 11656 Upgrade jetty-quiche-native to version 0.21.0
 + 11782 HttpExchange retained by HttpSenderOverHTTP which caused memory leak

jetty-12.0.9 - 03 May 2024
 + 1256 DoSFilter leaks USER_AUTH entries (CVE-2024-9823)
 + 5944 Introduce alias --files for --download
 + 5945 Introduce alias --skip-create-files to replace --skip-file-validation
 + 5946 Introduce alias for --include-jetty-dir
 + 9487 Jetty 12 - Upgrade Infinispan to version 15.x
 + 11026 Start Stop issue with Jetty 12 - state file not deleted every time
 + 11420 HTTP/3 Race with Dynamic Table referencing in QPackDecoder
 + 11488 Inconsistent default port number in HttpURI and HostPort
 + 11490 CustomRequestLog.ignorePath doesn't work as documented
 + 11514 Start properties `jetty.webapp.addServerClasses` and
   `jetty.webapp.addSystemClasses` are not applied during ee8/ee9 deployments
 + 11573 Introduce new `disable-urlcache` module to globally disable JVM URL
   caching of `jar` protocol references
 + 11597 Document Request Customizers
 + 11631 NPE in error handling leading to 100% CPU
 + 11634 Socks5Proxy does not support IP addresses with IP segments above 127
 + 11642 Restore jetty-ee8-runner
 + 11648 Introduce new HttpDateTime class for parsing obsolete Date formats in
   HTTP and Cookie
 + 11656 Upgrade jetty-quiche-native to version 0.21.0
 + 11659 HTTP Fields with OWS (Optional WhiteSpace) in value are not properly
   parsed in Jetty 12
 + 11679 Jetty 12.0.8 seems to leak connection when it encounters earlyEOF
 + 11687 `HttpFields$Mutable$Wrapper.computeField()` incorrectly calls
   `onAddField()` when null is returned by `computeFn`
 + 11699 new IllegalStateException when attempting to access Request/Response
   outside of Request Lifecycle
 + 11705 jetty-decorate.xml and jetty-web-decorate.xml in jetty-deploy
   reference ee specific classes

jetty-12.0.8 - 29 March 2024
 + 5857 Deprecate AbstractConnectionPool "callback" methods
 + 7647 Document org.eclipse.jetty.client.Socks4Proxy "secure" parameter
 + 10387 Fix or suppress javadoc warnings
 + 10805 Jetty response with an invalid HTTP2 packet if the client set the
   hpack table size as 0
 + 11263 Using `jetty.version` override from jetty-start does not use version
   for various environment libs.
 + 11411 Allow non existant resources to be obtained from Resource.resolve()
 + 11482 The StatisticsHandler doesn't count 2xx codes
 + 11495 Add UriCompliance rules that follow the HTTP / URI / Servlet specs for
   illegal & suspicious characters
 + 11510 Occasional NPE in ClassMatcher.match() from
   WebAppClassLoader.loadClass() usage
 + 11513 Perf regression in the HTTP parser caused by long look-ahead
 + 11527 Reduce ByteBuffer churning in HttpOutput
 + 11539 `Resource.copyTo(Resource)` has different behavior from Jetty 9/10/11
 + 11548 java.nio.file.ClosedFileSystemException on hot redeploy
 + 11553 Restore startWebapp() to WebAppContext
 + 11558 New tmp directory should be created on every `WebAppContext` start, if
   not explicitly configured
 + 11563 HttpClient InputStream.read() hangs intermittently before end of
   response
 + 11567 DefaultServlet should resolve its resourceBase relative to the
   ServletContextHandler resourceBase
 + 11572 Deploy behaves differently when both WAR and XML exist in
   ${jetty.base}/webapps/ and you update the XML vs updating the WAR.
 + 11574 shibboleth idp webapp under jetty 12.0.7

jetty-12.0.7 - 29 February 2024
 + 6140 Report total number of keys in SelectorManager
 + 7750 HttpURI.toURI() does not copy fragment
 + 8887 Jetty-12 client calls onDataAvailable with producing thread
 + 8979 Jetty 12 - HttpClientTransport network "modes"
 + 10805 Jetty response with an invalid HTTP2 packet if the client set the
   hpack table size as 0
 + 11278 500 response when trying to display symlinked directory
 + 11310 Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1
   cause problems
 + 11353 The default virtual thread executor should created named threads
 + 11356 Allow ServerWebSocketContainer to be created without ContextHandler
 + 11361 Update UriCompliance.checkUriCompliance
 + 11363 ContentSourcePublisher throws from request
 + 11370 IllegalStateException when last write fails
 + 11371 Review ArrayByteBufferPool eviction
 + 11372 Scheduler queue in the HTTP client grows infinitely when a server
   times out
 + 11377 Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when
   packaged)
 + 11387 Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for
   parsing of non-compliant `multipart/form-data`
 + 11396 NullPointerException when getting parts from HttpServletRequest
 + 11398 WebSocket ClosedChannelException when demanding frames in onOpen
 + 11401 Replace StringBuffer with StringBuilder
 + 11403 Expose `SslEndPoint` in `SslHandshakeListener`
 + 11410 PathMappingsHandler does not start ResourceHandler properly
 + 11414 When producing URI/URL strings follow spec and produce lowercase
   schemes and drop default ports
 + 11424 What is the `jetty.deploy.scanInterval` default?  module, ini, code
   and documentation do not agree.
 + 11432 Review number of acceptor threads
 + 11441 Quote escaping in HTML file
 + 11448 UriCompliance.Violation ignored despite being set
 + 11465 HttpURI.toURI() sets userInfo to null

jetty-9.4.54.v20240208 - 08 February 2024
 + 1256 DoSFilter leaks USER_AUTH entries (CVE-2024-9823)
 + 11259 HTTP/2 connection not closed after idle timeout when TCP congested
   (CVE-2024-22201)
 + 11389 Strip default ports on ws/wss scheme uris too

jetty-12.0.6 - 29 January 2024
 + 10220 Implement CrossOriginHandler
 + 10870 How to set HttpConfiguration.securePort when the HTTPS port is
   dynamic?
 + 11080 Can't able to make multipart request and getting error
 + 11081 Dropped WebSocket messages due to race condition in WebSocket frame
   handling
 + 11095 Jetty 12.0.5 (ee10) throws IllegalStateException for completed
   requests when Gzip Handler is used
 + 11096 IllegalAccessException when invoking WebSocket end point methods in
   Jetty 12
 + 11098 Sporadic NPE in ArrayByteBufferPool.evict()
 + 11213 Improve programming guide WebSocket JPMS documentation
 + 11220 ContextHandler(anyHandler) NPE during .<init> logging  'because
   "this._vhosts" is null'
 + 11223 WebSocketClient.connect with URI including query parameters don't work
   for HTTP2 connector
 + 11230 Problem with parsing of form parameters without values in Jetty 12?
 + 11253 Jetty 12 ComplianceViolation.Listener not notified for URI, Cookie and
   Multipart violations.
 + 11259 HTTP/2 connection not closed after idle timeout when TCP congested
   (CVE-2024-22201)
 + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have
   a `WEB-INF/quickstart-web.xml`
 + 11263 Using `jetty.version` override from jetty-start does not use version
   for various environment libs.
 + 11273 Support BSD expr in startup script
 + 11275 Jakarta websocket @OnMessage with Reader parameter stops working when
   there is an unhandled exception
 + 11280 Jetty 12 EE10 OSGi Boot invalid jetty.xml Handler configuration
 + 11281 Failed LOG.debug() with MultiPart
 + 11282 Deadlocks with DEBUG logging enabled in jetty-server testing
 + 11290 HTTP 400 and NPE in HttpParser for blank header value in Jetty 12.x
 + 11296 AbstractLoginModule porting issue
 + 11299 EE8/9 `DefaultServlet.doPost()` doesn't behave like Jetty 10/11
 + 11303 `JettyWebSocketFrameHandler` incorrectly relies on `autoDemand` when
   handlers are not registered
 + 11312 baseResource/resourceBase is no longer extracted from ServletContext
 + 11317 Cleanup usages of `addBean(Object)` from constructors
 + 11329 Jetty 11->12 migration guide has incorrect new artifact names
 + 11339 Content-type additional parameters
 + 11349 Update quiche to 0.20.0

jetty-11.0.20 - 29 January 2024
 + 11081 Dropped WebSocket messages due to race condition in WebSocket frame
   handling
 + 11223 WebSocketClient.connect with URI including query parameters don't work
   for HTTP2 connector
 + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have
   a `WEB-INF/quickstart-web.xml`
 + 11273 Support BSD expr in startup script
 + 11349 Update quiche to 0.20.0

jetty-10.0.20 - 29 January 2024
 + 11081 Dropped WebSocket messages due to race condition in WebSocket frame
   handling
 + 11223 WebSocketClient.connect with URI including query parameters don't work
   for HTTP2 connector
 + 11260 QuickStartConfiguration cannot be mixed with contexts that do not have
   a `WEB-INF/quickstart-web.xml`
 + 11273 Support BSD expr in startup script
 + 11349 Update quiche to 0.20.0

jetty-12.0.5 - 18 December 2023
 + 10277 Review read failures impacting writes
 + 10852 `ResourceHandler` could use a `.setUseFileMapping(boolean)` option
 + 10933 Review ServletChannelState.asyncError()
 + 10956 100 Continue handling
 + 11009 Add deployment exception for non Jakarta WebSocket endpoints used in
   ServerEndpointConfig
 + 11014 RedirectRegexRule and RewritePatternRule should consider
   relativeRedirectAllowed
 + 11016 IllegalStateException when stopping Server with pending requests
 + 11021 Do not call afterResponse() in case of failures
 + 11024 Properly scope jetty-security optional / test dependencies
 + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests
 + 11037 Serialize HttpClient request failures
 + 11039 Memory leak and multiple (Http|Servlet)*Listener invokations after
   restart
 + 11040 "not an allowed scheme" for GraalVM Native-Image resource:-URIs
 + 11064 NPE if MultiPartFormData.setFilesDirectory() is not called

jetty-11.0.19 - 15 December 2023
 + 9900 Improve `Request.getBeginNanoTime()` accuracy
 + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled
   in at runtime
 + 10891 Support the "Partitioned" cookie attribute
 + 11014 RedirectRegexRule and RewritePatternRule should consider
   relativeRedirectAllowed
 + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests
 + 11039 Memory leak and multiple (Http|Servlet)*Listener invocations after
   restart
 + 11044 Update jetty-11 to apache jasper 10.0.27

jetty-10.0.19 - 15 December 2023
 + 9900 Improve `Request.getBeginNanoTime()` accuracy
 + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled
   in at runtime
 + 10891 Support the "Partitioned" cookie attribute
 + 11014 RedirectRegexRule and RewritePatternRule should consider
   relativeRedirectAllowed
 + 11031 HttpClient should expose Connection/EndPoint used by HTTP requests
 + 11039 Memory leak and multiple (Http|Servlet)*Listener invocations after
   restart
 + 11043 Update to apache jasper 9.0.83

jetty-12.0.4 - 30 November 2023
 + 9502 Produce SBOM and deploy to Maven Central
 + 9715 Remove PushCacheFilter / PushSessionCacheFilter (CVE-2024-6762)
 + 9900 Improve `Request.getBeginNanoTime()` accuracy
 + 10234 Make idle timeouts transient
 + 10384 ServletChannel now using proper state changes for calls to
   ErrorHandler to avoid IllegalStateExceptions
 + 10687 Jetty WebSocket remembers mappings on restart
 + 10749 WebSocketClient should expose upgrade request/response
 + 10775 Review ConnectionMetaData.isSecure()
 + 10781 Investigate if the `secondary_super_cache` is stable
 + 10797 Multiple identical `Set-Cookie` response lines produced
 + 10812 jetty-deploy has unnecessary dependency on awaitility/hamcrest pulled
   in at runtime
 + 10829 Expired Session timing issue leads to Warning: "Invalidating session
   {} found to be expired when requested"
 + 10879 Improve redirect handling with reproducible content
 + 10891 Support the "Partitioned" cookie attribute
 + 10919 EE10 multipart parsing may include '\r' at the front under certain
   conditions
 + 10922 Fix NPE on null host when checking virtual host
 + 10926 AttributeNormalizer does not support combined resources

jetty-12.0.3 - 26 October 2023
 + 1256 DoSFilter leaks USER_AUTH entries (CVE-2024-9823)
 + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server
 + 10477 Jetty 12: Review MBeans for Handlers
 + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring
   Boot 3.2
 + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux
 + 10555 Re-introduce a more complete set of stats in `StatisticsHandler`
 + 10582 NPE when including a directory that should be resolved with
   servlet-mapped welcome file
 + 10656 EE10 `ServletRequest.getProtocolRequestId()` impl not spec compliant
   when protocol is H1
 + 10661 Ensure jetty api servlets/filters take precedence over
   `webdefault.xml` declarations.
 + 10688 Introduce Jetty 12 ee8 osgi layer
 + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty
   12.0.2
 + 10699 Jetty HTTP SPI redirects SOAP POST requests to GET requests if URL
   does not end with /
 + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has
   a non-null `SSLContext` makes the server fail to start with an unclear error
   message
 + 10716 Incorrect setting of content type with charset encoding before and
   after PrintWriter obtained
 + 10726 NPE in ResponseListeners content notification
 + 10731 org.eclipse.jetty.server.Request uses wrong context attribute name
   javax.servlet instead of jakarta.servlet
 + 10734 jakarta.websocket.Session.getRequestParameterMap() contains the value
   as key
 + 10771 EE10 `ServletRequest.isSecure()` not set by
   `ForwardedRequestCustomizer`
 + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks
 + 10794 301 Moved Permanently produces query with `;` instead of `?`

jetty-11.0.18 - 26 October 2023
 + 1256 DoSFilter leaks USER_AUTH entries (CVE-2024-9823)
 + 9715 Deprecate PushSessionCacheFilter (CVE-2024-6762)
 + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server
 + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring
   Boot 3.2
 + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux
 + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty
   12.0.2
 + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has
   a non-null `SSLContext` makes the server fail to start with an unclear error
   message
 + 10731 org.eclipse.jetty.server.Request uses wrong context attribute name
   javax.servlet instead of jakarta.servlet
 + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks

jetty-10.0.18 - 26 October 2023
 + 1256 DoSFilter leaks USER_AUTH entries (CVE-2024-9823)
 + 9715 Deprecate PushSessionCacheFilter (CVE-2024-6762)
 + 10390 Jetty HTTP/3 Client fails when connecting to `nghttpx` server
 + 10519 java.lang.IllegalStateException: Flusher when using HTTP/3 with Spring
   Boot 3.2
 + 10537 HTTP/3: Incomplete Data Transfer When Used with Spring Boot WebFlux
 + 10696 jetty.sh doesn't work with JETTY_USER in Jetty 10.0.17 thru Jetty
   12.0.2
 + 10669 Provide ability to defer initial deployment of webapps until after
   Server has started
 + 10705 Creating a `HTTP3ServerConnector` with a `SslContextFactory` that has
   a non-null `SSLContext` makes the server fail to start with an unclear error
   message
 + 10786 TLS handshake failures leak HttpConnection.RequestTimeouts tasks

jetty-12.0.2 - 09 October 2023
 + 7408 Change scope of maven plugin dependencies
 + 9665 `HttpCookieStore` incorrectly rejects cookies for domains that are an
   IPv6 address
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9928 Backport `Request.getBeginNanoTime()`
 + 10219 Review HTTP Cookie parsing
 + 10271 jetty.sh does not stop jetty anymore
 + 10328 Review `ResourceFactory.newSystemResource(String)` behavior & javadoc
 + 10361 Introduce QoSHandler
 + 10388 Jetty10 inetaccess mod started error
 + 10440 ClassCastException with `<jettyEnvXml>` use in
   `jetty-ee10-maven-plugin`
 + 10441 Jetty 12 ee8 jaspi is missing
 + 10442 Reduce verbosity when JMX finds overloaded setter
 + 10463 Jetty 12 throws Exception handling static files when using response
   wrapper
 + 10466 Review HTTP session documentation
 + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual
   start of Jetty
 + 10474 Jetty 12 default error handler throws IllegalStateException for
   application/json
 + 10475 Update Jetty 12 MANIFEST's Bundle-Copyright
 + 10482 RewriteHandler with multiple HeaderPatternRules
 + 10490 Jetty 12 Jakarta Websockets user principal is always null
 + 10498 NullPointerException from call to UpgradeRequest#getUserPrincipal with
   Jetty 12
 + 10500 Jetty 12 HTTP SPI does not preserve double-quotes on valid request
   headers
 + 10508 Jetty 12 IllegalArgumentExeption when setting a HTTP header to null
 + 10513 Lockup processing POST request body with Jetty 12.0.1 using http/2
 + 10543 Review HttpStream.consumeAvailable() implementations
 + 10547 Cannot customize Executor on WebSocketClient
 + 10557 Update quiche to 0.18.0
 + 10558 NPE when forwarding a request to default servlet which should redirect
   to a subdirectory with trailing slash
 + 10665 Wrong BREE in Jetty jars
 + 10679 Review HTTP/2 rate control (CVE-2023-44487)

jetty-11.0.17 - 09 October 2023
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9928 Backport `Request.getBeginNanoTime()`
 + 10271 jetty.sh does not stop jetty anymore
 + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual
   start of Jetty
 + 10547 Cannot customize Executor on WebSocketClient
 + 10679 Review HTTP/2 rate control (CVE-2023-44487)

jetty-10.0.17 - 09 October 2023
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9928 Backport `Request.getBeginNanoTime()`
 + 10473 Startup Script reports `ok` too fast, and doesn't wait for actual
   start of Jetty
 + 10547 Cannot customize Executor on WebSocketClient
 + 10679 Review HTTP/2 rate control (CVE-2023-44487)

jetty-9.4.53.v20231009 - 09 October 2023
 + 10546 backport jetty-http Huffman encoders/decoders from Jetty 10.0.x
 + 10573 backport hpack improvements from Jetty 10.0.x (CVE-2023-36478)
 + 10679 backport HTTP/2 rate control from Jetty 10.0.x (CVE-2023-44487)

jetty-12.0.1 - 29 August 2023
 + 8926 HttpClient GZIPContentDecoder should remove Content-Length and
   Content-Encoding: gzip
 + 9169 Idle timeout is ignored if callback is not completed
 + 9900 Improve `Request.getBeginNanoTime()` accuracy
 + 10158 Deploying on Jetty 12 using context XML files will only work when a
   .properties file with the EE details is also present
 + 10207 Update failed JSP deployment message
 + 10213 UnknownFormatConversionException in `start.jar --debug` if path has
   `%` sign
 + 10217 Review ProxyConnectionFactory buffer management
 + 10218 NPE in HttpChannelOverFCGI.receive()
 + 10274 java.nio.file.FileSystemNotFoundException when creating a resource
   from a JAR URL
 + 10294 Request.getContext().getContextPath()
 + 10295 FormAuthenticator does not dispatch to an error page but redirect
 + 10306 Jetty 12 generates wrong Host header
 + 10309 Jetty 12: X-Powered-By header is added 2 times (if enabled)
 + 10312 Remove jetty-home-with-docs to eliminate build time cyclic
   dependencies
 + 10315 ServletInputStream::isReady results in IllegalArgumentException
 + 10323 Jetty 12.0.0 return wrong value for
   HttpServletRequest.isRequestedSessionIdValid
 + 10327 Jetty (embedded) rejected warning logs
 + 10330 Jetty 12: ResourceService throws NPE when resource has no filesystem
   path
 + 10337 SizeLimitHandler does not enforce 0 responseLimit
 + 10338 ErorrHandler#writeErrorJson is private
 + 10349 Character encoding is reset when setting Content-Type
 + 10350 Support Java 21 virtual threads
 + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
 + 10353 Questions about porting WebSocket APIs to jetty-core 12
 + 10356 Deploying WAR with `ee10-cdi-spi` fails with Weld 5/CDI 4
 + 10383 Unsuppressed exceptions from  EE10 ServletTest
 + 10397 Iso88591StringBuilder.append seems to have a logic error
 + 10402 Investigate NPE from EE10 AsyncServletIOTest
 + 10411 Review deployment of Jetty Context XML files
 + 10416 EE9 Copies HttpFields in response

jetty-11.0.16 - 25 August 2023
 + 6140 Report total number of keys in SelectorManager
 + 7091 Add SOCKS5 support
 + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or
   h2c if the server doesn't respond within 30s
 + 8556 ServletContext.getSessionTimeout() incorrectly throws
   IllegalStateException
 + 8694 Make QuicServerConnector respect configured key store instances
 + 8926 HttpClient GZIPContentDecoder should remove Content-Length and
   Content-Encoding: gzip
 + 9150 jetty-http-spi: Jetty's implementation of HttpExchange.setStreams
   method faulty
 + 9386 SSL reports deprecated setting, but ssl.ini still uses it
 + 9397 HTTP/3 encryption configuration
 + 9476 onCompleteFailure called multiple times
 + 9524 InputStreamResponseListener's InputStream creates an exception on
   close()
 + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to
   common location
 + 9682 RetainableByteBuffer buffer release bug in WebSocket
 + 9685 Jetty doesn't set the date header on error responses
 + 9720 Http2Session.streamIdleTimeout should permit being disabled from
   AbstractHTTP2ServerConnectionFactory
 + 9749 Correct HPACK Integer Overflow (CVE-2023-36478)
 + 9772 Improve Quiche certificates deployment
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9795 http3-server is leaking the Jetty logging service to web applications
 + 9887 Deprecate CGI Servlet (CVE-2023-36479)
 + 9895 A MessageTooLargeException doesn't close a WebSocket connection
 + 9947 Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()"
   because "selector" is null
 + 9990 Server rejects certain sizes of streamed request bodies
 + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's
   `XmlParser` class
 + 10086 Revisiting ProxyConfiguration.getProxies()
 + 10105 Document that Request objects are not reusable
 + 10120 OutOfMemoryError caused by CyclicTimeouts
 + 10135 Websocket: Using PerMessageDeflateExtension and flush in batchMode
   send FLUSH_FRAME to client.
 + 10143 Startup fails due to IllegalArgumentException: Comparison method
   violates its general contract
 + 10145 WritePendingException over HTTP/2 tunnel
 + 10160 Verify PROXY_AUTHENTICATION is sent to forward proxies
 + 10211 NPE in ArrayByteBufferPool.findOldestEntry()
 + 10312 Remove jetty-home-with-docs to eliminate build time cyclic
   dependencies
 + 10350 Support Java 21 virtual threads
 + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
 + 10388 Jetty10 inetaccess mod started error
 + 10397 Iso88591StringBuilder.append seems to have a logic error

jetty-10.0.16 - 25 August 2023
 + 6140 Report total number of keys in SelectorManager
 + 7091 Add SOCKS5 support
 + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or
   h2c if the server doesn't respond within 30s
 + 8556 ServletContext.getSessionTimeout() incorrectly throws
   IllegalStateException
 + 8694 Make QuicServerConnector respect configured key store instances
 + 8926 HttpClient GZIPContentDecoder should remove Content-Length and
   Content-Encoding: gzip
 + 9150 jetty-http-spi: Jetty's implementation of HttpExchange.setStreams
   method faulty
 + 9386 SSL reports deprecated setting, but ssl.ini still uses it
 + 9397 HTTP/3 encryption configuration
 + 9476 onCompleteFailure called multiple times
 + 9524 InputStreamResponseListener's InputStream creates an exception on
   close()
 + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to
   common location
 + 9682 RetainableByteBuffer buffer release bug in WebSocket
 + 9685 Jetty doesn't set the date header on error responses
 + 9749 Correct HPACK Integer Overflow (CVE-2023-36478)
 + 9720 Http2Session.streamIdleTimeout should permit being disabled from
   AbstractHTTP2ServerConnectionFactory
 + 9772 Improve Quiche certificates deployment
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9795 http3-server is leaking the Jetty logging service to web applications
 + 9887 Deprecate CGI Servlet (CVE-2023-36479)
 + 9895 A MessageTooLargeException doesn't close a WebSocket connection
 + 9947 Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()"
   because "selector" is null
 + 9990 Server rejects certain sizes of streamed request bodies
 + 10055 Deployment of static files does not work with --dry-run Jetty-12
 + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's
   `XmlParser` class
 + 10086 Revisiting ProxyConfiguration.getProxies()
 + 10105 Document that Request objects are not reusable
 + 10120 OutOfMemoryError caused by CyclicTimeouts
 + 10135 Websocket: Using PerMessageDeflateExtension and flush in batchMode
   send FLUSH_FRAME to client.
 + 10143 Startup fails due to IllegalArgumentException: Comparison method
   violates its general contract
 + 10145 WritePendingException over HTTP/2 tunnel
 + 10160 Verify PROXY_AUTHENTICATION is sent to forward proxies
 + 10211 NPE in ArrayByteBufferPool.findOldestEntry()
 + 10271 jetty.sh does not stop jetty anymore
 + 10312 Remove jetty-home-with-docs to eliminate build time cyclic
   dependencies
 + 10350 Support Java 21 virtual threads
 + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
 + 10388 Jetty10 inetaccess mod started error
 + 10397 Iso88591StringBuilder.append seems to have a logic error

jetty-9.4.52.v20230823 - 23 August 2023
 + 9476 onCompleteFailure called multiple times
 + 9660 OpenId Revoked authentication allows one request (CVE-2023-41900)
 + 9887 Deprecate CGI Servlet (CVE-2023-36479)
 + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's
   `XmlParser` class
 + 10168 NPE in websocket extension startup
 + 10352 Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
 + 10337 SizeLimitHandler does not enforce 0 responseLimit

jetty-12.0.0 - 07 August 2023
 + 8405 Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or
   h2c if the server doesn't respond within 30s
 + 9386 SSL reports deprecated setting, but ssl.ini still uses it
 + 9720 Http2Session.streamIdleTimeout should permit being disabled from
   AbstractHTTP2ServerConnectionFactory
 + 10121 ee9 to ee8 conversion not working for JSP files with jakarta imports
 + 10135 Websocket: Using PerMessageDeflateExtension and flush in batchMode
   send FLUSH_FRAME to client.
 + 10155 EE10 Servlet include after `HttpServletResponse.getWriter().println()`
   omits `Content-Length` from the response
 + 10160 Verify PROXY_AUTHENTICATION is sent to forward proxies
 + 10164 Needless META-INF/resources and web-fragment.xml mounts
 + 10211 NPE in ArrayByteBufferPool.findOldestEntry()
 + 10227 EE10 Unable to use Cookie attributes with
   `HttpServletResponse.addCookie(jakarta.servlet.http.Cookie)`
 + 10229 HttpConfiguration.setIdleTimeout() breaks long running requests
 + 10231 DefaultServlet no longer supports POST and OPTIONS and returns a 405
   instead

jetty-12.0.0.beta4 - 26 July 2023
 + 8556 ServletContext.getSessionTimeout() incorrectly throws
   IllegalStateException
 + 9444 Unexpected encoding in request.getPathInfo() with Jetty 12 beta 0
 + 9910 Inconsistent handling of welcome files between Jetty 10 and 12
 + 10055 Deployment of static files does not work with --dry-run Jetty-12
 + 10066 Allow `SAXParserFactory` or `SAXParser` to be configured in Jetty's
   `XmlParser` class
 + 10068 Jetty 12: instantiation of `HashLoginService`
 + 10084 ServletApiContext.getResourcePaths() doesn't respect the spec
 + 10086 Revisiting ProxyConfiguration.getProxies()
 + 10105 Document that Request objects are not reusable
 + 10120 OutOfMemoryError Upgrading from 9.4.49.v20220914 to 12.0.0.beta3
 + 10122 in jetty12 beta build error-page redirects wrongly?
 + 10123 in jetty12 beta partial http data request can get stuck now
 + 10131 Review ERROR query-string handling
 + 10134 `Server.stop()` and `WebInfConfiguration.deconfigure()` can throw a
   `ClosedFileSystemException` when restoring the original base resource
 + 10139 DefaultServlet not working with named dispatch in Jetty-12 EE10
 + 10141 welcome-file ignored on jetty12ee10 on exploded deploy, works on ee9
   and older jettys
 + 10142 req.getRequestDispatcher("/test.htm").include(req, resp); does not go
   anywhere on jetty12ee10 on exploded deploy, works on ee9 and older jetty
 + 10143 Jetty12 startup fails randomly on JRebel
 + 10145 WritePendingException over HTTP/2 tunnel

jetty-12.0.0.beta3 - 03 July 2023
 + 9919 Jetty-12 creates two instances of ArrayByteBufferPool
 + 9925 Bring back Jetty <12 flexibility of "current context / context handler"
 + 9944 Remove integer for demand in websocket in Jetty-12
 + 9946 Handler passed to Handler in constructor a parent or child?
 + 9947 Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()"
   because "selector" is null
 + 9953 Jetty 12.0 Handle HEAD requests in Handler
 + 9955 Jetty 12.0 beta 2 HttpServletResponse::getStatus returns 0 by default
 + 9960 Custom logging in Jetty 12 beta2 can fail due to NullPointerException
   in org.eclipse.jetty.server.Request
 + 9965 prevent multiple websocket frames from being demanded in Jetty-12
 + 9966 NullPointerException with default servlet, include and welcome pages
 + 9972 getResourcePaths fails when a META-INF resource has reserved characters
   in its filename
 + 9973 Creating a Resource for an entry in a nested jar file in Jetty 12
 + 9984 URLResource.isDirectory() throws a NullPointerException when created
   from a jar:file: URL
 + 9990 Server rejects certain sizes of streamed request bodies

jetty-12.0.0.beta2 - 16 June 2023
 + 6140 Report total number of keys in SelectorManager
 + 7091 Add SOCKS5 support
 + 8694 Make QuicServerConnector respect configured key store instances
 + 8819 Jetty-12 Improve CustomRequestLog efficiency
 + 8885 Jetty-12, replacement for HttpChannel.Listener
 + 9072 The great Jetty-12 renaming omnibus
 + 9150 jetty-http-spi: Jetty's implementation of HttpExchange.setStreams
   method faulty
 + 9173 Configuring SameSite on a per-cookie basis in Jetty 12
 + 9397 HTTP/3 encryption configuration
 + 9524 InputStreamResponseListener's InputStream creates an exception on
   close()
 + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to
   common location
 + 9630 Jetty 12 - Make Context dumpable
 + 9631 Update jaspi jar for jetty-10 and verify permission names
 + 9637 jetty-12 ee10 ServletRequestListeners called too many times on
   sendError
 + 9639 Deprecated properties used in jetty-12 demos
 + 9648 jetty-12 ee10 ServletApiResponse.sendError does not check for the
   response already being committed
 + 9649 jetty-12 ee10 ServletApiResponse.addIntHeader does not ignore headers
   after response committed
 + 9650 jetty-12 ee10 `ServletApiResponse.resetBuffer` does not check for
   response being committed
 + 9657 jetty-12 ee9 & ee10 Request.upgrade returns null
 + 9680 Jetty-12 QuickStartTest leaking resources
 + 9682 A possible native memory leak through RetainableByteBuffers
 + 9685 Jetty doesn't set the date header on error responses
 + 9731 Infinite loop with mapped roles
 + 9734 Cookie config can be set after SessionHandler is started
 + 9743 jetty-12 ee9 changeSessionId should throw ISE if no exception
 + 9745 jetty-12 SecurityHandler role checking with * not correct
 + 9750 jetty-12 ee10 wrong authType for CLIENT-CERT
 + 9760 jetty-12 ee9 Omnibus tck failure analysis
 + 9762 jetty-12 ee9 Double parsing of cookies
 + 9766 jetty-12 ee9 ServerPush failures
 + 9767 jetty-12 ee10 ServerPush failures
 + 9770 Pictures are missed in documentation
 + 9772 Improve Quiche certificates deployment
 + 9774 jetty-12 ee10 Cross context dispatch is not supported
 + 9777 CrossOriginFilter does not return Vary header on no-cors mode
 + 9785 jetty-12 ee9  contextPath not set correctly on nested ContextHandler
 + 9795 http3-server is leaking the Jetty logging service to web applications
 + 9879 Jetty-12 rewrite demo not working
 + 9880 Jetty 12 - jetty.sh does not work on Ubuntu
 + 9881 H2 perf can be pathologically bad
 + 9887 Deprecate CGI Servlet (CVE-2023-36479)
 + 9895 A MessageTooLargeException doesn't close a WebSocket connection
 + 9906 Inconsistent handling of empty "path info" between Jetty 10 and 12
 + Jan (@janbartel) is now using IntelliJ!

jetty-12.0.0.beta1 - 02 May 2023
 + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove
   the SecurityManager from the JVM
 + 6483 Jetty http client SSL connectivity over CNTLM proxy fails
 + 7608 Jetty-12 MetaData cleanup needed
 + 8740 Jetty 12 - Move org.eclipse.jetty.server.context.ManagedAttributes to
   core
 + 9237 Decouple QTP `idleTimeout` from pool shrink rate
 + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini`
 + 9311 Performance of `ArrayRetainableByteBufferPool.acquire()` can degenerate
   pathologically as the buckets grow in size
 + 9391 Jetty 12: port/move Jetty WebSocket APIs, client and server to
   jetty-core
 + 9400 Jetty logs warning with stacktrace when annotation parser encounters
   module-info.class file inside elasticsearch-x-content jar
 + 9408 HugeResourceTest failing
 + 9410 Jetty 12: review locking in `MultiPartFormData` and
   `MultiPartByteRanges`
 + 9412 Jetty 12: WebSocket hangs when
   ServerEndpointConfig.Configurator.getEndpointInstance() throws
 + 9438 Jetty 12: Review JakartaWebSocketClientContainer use of reflection
 + 9440 Jetty 12: HttpCookieStore should return cookies for "ws" schemes
 + 9442 Jetty 12 Documentation Html artifact not populated
 + 9444 Unexpected encoding in request.getPathInfo() with Jetty 12 beta 0
 + 9459 Path is missing from JSESSIONID cookie in 12 beta 0
 + 9463 NPE when starting jetty-ee10-maven-plugin
 + 9464 Add optional configuration to log user out after OpenID idToken expires
   (CVE-2023-41900)
 + 9466 WebSocket `DeploymentException` is not thrown by client nor server
 + 9467 Jetty 12 - Review BOMs
 + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
 + 9497 Maven plugin add support for jar projects in `:effective-web-xml`
 + 9501 jetty client with proxy - ssl traffic between both proxy and servers
 + 9516 Remove CGI Servlet (CVE-2023-36479)
 + 9537 "error-on-el-not-found" behavior is not as specified
 + 9552 Jetty 12 - Rewrite of the Jetty WebSocket APIs
 + 9554 Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to
   common location
 + 9556 Password Util does not ask for password
 + 9617 Update to apache jasper 10.1.7 for jetty-12 ee10
 + 9656 jetty-12 ee10 PushBuilderImpl.push must throw IllegalStateException
 + 9685 Jetty doesn't set the date header on error responses

jetty-11.0.15 - 11 April 2023
 + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove
   the SecurityManager from the JVM
 + 6483 Jetty http client SSL connectivity over CNTLM proxy fails
 + 9237 Decouple QTP `idleTimeout` from pool shrink rate
 + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini`
 + 9400 Jetty logs warning with stacktrace when annotation parser encounters
   module-info.class file inside elasticsearch-x-content jar
 + 9464 Add optional configuration to log user out after OpenID idToken expires
   (CVE-2023-41900)
 + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
 + 9497 Maven plugin effective web xml: add support for jar projects
 + 9501 jetty client with proxy - ssl traffic between both proxy and servers
 + 9517 Jetty 10.0.14 uses wrong pathSpec for request
 + 9556 Password Util does not ask for password

jetty-11.0.15 - 11 April 2023
 + 6184 Remove usages of classes associated with JEP-411 that deprecate/remove
   the SecurityManager from the JVM
 + 6483 Jetty http client SSL connectivity over CNTLM proxy fails
 + 9237 Decouple QTP `idleTimeout` from pool shrink rate
 + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini`
 + 9400 Jetty logs warning with stacktrace when annotation parser encounters
   module-info.class file inside elasticsearch-x-content jar
 + 9464 Add optional configuration to log user out after OpenID idToken expires
   (CVE-2023-41900)
 + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
 + 9497 Maven plugin effective web xml: add support for jar projects
 + 9501 jetty client with proxy - ssl traffic between both proxy and servers
 + 9517 Jetty 10.0.14 uses wrong pathSpec for request
 + 9556 Password Util does not ask for password

jetty-10.0.15 - 11 April 2023
 + 6184 JEP-411 will deprecate/remove the SecurityManager from the JVM
 + 6483 Jetty http client SSL connectivity over CNTLM proxy fails
 + 9237 Decouple QTP `idleTimeout` from pool shrink rate
 + 9309 `jetty.sh` cannot handle complex Jetty properties from `start.d/*.ini`
 + 9400 Jetty logs warning with stacktrace when annotation parser encounters
   module-info.class file inside elasticsearch-x-content jar
 + 9464 Add optional configuration to log user out after OpenID idToken expires
   (CVE-2023-41900)
 + 9468 Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
 + 9497 Maven plugin effective web xml: add support for jar projects
 + 9501 jetty client with proxy - ssl traffic between both proxy and servers
 + 9517 Jetty 10.0.14 uses wrong pathSpec for request
 + 9556 Password Util does not ask for password

jetty-12.0.0.beta0 - 23 February 2023
 + 7650 QueuedThreadPool: Stopped without executing or closing null
 + 8069 Jetty 12 is missing a way to record server latencies
 + 8984 Jetty 12 - Attributes dump is not working
 + 8991 Review naming of FrameHandler.isDemanding() in Jetty 12
 + 8993 `Content.Chunk.isTerminal()` cannot discriminate `EOF` from chunks
   containing a pooled empty buffer
 + 9038 Jetty 12 - Review EE10 Http[Input|Output].Interceptor APIs
 + 9046 Fix jetty-12 tck tests
   com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionTest
   and
   com.sun.ts.tests.servlet.api.jakarta_servlet_http.httpsessionx.URLClient.invalidateHttpSessionxTest
 + 9051 Review Jetty-12 DelayedHandler
 + 9059 IteratingCallback not serializing close() and failed()
 + 9066 TCK multipart not set as request parameter
 + 9067 TCK DefaultServlet handling of dispatch include incorrect
 + 9078 Header image for Jetty demo page fails on hard refresh
 + 9119 Wrong value of javax.servlet.forward.context_path attribute
 + 9141 Thread-safe Content.Chunk#slice
 + 9145 Failure when running `add-module` for openid, websocket, and stats
   modules
 + 9166 Jetty 12: review/remove ByteBufferPool
 + 9173 Configuring SameSite on a per-cookie basis in Jetty 12
 + 9181 NPE in SessionHandler.checkRequestedSessionId()
 + 9182 Jetty 12 - Public version of JakartaWebSocketServerContainer
 + 9183 ConnectHandler may close the connection instead of sending 200 OK
 + 9210 Jetty 12 - Review Pool and Pool.Entry
 + 9240 Jetty 12 - `AbstractConnectionPool.toString()` can trigger NPE
 + 9275 Jetty-12 H3 tests passing after 30s timeout
 + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped
   Response object from Handler chain
 + 9288 Jetty 12 - Use oej.http.HttpCookie in jetty-client
 + 9293 Jetty 12 - Relax JPMS dependencies
 + 9301 JSTL fails in JPMS
 + 9322 404 handler not working in jetty-12
 + 9326 Jetty 12 - Rename DecryptedEndPoint to SslEndPoint
 + 9334 Better support for Cookie RFC 2965 compliance (CVE-2023-26049)
 + 9336 Review LifeCycle of Parts in Jetty 12
 + 9337 LowResourceMonitor.getReasons should include detailed reason instead of
   hard-coded message
 + 9387 Remove Request.__defaultLocale
 + 9398 DefaultHandler does not list contexts
 + 9403 TCK failure: DefaultServlet only sets status 404 instead of sending 404
   response

jetty-11.0.14 - 22 February 2023
 + 7650 QueuedThreadPool: Stopped without executing or closing null
 + 9059 IteratingCallback not serializing close() and failed()
 + 9119 Wrong value of javax.servlet.forward.context_path attribute
 + 9181 NPE in SessionHandler.checkRequestedSessionId()
 + 9183 ConnectHandler may close the connection instead of sending 200 OK
 + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped
   Response object from Handler chain
 + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048)
 + 9337 LowResourceMonitor.getReasons should include detailed reason instead of
   hard-coded message
 + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049)
 + 7117 Timeout with Expect 100 continue when using ProxyServlet
 + 7286 WebSocket write can time out even if the frame / callback has not been
   failed.
 + 7993 HttpClient idleTimeout configuration being ignored/overridden
 + 8330 Persistent OpenId sessions can throw IllegalStateException
 + 8460 Log or throw exception if DefaultSessionIdManager is used but has not
   been started.
 + 8536 HotSwapHandler race condition
 + 8558 Idle timeout occured sometimes on HTTP/2 client with
   `InputStreamResponseListener`
 + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns
 + 8591 Indicate units of HttpClient properties
 + 8623 Use AutoLock in InputStreamResponseListener
 + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat
   reasons
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection
 + 8695 Update quiche to 0.16.0
 + 8712 ELContextCleaner no longer needed
 + 8716 Multiple Host header values handled poorly
 + 8721 jetty:effective-web-xml doesn't generate quickstart information for web
   fragment jars that contain META-INF/resources
 + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime
 + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers
   with empty values
 + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE
 + 8770 Review whether to send request body in redirects
 + 8779 CompactPathRule drops query section on use
 + 8786 KeyStoreScanner is not able to monitor a symlink file and always
   resolves to the target.
 + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices
 + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until
   stop timeout
 + 8863 Provide a possibility to name virtual threads
 + 8895 Generate downloadable version of javadocs documentation in website
   deploy script
 + 8897 Update Conditional request handling for RFC7232
 + 8905 GzipHandler fails to set Vary header on 304 responses
 + 8913 Review Jetty XML syntax to allow calling JDK methods
 + 8942 Use Logback 1.3.x for Jetty 10.0.x

jetty-11.0.14 - 22 February 2023
 + 7650 QueuedThreadPool: Stopped without executing or closing null
 + 9059 IteratingCallback not serializing close() and failed()
 + 9119 Wrong value of javax.servlet.forward.context_path attribute
 + 9181 NPE in SessionHandler.checkRequestedSessionId()
 + 9183 ConnectHandler may close the connection instead of sending 200 OK
 + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped
   Response object from Handler chain
 + 9334 Better support for Cookie RFC 2965 (CVE-2023-26048)
 + 9337 LowResourceMonitor.getReasons should include detailed reason instead of
   hard-coded message
 + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049) jetty-11.0.13 - 07
   December 2022
 + 7117 Timeout with Expect 100 continue when using ProxyServlet
 + 7286 WebSocket write can time out even if the frame / callback has not been
   failed.
 + 7993 HttpClient idleTimeout configuration being ignored/overridden
 + 8330 Persistent OpenId sessions can throw IllegalStateException
 + 8460 Log or throw exception if DefaultSessionIdManager is used but has not
   been started.
 + 8536 HotSwapHandler race condition
 + 8558 Idle timeout occured sometimes on HTTP/2 client with
   `InputStreamResponseListener`
 + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns
 + 8591 Indicate units of HttpClient properties
 + 8623 Use AutoLock in InputStreamResponseListener
 + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat
   reasons
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection
 + 8695 Update quiche to 0.16.0
 + 8712 ELContextCleaner no longer needed
 + 8716 Multiple Host header values handled poorly
 + 8721 jetty:effective-web-xml doesn't generate quickstart information for web
   fragment jars that contain META-INF/resources
 + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime
 + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers
   with empty values
 + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE
 + 8770 Review whether to send request body in redirects
 + 8779 CompactPathRule drops query section on use
 + 8786 KeyStoreScanner is not able to monitor a symlink file and always
   resolves to the target.
 + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices
 + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until
   stop timeout
 + 8863 Provide a possibility to name virtual threads
 + 8895 Generate downloadable version of javadocs documentation in website
   deploy script
 + 8897 Update Conditional request handling for RFC7232
 + 8905 GzipHandler fails to set Vary header on 304 responses
 + 8913 Review Jetty XML syntax to allow calling JDK methods
 + 8942 Use Logback 1.3.x for Jetty 10.0.x

jetty-10.0.14 - 22 February 2023
 + 7650 QueuedThreadPool: Stopped without executing or closing null
 + 9059 IteratingCallback not serializing close() and failed()
 + 9119 Wrong value of javax.servlet.forward.context_path attribute
 + 9181 NPE in SessionHandler.checkRequestedSessionId()
 + 9183 ConnectHandler may close the connection instead of sending 200 OK
 + 9285 ContextHandler sends redirect on BaseResponse instead of Wrapped
   Response object from Handler chain
 + 9344 Cleanup Multipart Handling (CVE-2023-26048)
 + 9339 Cleanup CookieCutter Parsing (CVE-2023-26049)
 + 9334 Better support for Cookie RFC 2965 compliance
 + 9337 LowResourceMonitor.getReasons should include detailed reason instead of
   hard-coded message

jetty-9.4.51.v20230217 - 17 February 2023
 + 9059 IteratingCallback not serializing close() and failed()
 + 9181 NPE in SessionHandler.checkRequestedSessionId()
 + 9345 Backport Fix for CVE-2023-26048
 + 9352 Backport Fix for CVE-2023-26049

jetty-11.0.13 - 07 December 2022
 + 7117 Timeout with Expect 100 continue when using ProxyServlet
 + 7286 WebSocket write can time out even if the frame / callback has not been
   failed.
 + 7993 HttpClient idleTimeout configuration being ignored/overridden
 + 8330 Persistent OpenId sessions can throw IllegalStateException
 + 8460 Log or throw exception if DefaultSessionIdManager is used but has not
   been started.
 + 8536 HotSwapHandler race condition
 + 8558 Idle timeout occured sometimes on HTTP/2 client with
   `InputStreamResponseListener`
 + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns
 + 8591 Indicate units of HttpClient properties
 + 8623 Use AutoLock in InputStreamResponseListener
 + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat
   reasons
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection
 + 8695 Update quiche to 0.16.0
 + 8712 ELContextCleaner no longer needed
 + 8716 Multiple Host header values handled poorly
 + 8721 jetty:effective-web-xml doesn't generate quickstart information for web
   fragment jars that contain META-INF/resources
 + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime
 + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers
   with empty values
 + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE
 + 8770 Review whether to send request body in redirects
 + 8779 CompactPathRule drops query section on use
 + 8786 KeyStoreScanner is not able to monitor a symlink file and always
   resolves to the target.
 + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices
 + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until
   stop timeout
 + 8863 Provide a possibility to name virtual threads
 + 8895 Generate downloadable version of javadocs documentation in website
   deploy script
 + 8897 Update Conditional request handling for RFC7232
 + 8905 GzipHandler fails to set Vary header on 304 responses
 + 8913 Review Jetty XML syntax to allow calling JDK methods
 + 8942 Use Logback 1.3.x for Jetty 10.0.x
 + 9006 WebSocket Message InputStream read() returns signed byte

jetty-11.0.13 - 07 December 2022
 + 7117 Timeout with Expect 100 continue when using ProxyServlet
 + 7286 WebSocket write can time out even if the frame / callback has not been
   failed.
 + 7993 HttpClient idleTimeout configuration being ignored/overridden
 + 8330 Persistent OpenId sessions can throw IllegalStateException
 + 8460 Log or throw exception if DefaultSessionIdManager is used but has not
   been started.
 + 8536 HotSwapHandler race condition
 + 8558 Idle timeout occured sometimes on HTTP/2 client with
   `InputStreamResponseListener`
 + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns
 + 8591 Indicate units of HttpClient properties
 + 8623 Use AutoLock in InputStreamResponseListener
 + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat
   reasons
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection
 + 8695 Update quiche to 0.16.0
 + 8712 ELContextCleaner no longer needed
 + 8716 Multiple Host header values handled poorly
 + 8721 jetty:effective-web-xml doesn't generate quickstart information for web
   fragment jars that contain META-INF/resources
 + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime
 + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers
   with empty values
 + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE
 + 8770 Review whether to send request body in redirects
 + 8779 CompactPathRule drops query section on use
 + 8786 KeyStoreScanner is not able to monitor a symlink file and always
   resolves to the target.
 + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices
 + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until
   stop timeout
 + 8863 Provide a possibility to name virtual threads
 + 8895 Generate downloadable version of javadocs documentation in website
   deploy script
 + 8897 Update Conditional request handling for RFC7232
 + 8905 GzipHandler fails to set Vary header on 304 responses
 + 8913 Review Jetty XML syntax to allow calling JDK methods
 + 8942 Use Logback 1.3.x for Jetty 10.0.x
 + 9006 WebSocket Message InputStream read() returns signed byte

jetty-10.0.13 - 07 December 2022
 + 7117 Timeout with Expect 100 continue when using ProxyServlet
 + 7286 WebSocket write can time out even if the frame / callback has not been
   failed.
 + 7993 HttpClient idleTimeout configuration being ignored/overridden
 + 8330 Persistent OpenId sessions can throw IllegalStateException
 + 8460 Log or throw exception if DefaultSessionIdManager is used but has not
   been started.
 + 8536 HotSwapHandler race condition
 + 8558 Idle timeout occured sometimes on HTTP/2 client with
   `InputStreamResponseListener`
 + 8584 org.eclipse.jetty.client.HttpRequest.send() never returns
 + 8591 Indicate units of HttpClient properties
 + 8623 Use AutoLock in InputStreamResponseListener
 + 8628 Pseudo restore `PathMappings.getMatch(String)` for backwards compat
   reasons
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection
 + 8695 Update quiche to 0.16.0
 + 8712 ELContextCleaner no longer needed
 + 8716 Multiple Host header values handled poorly
 + 8721 jetty:effective-web-xml doesn't generate quickstart information for web
   fragment jars that contain META-INF/resources
 + 8723 Provide a thread-safe way to modify HttpClient proxies at runtime
 + 8750 AbstractProxyServlet.onServerResponseHeaders does not support headers
   with empty values
 + 8753 Starting HttpClient with destinationIdleTimeout set throws NPE
 + 8770 Review whether to send request body in redirects
 + 8779 CompactPathRule drops query section on use
 + 8786 KeyStoreScanner is not able to monitor a symlink file and always
   resolves to the target.
 + 8810 `ArrayRetainableByteBufferPool` inefficiently calculates bucket indices
 + 8811 HTTP/2 session shutdown race may cause `Server.stop()` to block until
   stop timeout
 + 8863 Provide a possibility to name virtual threads
 + 8895 Generate downloadable version of javadocs documentation in website
   deploy script
 + 8897 Update Conditional request handling for RFC7232
 + 8905 GzipHandler fails to set Vary header on 304 responses
 + 8913 Review Jetty XML syntax to allow calling JDK methods
 + 8942 Use Logback 1.3.x for Jetty 10.0.x
 + 9006 WebSocket Message InputStream read() returns signed byte

jetty-9.4.50.v20221201 - 01 December 2022
 + 8774 Added SizeLimitHandler
 + 8678 Jetty client is not responding to GO_AWAY packet received from (Jetty)
   Server and continue to send traffic on same connection

jetty-12.0.0.alpha1 - 15 September 2022
 + 8474 Jetty 12 : Resource API Review
 + 8493 Review HTTP client feature `setRemoveIdleDestinations`
 + 8532 Review System.nanoTime() usages
 + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded`
   and `org.eclipse.jetty/infinispan-remote`
 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in
   an authority-form request-target

jetty-11.0.12 - 14 September 2022
 + 7970 Maven Plugin - the option to set extraClasspath in the plugin
   configuration isn't working
 + 8007 Support Loom
 + 8151 `JakartaWebSocketSession.close()` blocks long time when called from
   `SendHandlerCallback`
 + 8152 jetty.sh does not read JAVA_OPTIONS anymore
 + 8170 WebSockets closed abruptly when using HTTP/2
 + 8196 Remove unused jetty-plus.xml file
 + 8206 Stopping server from within AbstractConnector#accept fails and results
   in a partially stopped QueuedThreadPool
 + 8216 OpenID logout / more extensibible OpenIdConfiguration
 + 8222 Jetty start.jar fails with NullPointerException when referencing a non
   existent module and using JVM args
 + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is
   different from ContextHandler's
 + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField
   cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField
 + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is
   called resulting that access to resource is denied
 + 8319 Allow configuring initial queue size per destination
 + 8353 Automatic pongs should not be sent when connection is closed
 + 8414 BlockingArrayQueue drops all contents on drain
 + 8493 Review HTTP client feature `setRemoveIdleDestinations`
 + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that
   cause 404 error
 + 8532 Review System.nanoTime() usages
 + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded`
   and `org.eclipse.jetty/infinispan-remote`
 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in
   an authority-form request-target

jetty-11.0.12 - 14 September 2022
 + 7970 Maven Plugin - the option to set extraClasspath in the plugin
   configuration isn't working
 + 8007 Support Loom
 + 8151 `JakartaWebSocketSession.close()` blocks long time when called from
   `SendHandlerCallback`
 + 8152 jetty.sh does not read JAVA_OPTIONS anymore
 + 8170 WebSockets closed abruptly when using HTTP/2
 + 8196 Remove unused jetty-plus.xml file
 + 8206 Stopping server from within AbstractConnector#accept fails and results
   in a partially stopped QueuedThreadPool
 + 8216 OpenID logout / more extensibible OpenIdConfiguration
 + 8222 Jetty start.jar fails with NullPointerException when referencing a non
   existent module and using JVM args
 + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is
   different from ContextHandler's
 + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField
   cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField
 + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is
   called resulting that access to resource is denied
 + 8319 Allow configuring initial queue size per destination
 + 8353 Automatic pongs should not be sent when connection is closed
 + 8414 BlockingArrayQueue drops all contents on drain
 + 8493 Review HTTP client feature `setRemoveIdleDestinations`
 + 8497 `jetty-bom/11.0.11` depends on `jetty-slf4j-impl/10.0.8-SNAPSHO` that
   cause 404 error
 + 8532 Review System.nanoTime() usages
 + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded`
   and `org.eclipse.jetty/infinispan-remote`
 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in
   an authority-form request-target

jetty-10.0.12 - 14 September 2022
 + 7970 Maven Plugin - the option to set extraClasspath in the plugin
   configuration isn't working
 + 8007 Support Loom
 + 8151 `JakartaWebSocketSession.close()` blocks long time when called from
   `SendHandlerCallback`
 + 8152 jetty.sh does not read JAVA_OPTIONS anymore
 + 8170 WebSockets closed abruptly when using HTTP/2
 + 8196 Remove unused jetty-plus.xml file
 + 8206 Stopping server from within AbstractConnector#accept fails and results
   in a partially stopped QueuedThreadPool
 + 8216 OpenID logout / more extensibible OpenIdConfiguration
 + 8222 Jetty start.jar fails with NullPointerException when referencing a non
   existent module and using JVM args
 + 8259 Symlinks cause 404 with DefaultServlet when its "resourceBase" is
   different from ContextHandler's
 + 8294 java.lang.ClassCastException: class org.eclipse.jetty.http.HttpField
   cannot be cast to class org.eclipse.jetty.http.HttpCookie$SetCookieHttpField
 + 8296 SymlinkAllowedResourceAliasChecker is initialized after checkAlias is
   called resulting that access to resource is denied
 + 8319 Allow configuring initial queue size per destination
 + 8353 Automatic pongs should not be sent when connection is closed
 + 8414 BlockingArrayQueue drops all contents on drain
 + 8493 Review HTTP client feature `setRemoveIdleDestinations`
 + 8532 Review System.nanoTime() usages
 + 8540 Maven pom is not correct for `org.eclipse.jetty/infinispan-embedded`
   and `org.eclipse.jetty/infinispan-remote`
 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in
   an authority-form request-target

jetty-9.4.49.v20220914 - 14 September 2022
 + 8414 BlockingArrayQueue drops all contents on drain
 + 8493 Review HTTP client feature `setRemoveIdleDestinations`
 + 8578 `getRequestURL` can append "null" if `getRequestURI` is unspecified in
   an authority-form request-target

jetty-12.0.0.alpha0 - 22 August 2022
 + First alpha release of Jetty 12. A lot changes but very good changes!

jetty-11.0.11 - 21 June 2022
 + 8184 All suffix globs except first fail to match if path has `.` character
   in prefix section

jetty-10.0.11 - 21 June 2022
 + 8184 All suffix globs except first fail to match if path has `.` character
   in prefix section

jetty-10.0.11 - 21 June 2022
 + 8184 All suffix globs except first fail to match if path has `.` character
   in prefix section

jetty-9.4.48.v20220622 - 21 June 2022
 + 8184 All suffix globs except first fail to match if path has . character in
   prefix

jetty-11.0.10 - 16 June 2022
 + 1771 Add module for SecuredRedirect support
 + 4414 GZipHandler not excluding inflation for specified paths
 + 7635 QPACK decoder should fail connection if the encoder blocks more than
   SETTINGS_QPACK_BLOCKED_STREAMS
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching
 + 7754 jetty.sh ignores JAVA_OPTIONS environment variable
 + 7801 Session cookie can be set twice after session id changed
 + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no
   longer possible with Jetty 10
 + 7855 Remove accidentally included package-info.class in all packages
 + 7858 GZipHandler does not play nice with other handlers in HandlerCollection
 + 7863 Default servlet drops first accept-encoding header if there is more
   than one.
 + 7880 DefaultServlet should not overwrite programmatically configured
   precompressed formats with defaults
 + 7891 Better Servlet PathMappings for Regex
 + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec
 + 7935 Review HTTP/2 error handling (Resolves CVE-2022-2048)
 + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers
 + 7977 UpgradeHttpServletRequest.setAttribute &
   UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
 + 7994 Ability to construct a detached client Request
 + 8014 Review HttpRequest URI construction (Resolves CVE-2022-2047)
 + 8057 Support Http Response 103 (Early Hints)
 + 8067 Wall time usage in DoSFilter RateTracker results in false positive
   alert
 + 8088 Add option to configure exitVm on ShutdownMonitor from System
   properties
 + 8161 Improve SSLConnection buffers handling (Resolves CVE-2022-2191)

jetty-10.0.10 - 16 June 2022
 + 1771 Add module for SecuredRedirect support
 + 4414 GZipHandler not excluding inflation for specified paths
 + 7635 QPACK decoder should fail connection if the encoder blocks more than
   SETTINGS_QPACK_BLOCKED_STREAMS
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching
 + 7754 jetty.sh ignores JAVA_OPTIONS environment variable
 + 7801 Session cookie can be set twice after session id changed
 + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no
   longer possible with Jetty 10
 + 7855 Remove accidentally included package-info.class in all packages
 + 7858 GZipHandler does not play nice with other handlers in HandlerCollection
 + 7863 Default servlet drops first accept-encoding header if there is more
   than one.
 + 7880 DefaultServlet should not overwrite programmatically configured
   precompressed formats with defaults
 + 7891 Better Servlet PathMappings for Regex
 + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec
 + 7935 Review HTTP/2 error handling (Resolves CVE-2022-2048)
 + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers
 + 7977 UpgradeHttpServletRequest.setAttribute &
   UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
 + 7994 Ability to construct a detached client Request
 + 8014 Review HttpRequest URI construction (Resolves CVE-2022-2047)
 + 8057 Support Http Response 103 (Early Hints)
 + 8067 Wall time usage in DoSFilter RateTracker results in false positive
   alert
 + 8088 Add option to configure exitVm on ShutdownMonitor from System
   properties
 + 8161 Improve SSLConnection buffers handling (Resolves CVE-2022-2191)

jetty-10.0.10 - 16 June 2022
 + 1771 Add module for SecuredRedirect support
 + 4414 GZipHandler not excluding inflation for specified paths
 + 7635 QPACK decoder should fail connection if the encoder blocks more than
   SETTINGS_QPACK_BLOCKED_STREAMS
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching
 + 7754 jetty.sh ignores JAVA_OPTIONS environment variable
 + 7801 Session cookie can be set twice after session id changed
 + 7818 Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no
   longer possible with Jetty 10
 + 7855 Remove accidentally included package-info.class in all packages
 + 7858 GZipHandler does not play nice with other handlers in HandlerCollection
 + 7863 Default servlet drops first accept-encoding header if there is more
   than one.
 + 7880 DefaultServlet should not overwrite programmatically configured
   precompressed formats with defaults
 + 7891 Better Servlet PathMappings for Regex
 + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec
 + 7935 Review HTTP/2 error handling (CVE-2022-2048)
 + 7975 `ForwardedRequestCustomizer` setters do not clear existing handlers
 + 7977 UpgradeHttpServletRequest.setAttribute &
   UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
 + 7994 Ability to construct a detached client Request
 + 8014 Review HttpRequest URI construction (CVE-2022-2047)
 + 8057 Support Http Response 103 (Early Hints)
 + 8067 Wall time usage in DoSFilter RateTracker results in false positive
   alert
 + 8088 Add option to configure exitVm on ShutdownMonitor from System
   properties
 + 8161 Improve SSLConnection buffers handling (CVE-2022-2191)

jetty-9.4.47.v20220610 - 10 June 2022
 + 4717 High CPU spikes with jetty winstone threads
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching
 + 7801 Session cookie can be set twice after session id changed
 + 7855 Remove accidentally included package-info.class in all packages
 + 7858 GZipHandler does not play nice with other handlers in HandlerCollection
 + 7863 Default servlet drops first accept-encoding header if there is more
   than one.
 + 7918 PathMappings.asPathSpec does not allow root ServletPathSpec
 + 7935 Review HTTP/2 error handling (CVE-2022-2048)
 + 8014 Review HttpRequest URI construction (CVE-2022-2047)
 + 8067 Wall time usage in DoSFilter RateTracker results in false positive
   alert
 + 8088 Add option to configure exitVm on ShutdownMonitor from System
   properties

jetty-9.4.46.v20220331 - 31 March 2022
 + 5965 Option --write-module-graph produces wrong .dot file
 + 6756 Deprecate `/jetty-spring/` artifact in `jetty-9.4.x` releases
 + 7518 ArrayTrie getBest fails to match the empty string entry in certain
   cases
 + 7548 Interrupt flag is not always cleared in between requests
 + 7567 Gzip compression not working for multipart/form-data when added to the
   allowed list using addIncludedMimeTypes.
 + 7569 Miconfigured headerCacheSize in can result in IllegalArgumentException
 + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../

jetty-11.0.9 - 30 March 2022
 + 5681 Unrecognized jetty-home/start.jar command line option not reported
   clearly
 + 5965 Option --write-module-graph produces wrong .dot file
 + 6879 Remove jminix (not maintained) module as hawtio provide same features
 + 7182 jetty.sh start process should remove jetty_state whenever deleting the
   pid
 + 7344 Incompatible with jacoco due to shutdown race condition
 + 7414 QoSFilter.setMaxRequests throws NullPointerException
 + 7513 Getter/setter type mismatch for mbean attribute file in class
   org.eclipse.jetty.deploy.PropertiesConfigurationManager
 + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very
   large entry
 + 7518 ArrayTrie getBest fails to match the empty string entry in certain
   cases
 + 7545 Named arguments do not work in jetty-openid.xml
 + 7548 Interrupt flag is not always cleared in between requests
 + 7567 Gzip compression not working for multipart/form-data when added to the
   allowed list using addIncludedMimeTypes.
 + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer"
 + 7575 Misleading docs for `HttpClientTransportDynamic`
 + 7613 Configurations.add(Configuration) results in
   UnsupportedOperationException
 + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../
 + 7617 Logback-access RequestLog not working
 + 7625 HTTP/3 error against www.google.com
 + 7677 jetty-maven-plugin - maven internal dependencies included on webapp
   classloader
 + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and
   always uses non-direct buffers (causing GC locking)
 + 7688 Read data to native memory from HttpInput
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching

jetty-10.0.9 - 30 March 2022
 + 5681 Unrecognized jetty-home/start.jar command line option not reported
   clearly
 + 5965 Option --write-module-graph produces wrong .dot file
 + 6879 Remove jminix (not maintained) module as hawtio provide same features
 + 7182 jetty.sh start process should remove jetty_state whenever deleting the
   pid
 + 7344 Incompatible with jacoco due to shutdown race condition
 + 7414 QoSFilter.setMaxRequests throws NullPointerException
 + 7513 Getter/setter type mismatch for mbean attribute file in class
   org.eclipse.jetty.deploy.PropertiesConfigurationManager
 + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very
   large entry
 + 7518 ArrayTrie getBest fails to match the empty string entry in certain
   cases
 + 7545 Named arguments do not work in jetty-openid.xml
 + 7548 Interrupt flag is not always cleared in between requests
 + 7567 Gzip compression not working for multipart/form-data when added to the
   allowed list using addIncludedMimeTypes.
 + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer"
 + 7575 Misleading docs for `HttpClientTransportDynamic`
 + 7613 Configurations.add(Configuration) results in
   UnsupportedOperationException
 + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../
 + 7617 Logback-access RequestLog not working
 + 7625 HTTP/3 error against www.google.com
 + 7677 jetty-maven-plugin - maven internal dependencies included on webapp
   classloader
 + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and
   always uses non-direct buffers (causing GC locking)
 + 7688 Read data to native memory from HttpInput
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching

jetty-10.0.9 - 30 March 2022
 + 5681 Unrecognized jetty-home/start.jar command line option not reported
   clearly
 + 5965 Option --write-module-graph produces wrong .dot file
 + 6879 Remove jminix (not maintained) module as hawtio provide same features
 + 7182 jetty.sh start process should remove jetty_state whenever deleting the
   pid
 + 7344 Incompatible with jacoco due to shutdown race condition
 + 7414 QoSFilter.setMaxRequests throws NullPointerException
 + 7513 Getter/setter type mismatch for mbean attribute file in class
   org.eclipse.jetty.deploy.PropertiesConfigurationManager
 + 7517 Some ArrayTrie methods throw StackOverflowError when cointaining a very
   large entry
 + 7518 ArrayTrie getBest fails to match the empty string entry in certain
   cases
 + 7545 Named arguments do not work in jetty-openid.xml
 + 7548 Interrupt flag is not always cleared in between requests
 + 7567 Gzip compression not working for multipart/form-data when added to the
   allowed list using addIncludedMimeTypes.
 + 7573 WebSockets - "Unsupported PathParam Type: java.lang.Integer"
 + 7575 Misleading docs for `HttpClientTransportDynamic`
 + 7613 Configurations.add(Configuration) results in
   UnsupportedOperationException
 + 7615 HttpServletResponse.encodeURL not working for URLs starting with ../
 + 7617 Logback-access RequestLog not working
 + 7625 HTTP/3 error against www.google.com
 + 7677 jetty-maven-plugin - maven internal dependencies included on webapp
   classloader
 + 7683 GZIPContentDecoder ignores setUseInputDirectByteBuffers setting and
   always uses non-direct buffers (causing GC locking)
 + 7688 Read data to native memory from HttpInput
 + 7748 Allow overriding of url-pattern mapping in ServletContextHandler to
   allow for regex or uri-template matching

jetty-11.0.8 - 07 February 2022
 + 2504 Expose more WebSocket details in JMX and Server Dump
 + 4275 Path Normalization/Traversal - Context Matching
 + 4317 EventSource does not work with GzipHandler
 + 6017 Property overriding does not work
 + 6282 SecuredRedirectHandler should probably redirect with 301
 + 6497 Replace SameFileAliasChecker
 + 6728 QUIC and HTTP/3
 + 6730 HTTP3: update Quiche to 0.9.0
 + 6965 Expose Spec `ServerContainer.upgrade()` API
 + 6973 Jetty starts consuming CPU that remains high even without any traffic
 + 6974 Major websocket memory change in 9.4.36
 + 6980 ELContextCleaner failed because cannot access a member of class
   javax.el.BeanELResolver with modifiers "private static final"
 + 6985 ELContextCleaner references javax class in jetty-11
 + 6987 jetty-unixdomain-server is missing from jetty-bom
 + 6990 UnixDomainServerConnector throws misleading exception on invalid socket
   path
 + 7008 Problem with jetty.sh start regression 10.0.6 -> 10.0.7 when using
   JETTY_USER
 + 7012 Remove all old geronimo spec jars from jetty-10
 + 7031 ResponseWriter.println(char) does not print newline
 + 7042 Simplify configuration to use different OpenIdConfiguration per webapp
 + 7059 NPE in AllowedResourceAliasChecker.getPath()
 + 7063 Simplify command line use of org.eclipse.jetty.util.Password
 + 7064 Cleanup or clarify `(null)` in output of `--list-config`
 + 7086 WebSocket: java.lang.IllegalStateException: already released
   RetainableByteBuffer
 + 7103 Rework LaF of distro landing page
 + 7107 Client timeout and async close exceptions when setting max duration on
   pool
 + 7109 Deprecate UnixSocket JNR support
 + 7111 Add support to deprecate jetty-home modules
 + 7113 Improve Unix-Domain client documentation
 + 7124 Add default methods on LifeCycle.Listener interface
 + 7131 Use Charset instead of encoding string where possible
 + 7157 Multiplexed connection pools retain CLOSED entries
 + 7160 HttpURI considers %25 to be ambiguous, preventing access to static
   resources with % in their name
 + 7240 Clarify and javadoc InvocationType
 + 7243 Reset pooled ByteBuffer endianness
 + 7262 Allow the SerlvetHandler.getFilterChain method to be overridden
 + 7277 Allow override of `ServletRequest.getLocalName()` and `.getLocalPort()`
   in post-intermediary scenarios
 + 7280 Interceptors don't get destroyed in HttpInput
 + 7281 EOFs are not passed to interceptors any more - shouldn't they?
 + 7284 HttpInput reopen/recycle cleanup
 + 7297 Deprecate log4j 1.x support
 + 7313 addBean(_attributes); only called in the Convenience constructor of
   org.eclipse.jetty.server.Server
 + 7327 jetty-slf4j-impl missing from BOM
 + 7348 Slow CONNECT request causes NPE
 + 7351 Large WebSocket payloads with permessage-deflate hang on 10.0.7
 + 7354 Demo jars should not be in jetty-home
 + 7369 Document CustomRequestLog
 + 7375 Some environments require Request scoping during session save
 + 7435 Investigate Infinispan transitive dependencies
 + 7494 Remove modules in Jetty 11 that are not supporting jakarta.servlet yet
 + 7496 Transient 400: Bad Request responses in jetty-9.4.45.v20220128
 + 7514 Adding InheritedListeners to already-started components can cause
   IllegalStateException
 + 7523 Typo in AnnotationConfiguration
 + 7524 Missing package in JmxConfiguration
 + 7529 Upgrade quiche to version 0.11.0

jetty-10.0.8 - 07 February 2022
 + 2504 Expose more WebSocket details in JMX and Server Dump
 + 4275 Path Normalization/Traversal - Context Matching
 + 4317 EventSource does not work with GzipHandler
 + 6017 Property overriding does not work
 + 6282 SecuredRedirectHandler should probably redirect with 301
 + 6497 Replace SameFileAliasChecker
 + 6728 QUIC and HTTP/3
 + 6730 HTTP3: update Quiche to 0.9.0
 + 6965 Expose Spec `ServerContainer.upgrade()` API
 + 6973 Jetty starts consuming CPU that remains high even without any traffic
 + 6974 Major websocket memory change in 9.4.36
 + 6980 ELContextCleaner failed because cannot access a member of class
   javax.el.BeanELResolver with modifiers "private static final"
 + 6987 jetty-unixdomain-server is missing from jetty-bom
 + 6990 UnixDomainServerConnector throws misleading exception on invalid socket
   path
 + 7008 Problem with jetty.sh start regression 10.0.6 -> 10.0.7 when using
   JETTY_USER
 + 7012 Remove all old geronimo spec jars from jetty-10
 + 7031 ResponseWriter.println(char) does not print newline
 + 7042 Simplify configuration to use different OpenIdConfiguration per webapp
 + 7059 NPE in AllowedResourceAliasChecker.getPath()
 + 7063 Simplify command line use of org.eclipse.jetty.util.Password
 + 7064 Cleanup or clarify `(null)` in output of `--list-config`
 + 7086 WebSocket: java.lang.IllegalStateException: already released
   RetainableByteBuffer
 + 7103 Rework LaF of distro landing page
 + 7107 Client timeout and async close exceptions when setting max duration on
   pool
 + 7109 Deprecate UnixSocket JNR support
 + 7111 Add support to deprecate jetty-home modules
 + 7113 Improve Unix-Domain client documentation
 + 7124 Add default methods on LifeCycle.Listener interface
 + 7131 Use Charset instead of encoding string where possible
 + 7157 Multiplexed connection pools retain CLOSED entries
 + 7160 HttpURI considers %25 to be ambiguous, preventing access to static
   resources with % in their name
 + 7240 Clarify and javadoc InvocationType
 + 7243 Reset pooled ByteBuffer endianness
 + 7262 Allow the SerlvetHandler.getFilterChain method to be overridden
 + 7277 Allow override of `ServletRequest.getLocalName()` and `.getLocalPort()`
   in post-intermediary scenarios
 + 7280 Interceptors don't get destroyed in HttpInput
 + 7281 EOFs are not passed to interceptors any more - shouldn't they?
 + 7284 HttpInput reopen/recycle cleanup
 + 7297 Deprecate log4j 1.x support
 + 7313 addBean(_attributes); only called in the Convenience constructor of
   org.eclipse.jetty.server.Server
 + 7327 jetty-slf4j-impl missing from BOM
 + 7348 Slow CONNECT request causes NPE
 + 7351 Large WebSocket payloads with permessage-deflate hang on 10.0.7
 + 7354 Demo jars should not be in jetty-home
 + 7369 Document CustomRequestLog
 + 7375 Some environments require Request scoping during session save
 + 7435 Investigate Infinispan transitive dependencies
 + 7496 Transient 400: Bad Request responses in jetty-9.4.45.v20220128
 + 7514 Adding InheritedListeners to already-started components can cause
   IllegalStateException
 + 7523 Typo in AnnotationConfiguration
 + 7524 Missing package in JmxConfiguration
 + 7529 Upgrade quiche to version 0.11.0

jetty-9.4.45.v20220203 - 03 February 2022
 + 4275 Path Normalization/Traversal - Context Matching
 + 6497 Replace SameFileAliasChecker
 + 6687 Upgrade Infinispan in all active Jetty branches
 + 6965 Expose Spec `ServerContainer.upgrade()` API
 + 6969 Getting 404 failures when trying to enable `logging-log4j` module
 + 6974 Major websocket memory change in 9.4.36
 + 7031 ResponseWriter.println(char) does not print newline
 + 7059 NPE in AllowedResourceAliasChecker.getPath()
 + 7073 Error in parse parameter in broken UTF-8 encoding
 + 7078 CompressionPools are not shared between multiple contexts for 9.4
   WebSocket
 + 7107 Client timeout and async close exceptions when setting max duration on
   pool
 + 7124 Add default methods on LifeCycle.Listener interface
 + 7157 Multiplexed connection pools retain CLOSED entries
 + 7243 Reset pooled ByteBuffer endianness
 + 7266 Wrong ALPN jars are selected for newer versions of JDK8
 + 7271 It is necessary to set MAX_CAPACITY to ArrayTernaryTrie/ArrayTrie
 + 7277 Allow override of `ServletRequest.getLocalName()` and `.getLocalPort()`
   in post-intermediary scenarios
 + 7297 Deprecate log4j 1.x support
 + 7348 Slow CONNECT request causes NPE
 + 7375 Some environments require Request scoping during session save
 + 7435 Investigate Infinispan transitive dependencies
 + 7440 ContextHandler.getAliasChecks() breaks Spring Boot
 + 7496 Transient 400: Bad Request responses in jetty-9.4.45.v20220128

jetty-11.0.7 - 06 October 2021
 + 3514 Use interpolation of versions from pom in mod files
 + 6043 Reimplement UnixSocket support based on Java 16
 + 6322 Use `RetainableByteBuffer` in `HttpConnection`
 + 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond
 + 6372 Review socket options configuration
 + 6403 Deploy a maven based p2-updatesite
 + 6406 Jetty Jaspi module not compatible with Jakarta EE 9 (Jakarta
   Authentication)
 + 6473 Improve alias checking in PathResource
 + 6476 Show message if JVM args are present but new JVM is spawned based on
   active modules
 + 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing
   libraries to use
 + 6489 Some URI valid compliance modes cannot be set in .ini file
 + 6491 onDataAvailable() not called when HttpParser is closed prematurely
 + 6497 Replace SameFileAliasChecker
 + 6520 Error page has HTML error when writePoweredBy is enabled
 + 6544 Using jetty.gzip.excludedMimeTypeList property results in an error
 + 6545 image/webp MIME type support
 + 6552 FileBufferedInterceptor.dispose not working due to locked file
 + 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
 + 6554 Allow creation of DefaultIdentityService without realmName
 + 6556 MemcachedSessionDataMap needs to set the context classloader before
   serialization/deseriazliation.
 + 6558 Allow to configure return type in JSON array parsing
 + 6562 HttpOutput.write(ByteBuffer buffer)
 + 6565 Improve deployment of symlinked webapplications
 + 6566 High CPU use due to new thread created on every websocket message in
   DispatchedMessageSink
 + 6586 Remove some unnecessary dependencies
 + 6601 jetty-websocket-core not usable standalone, only with
   websocket-javax-server or websocket-jetty-server
 + 6602 SessionTracker memory leak on WebSockets that close immediately
 + 6603 HTTP/2 max local stream count exceeded
 + 6617 Add basic auth support for OpenId token endpoint (client_secret_basic)
 + 6618 ID token `azp` claim should not be required if `aud` is single value
   array
 + 6642 WebSocket handling of Connection: upgrade,close
 + 6646 Deadlock in HTTP2Flusher when using a small thread pool due to
   incorrect InvocableType
 + 6652 Improve ReservedThreadExecutor dump
 + 6654 ServerUpgradeRequest.getCookies() can throws NullPointerException
 + 6661 Some SocketOptions not supported on Windows
 + 6679 Update to Apache Jasper 10.0.10
 + 6687 Upgrade Infinispan in all active Jetty branches
 + 6693 FastCGI review
 + 6696 High WebSocket memory usage
 + 6735 infinispan-embedded-query and infinispan-remote-query modules broken
 + 6752 DefaultSessionCache more extensible using ConcurrentMap
 + 6770 Bulk update of osgi testing dependencies
 + 6772 Update to asm 9.2
 + 6853 Remove pack200 plugins
 + 6860 IPv6 format
 + 6868 _uriCompliance attribute has been forgotten in the HttpConfiguration
   constructor from another configuration
 + 6869 Correct Content-Type within HTML error pages
 + 6870 Encode control characters in URIUtil.encodePath
 + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option
 + 6938 module-info.java file do not use the canonical order for the elements

jetty-10.0.7 - 06 October 2021
 + 3514 Use interpolation of versions from pom in mod files
 + 6043 Reimplement UnixSocket support based on Java 16
 + 6322 Use `RetainableByteBuffer` in `HttpConnection`
 + 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond
 + 6372 Review socket options configuration
 + 6403 Deploy a maven based p2-updatesite
 + 6406 Jetty Jaspi module not compatible with Jakarta EE 9 (Jakarta
   Authentication)
 + 6476 Show message if JVM args are present but new JVM is spawned based on
   active modules
 + 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing
   libraries to use
 + 6489 Some URI valid compliance modes cannot be set in .ini file
 + 6491 onDataAvailable() not called when HttpParser is closed prematurely
 + 6497 Replace SameFileAliasChecker
 + 6520 Error page has HTML error when writePoweredBy is enabled
 + 6544 Using jetty.gzip.excludedMimeTypeList property results in an error
 + 6545 image/webp MIME type support
 + 6552 FileBufferedInterceptor.dispose not working due to locked file
 + 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
 + 6554 Allow creation of DefaultIdentityService without realmName
 + 6556 MemcachedSessionDataMap needs to set the context classloader before
   serialization/deseriazliation.
 + 6558 Allow to configure return type in JSON array parsing
 + 6562 HttpOutput.write(ByteBuffer buffer)
 + 6565 Improve deployment of symlinked webapplications
 + 6566 High CPU use due to new thread created on every websocket message in
   DispatchedMessageSink
 + 6601 jetty-websocket-core not usable standalone, only with
   websocket-javax-server or websocket-jetty-server
 + 6602 SessionTracker memory leak on WebSockets that close immediately
 + 6603 HTTP/2 max local stream count exceeded
 + 6617 Add basic auth support for OpenId token endpoint (client_secret_basic)
 + 6618 ID token `azp` claim should not be required if `aud` is single value
   array
 + 6642 WebSocket handling of Connection: upgrade,close
 + 6646 Deadlock in HTTP2Flusher when using a small thread pool due to
   incorrect InvocableType
 + 6652 Improve ReservedThreadExecutor dump
 + 6654 ServerUpgradeRequest.getCookies() can throws NullPointerException
 + 6661 Some SocketOptions not supported on Windows
 + 6677 Update to apache jasper 9.0.52
 + 6687 Upgrade Infinispan in all active Jetty branches
 + 6693 FastCGI review
 + 6696 High WebSocket memory usage in Jetty 10
 + 6752 DefaultSessionCache more extensible using ConcurrentMap
 + 6772 Update to asm 9.2
 + 6853 Remove pack200 plugins
 + 6860 IPv6 format
 + 6868 _uriCompliance attribute has been forgotten in the HttpConfiguration
   constructor from another configuration
 + 6869 Correct Content-Type within HTML error pages
 + 6870 Encode control characters in URIUtil.encodePath
 + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option
 + 6938 module-info.java file do not use the canonical order for the elements

jetty-9.4.44.v20210927 - 27 September 2021
 + 3514 Use interpolation of versions from pom in mod files
 + 6369 Increment default jetty.http2.rateControl.maxEventsPerSecond
 + 6372 Review socket options configuration
 + 6487 Expose ServletHolder getter in ServletHandler$ChainEnd for auditing
   libraries to use
 + 6491 onDataAvailable() not called when HttpParser is closed prematurely
 + 6520 Error page has HTML error when writePoweredBy is enabled
 + 6545 image/webp MIME type support
 + 6553 Review usage of Authentication.UNAUTHENTICATED in SecurityHandler
 + 6554 Allow creation of DefaultIdentityService without realmName
 + 6558 Allow to configure return type in JSON array parsing
 + 6562 HttpOutput.write(ByteBuffer buffer)
 + 6603 HTTP/2 max local stream count exceeded
 + 6617 Add basic auth support for OpenId token endpoint (client_secret_basic)
 + 6618 ID token `azp` claim should not be required if `aud` is single value
   array
 + 6652 Improve ReservedThreadExecutor dump
 + 6671 Update to apache jsp 8.5.70
 + 6772 Update to asm 9.2
 + 6853 Remove pack200 plugins
 + 6860 Correct IPv6 format
 + 6869 Correct Content-Type within HTML error pages
 + 6870 Encode control characters in URIUtil.encodePath
 + 6883 Welcome file redirects do not honor the relativeRedirectAllowed option

jetty-9.4.43.v20210629 - 30 June 2021
 + 6379 Reduce contention in all `ByteBufferPool` implementations
 + 6382 HttpClient TimeoutException message reports transient values
 + 6400 QueuedThreadPool interrupts pool threads when stopped with zero timeout
 + 6425 Update to asm 9.1
 + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429)
 + 6470 java.nio.ReadOnlyBufferException
 + 6473 Improve alias checking in PathResource

jetty-11.0.6 - 29 June 2021
 + 6375 Always check XML `Set` elements with `property` attribute
 + 6382 HttpClient TimeoutException message reports transient values
 + 6394 Review osgi manifests within Jetty 10
 + 6407 Malformed scheme logical expression check in WebSocket
   ClientUpgradeRequest
 + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
 + 6418 Bad and/or missing Require-Capability for osgi.serviceloader
 + 6425 Update to asm 9.1
 + 6447 Deprecate support for UTF16 encoding in URIs
 + 6451 Request#getServletPath() returns null for ROOT mapping
 + 6464 Wrong files/lib definitions in certain *-capture.mod files?

jetty-10.0.6 - 29 June 2021
 + 6375 Always check XML `Set` elements with `property` attribute
 + 6382 HttpClient TimeoutException message reports transient values
 + 6394 Review osgi manifests within Jetty 10
 + 6407 Malformed scheme logical expression check in WebSocket
   ClientUpgradeRequest
 + 6410 Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
 + 6418 Bad and/or missing Require-Capability for osgi.serviceloader
 + 6425 Update to asm 9.1
 + 6447 Deprecate support for UTF16 encoding in URIs (CVE-2021-34429)
 + 6451 Request#getServletPath() returns null for ROOT mapping
 + 6464 Wrong files/lib definitions in certain *-capture.mod files?
 + 6473 Improve alias checking in PathResource

jetty-11.0.5 - 11 June 2021
 + 4772 Jetty WebSocket API onMessage annotation does not support partial
   messages.
 + 6302 Treat empty path segments are ambiguous
 + 6329 Regression on graceful shutdown default in Jetty 10
 + 6354 org.slf4j dependency imports osgi packages at 2.0
 + 6379 Reduce contention in all `ByteBufferPool` implementations
 + 6392 Review accidental xml config changes

jetty-10.0.5 - 11 June 2021
 + 4772 Jetty WebSocket API onMessage annotation does not support partial
   messages.
 + 6302 Treat empty path segments are ambiguous
 + 6329 Regression on graceful shutdown default in Jetty 10
 + 6354 org.slf4j dependency imports osgi packages at 2.0
 + 6379 Reduce contention in all `ByteBufferPool` implementations
 + 6392 Review accidental xml config changes

jetty-11.0.4 - 04 June 2021
 + 5379 Better handling for wrong SNI
 + 5931 SslConnection should implement getBytesIn()/getBytesOut()
 + 6112 Jetty logging service file leaking to web applications
 + 6114 Jetty Deploy scan / symlink behavior is broken
 + 6118 Display a warning when Hazelcast configuration does not contain Jetty
   session serializer
 + 6276 Support non-standard domains in SNI and X509
 + 6305 Optimise `ContextHandler.isProtectedTarget`
 + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
   with timeouts are sent
 + 6347 session-store-gcloud module broken logging dependency
 + 6354 org.slfj osgi dependency imports packages at 2.0

jetty-10.0.4 - 04 June 2021
 + 5379 Better handling for wrong SNI
 + 5931 SslConnection should implement getBytesIn()/getBytesOut()
 + 6112 Jetty logging service file leaking to web applications
 + 6114 Jetty Deploy scan / symlink behavior is broken
 + 6118 Display a warning when Hazelcast configuration does not contain Jetty
   session serializer
 + 6276 Support non-standard domains in SNI and X509
 + 6305 Optimise `ContextHandler.isProtectedTarget`
 + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
   with timeouts are sent
 + 6347 session-store-gcloud module broken logging dependency
 + 6354 org.slfj osgi dependency imports packages at 2.0

jetty-9.4.42.v20210604 - 04 June 2021
 + 5379 Better handling for wrong SNI
 + 5931 SslConnection should implement getBytesIn()/getBytesOut()
 + 6118 Display a warning when Hazelcast configuration does not contain Jetty
   session serializer
 + 6276 Support non-standard domains in SNI and X509
 + 6287 Class loading broken for WebSocketClient used inside webapp
 + 6323 HttpClient gets stuck/never calls onComplete() when multiple requests
   with timeouts are sent

jetty-11.0.3 - 20 May 2021
 + 3764 DeprecationWarning Decorator
 + 5306 Default jetty.*.acceptors should be 1
 + 5684 Review disabled tests
 + 5798 jetty-runner startup error with jetty-10
 + 5817 Provide more filtering for CustomRequestLog
 + 6049 Default provider [files] section always executed
 + 6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
 + 6098 jetty-cdi is missing from jetty-bom
 + 6099 Cipher preference may break SNI if certificates have different key
   types
 + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
 + 6106 WebSocket/CDI integration is broken in Jetty 10
 + 6125 Do not allow override of jakarta.* container classes by webapps per
   Servlet 5.0 Section 15.2.1
 + 6132 Ambiguous segment in URI in DELETE
   /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from
   10.0.0 to 10.0.2
 + 6153 jetty-maven-plugin does not correctly pass JVM arguments for external
   deployMode
 + 6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected
   by IP rather than hostname.
 + 6166 WebSocket MessageInputStream.read() spends a lot of time in
   ByteBuffer.compact()
 + 6205 OpenIdAuthenticator may use incorrect redirect
 + 6207 Make ALPN optional in HTTP2Client over TLS
 + 6208 HTTP/2 max local stream count exceeded
 + 6224 make jetty-jspc-maven-plugin @threadSafe
 + 6227 Better resolve race between `AsyncListener.onTimeout` and
   `AsyncContext.dispatch`
 + 6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
 + 6250 Lazily allocate HTTP2Stream data queue
 + 6251 Use CyclicTimeout for HTTP2Streams
 + 6254 Total timeout not enforced for queued requests
 + 6263 Review URI encoding in ConcatServlet & WelcomeFilter
 + 6272 Reduce allocation in HttpClient when notifying content listeners
 + 6277 Better handle exceptions thrown from session destroy listener
 + 6280 Copy ServletHolder class/instance properly during startWebapp
 + 6287 Class loading broken for WebSocketClient used inside webapp

jetty-10.0.3 - 20 May 2021
 + 3764 DeprecationWarning Decorator
 + 5306 Default jetty.*.acceptors should be 1
 + 5684 Review disabled tests
 + 5798 jetty-runner startup error with jetty-10
 + 5817 Provide more filtering for CustomRequestLog
 + 6049 Default provider [files] section always executed
 + 6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity
 + 6098 jetty-cdi is missing from jetty-bom
 + 6099 Cipher preference may break SNI if certificates have different key
   types
 + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
 + 6106 WebSocket/CDI integration is broken in Jetty 10
 + 6132 Ambiguous segment in URI in DELETE
   /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from
   10.0.0 to 10.0.2
 + 6153 jetty-maven-plugin does not correctly pass JVM arguments for external
   deployMode
 + 6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected
   by IP rather than hostname.
 + 6166 WebSocket MessageInputStream.read() spends a lot of time in
   ByteBuffer.compact()
 + 6205 OpenIdAuthenticator may use incorrect redirect
 + 6207 Make ALPN optional in HTTP2Client over TLS
 + 6208 HTTP/2 max local stream count exceeded
 + 6224 make jetty-jspc-maven-plugin @threadSafe
 + 6227 Better resolve race between `AsyncListener.onTimeout` and
   `AsyncContext.dispatch`
 + 6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: ""
 + 6250 Lazily allocate HTTP2Stream data queue
 + 6251 Use CyclicTimeout for HTTP2Streams
 + 6254 Total timeout not enforced for queued requests
 + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169)
 + 6272 Reduce allocation in HttpClient when notifying content listeners
 + 6277 Better handle exceptions thrown from session destroy listener
   (CVE-2021-34428)
 + 6280 Copy ServletHolder class/instance properly during startWebapp
 + 6287 Class loading broken for WebSocketClient used inside webapp

jetty-9.4.41.v20210516 - 16 May 2021
 + 6099 Cipher preference may break SNI if certificates have different key
   types
 + 6186 Add Null Protection on Log / Logger
 + 6205 OpenIdAuthenticator may use incorrect redirect
 + 6208 HTTP/2 max local stream count exceeded
 + 6227 Better resolve race between `AsyncListener.onTimeout` and
   `AsyncContext.dispatch`
 + 6254 Total timeout not enforced for queued requests
 + 6263 Review URI encoding in ConcatServlet & WelcomeFilter (CVE-2021-28169)
 + 6277 Better handle exceptions thrown from session destroy listener
   (CVE-2021-34428)
 + 6280 Copy ServletHolder class/instance properly during startWebapp

jetty-9.4.40.v20210413 - 13 April 2021
 + 6082 SslConnection compacting
 + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content
 + 6148 Jetty start.jar always reports jetty.tag.version as `master`
 + 6168 Improve handling of unconsumed content

jetty-11.0.2 - 26 March 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5828 Allow to create a WebSocketContainer passing HttpClient
 + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError
 + 5835 Review Durable Filters, Servlets and Listeners
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5994 QueuedThreadPool "free" threads
 + 5996 ERROR : No module found to provide logback-impl for
   logback-access{enabled}
 + 5999 HttpURI ArrayIndexOutOfBounds
 + 6001 Ambiguous URI legacy compliance mode
 + 6008 Allow absolute paths to be provided in start.ini for request log
   directory.
 + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong
   method taken
 + 6020 Review Jetty Maven Plugin scanning defaults
 + 6021 Standardize Path resolution in XmlConfiguration
 + 6024 Error starting jetty-10: Provider
   org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not
   found
 + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
 + 6034 SslContextFactory may select a wildcard certificate during SNI
   selection when a more specific SSL certificate is present
 + 6037 Review logging modules for j.u.l
 + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
 + 6063 Allow override of hazelcast version when using module
 + 6072 jetty server high CPU when client send data length > 17408 - Resolves
   CVE-2021-28165
 + 6076 Embedded Jetty throws null pointer exception
 + 6082 SslConnection compacting
 + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
   Message
 + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
 + 6102 Exclude webapps directory from deployment scan - Resolves
   CVE-2021-28163

jetty-10.0.2 - 26 March 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5828 Allow to create a WebSocketContainer passing HttpClient
 + 5832 Ctrl-C after jetty:run produces NoClassDefFoundError
 + 5835 Review Durable Filters, Servlets and Listeners
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5994 QueuedThreadPool "free" threads
 + 5996 ERROR : No module found to provide logback-impl for
   logback-access{enabled}
 + 5999 HttpURI ArrayIndexOutOfBounds
 + 6001 Ambiguous URI legacy compliance mode
 + 6008 Allow absolute paths to be provided in start.ini for request log
   directory.
 + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong
   method taken
 + 6020 Review Jetty Maven Plugin scanning defaults
 + 6021 Standardize Path resolution in XmlConfiguration
 + 6024 Error starting jetty-10: Provider
   org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not
   found
 + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
 + 6034 SslContextFactory may select a wildcard certificate during SNI
   selection when a more specific SSL certificate is present
 + 6037 Review logging modules for j.u.l
 + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
 + 6063 Allow override of hazelcast version when using module
 + 6072 jetty server high CPU when client send data length > 17408
   (CVE-2021-28165)
 + 6076 Embedded Jetty throws null pointer exception
 + 6082 SslConnection compacting
 + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
   Message
 + 6101 Normalize ambiguous URIs (CVE-2021-28164)
 + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163)

jetty-9.4.39.v20210325 - 25 March 2021
 + 6034 SslContextFactory may select a wildcard certificate during SNI
   selection when a more specific SSL certificate is present
 + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
 + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
   work on Android
 + 6063 Allow override of hazelcast version when using module
 + 6072 jetty server high CPU when client send data length > 17408 - Resolves
   CVE-2021-28165
 + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
   Message
 + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164
 + 6102 Exclude webapps directory from deployment scan - Resolves
   CVE-2021-28163

jetty-9.4.39.v20210325 - 25 March 2021
 + 6034 SslContextFactory may select a wildcard certificate during SNI
   selection when a more specific SSL certificate is present
 + 6050 Websocket: NotUtf8Exception after upgrade to 9.4.36 or newer
 + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to
   work on Android
 + 6063 Allow override of hazelcast version when using module
 + 6072 jetty server high CPU when client send data length > 17408
   (CVE-2021-28165)
 + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies"
   Message
 + 6101 Normalize ambiguous URIs (CVE-2021-28164)
 + 6102 Exclude webapps directory from deployment scan (CVE-2021-28163)

jetty-9.4.38.v20210224 - 24 February 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5963 Improve QuotedQualityCSV for CVE-2020-27223
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5994 QueuedThreadPool "free" threads
 + 5999 HttpURI ArrayIndexOutOfBounds
 + 6001 Ambiguous URI legacy compliance mode

jetty-9.4.38.v20210224 - 24 February 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5963 Improve QuotedQualityCSV (CVE-2020-27223)
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5994 QueuedThreadPool "free" threads
 + 5999 HttpURI ArrayIndexOutOfBounds
 + 6001 Ambiguous URI legacy compliance mode

jetty-11.0.1 - 19 February 2021
 + 1673 jetty-demo/etc/keystore should not be distributed
 + 4275 Path Normalization/Traversal - Context Matching
 + 4515 Validation extension should not downcast CoreSession
 + 5492 Add ability to manage start modules by java feature
 + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
 + 5605 Blocked IO Thread not woken
 + 5689 Jetty ssl keystorePath doesn't work with absolute path
 + 5706 The WebSocket ServerUpgradeResponse can produce NPE in jetty 10
 + 5725 Review Preventers
 + 5752 Fix Servlet 5 Schema redirects
 + 5755 Cannot configure maxDynamicTableSize on HTTP2Client
 + 5757 Review Inferred vs Assumed charsets
 + 5759 Update jakarta transaction, mail and injection apis
 + 5761 Remove unneeded dependencies from apache-jsp module
 + 5772 Fix jndi mail problem in jetty-11
 + 5779 Include can set pathInContext
 + 5783 Fix ConnectionStatistics.*Rate() methods
 + 5784 Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0
 + 5785 Reduce log level for WebSocket connections closed by clients
 + 5787 Make ManagedSelector report better JMX data
 + 5794 ServerConnector leaks closed sockets which can lead to file descriptor
   exhaustion
 + 5799 Allow specifying the duration an object can stay in a pool
 + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
 + 5830 Jetty-util contains wrong Import-Package
 + 5844 download flag to jetty-start causes NullPointerException
 + 5845 Use UTF-8 encoding for client basic auth if requested
 + 5850 NPE at Principal WebSocketSession.getUserPrincipal()
 + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
 + 5855 HttpClient may not send queued requests
 + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
 + 5866 Support Programmatic WebSocket upgrade in Jetty 10
 + 5868 Cleaning up request attributes after websocket upgrade in Jetty 10
 + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
   due to URI case comparison bug
 + 5872 Improve JMX support for Jetty logging
 + 5880 Move test-simple-webapp to demos
 + 5882 Simplify ALPN modules
 + 5901 Starting Jetty with JPMS produces warnings about Servlet resources not
   found
 + 5909 Cannot disable HTTP OPTIONS Method
 + 5933 ClientCertAuthenticator is not taking account SslContext configuration
 + 5937 Unnecessary blocking in ResourceService
 + 5939 Use unwrapped exception as exception type for error handling
 + 5941 Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse
   Glassfish
 + 5950 Deadlock due to logging inside classloaders
 + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
 + 5966 jetty-home should not have a webapps/ directory
 + 5973 Proxy client TLS authentication example
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5979 Configurable gzip Etag extension
 + 5992 Jetty 11 build still depends on apache-jstl

jetty-10.0.1 - 19 February 2021
 + 1673 jetty-demo/etc/keystore should not be distributed
 + 4275 Path Normalization/Traversal - Context Matching
 + 4515 Validation extension should not downcast CoreSession
 + 5492 Add ability to manage start modules by java feature
 + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
 + 5605 Blocked IO Thread not woken
 + 5689 Jetty ssl keystorePath doesn't work with absolute path
 + 5706 The WebSocket ServerUpgradeResponse can produce NPE in jetty 10
 + 5725 Review Preventers
 + 5755 Cannot configure maxDynamicTableSize on HTTP2Client
 + 5757 Review Inferred vs Assumed charsets
 + 5779 Include can set pathInContext
 + 5783 Fix ConnectionStatistics.*Rate() methods
 + 5784 Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0
 + 5785 Reduce log level for WebSocket connections closed by clients
 + 5787 Make ManagedSelector report better JMX data
 + 5794 ServerConnector leaks closed sockets which can lead to file descriptor
   exhaustion
 + 5799 Allow specifying the duration an object can stay in a pool
 + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
 + 5830 Jetty-util contains wrong Import-Package
 + 5844 download flag to jetty-start causes NullPointerException
 + 5845 Use UTF-8 encoding for client basic auth if requested
 + 5850 NPE at Principal WebSocketSession.getUserPrincipal()
 + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
 + 5855 HttpClient may not send queued requests
 + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
 + 5866 Support Programmatic WebSocket upgrade in Jetty 10
 + 5868 Cleaning up request attributes after websocket upgrade in Jetty 10
 + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
   due to URI case comparison bug
 + 5872 Improve JMX support for Jetty logging
 + 5880 Move test-simple-webapp to demos
 + 5882 Simplify ALPN modules
 + 5901 Starting Jetty with JPMS produces warnings about Servlet resources not
   found
 + 5909 Cannot disable HTTP OPTIONS Method
 + 5933 ClientCertAuthenticator is not taking account SslContext configuration
 + 5937 Unnecessary blocking in ResourceService
 + 5939 Use unwrapped exception as exception type for error handling
 + 5950 Deadlock due to logging inside classloaders
 + 5963 Improve QuotedQualityCSV (CVE-2020-27223)
 + 5966 jetty-home should not have a webapps/ directory
 + 5973 Proxy client TLS authentication example
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5979 Configurable gzip Etag extension

jetty-9.4.37.v20210219 - 19 February 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5492 Add ability to manage start modules by java feature
 + 5605 Blocked IO Thread not woken
 + 5787 Make ManagedSelector report better JMX data
 + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
 + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
 + 5909 Cannot disable HTTP OPTIONS Method
 + 5937 Unnecessary blocking in ResourceService
 + 5950 Deadlock due to logging inside classloaders
 + 5963 Improve QuotedQualityCSV - Resolves CVE-2020-27223
 + 5973 Proxy client TLS authentication example
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5979 Configurable gzip Etag extension

jetty-9.4.37.v20210219 - 19 February 2021
 + 4275 Path Normalization/Traversal - Context Matching
 + 5492 Add ability to manage start modules by java feature
 + 5605 Blocked IO Thread not woken
 + 5787 Make ManagedSelector report better JMX data
 + 5851 org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
 + 5859 Classloader leaks from ShutdownThread and QueuedThreadPool
 + 5909 Cannot disable HTTP OPTIONS Method
 + 5937 Unnecessary blocking in ResourceService
 + 5950 Deadlock due to logging inside classloaders
 + 5963 Improve QuotedQualityCSV (CVE-2020-27223)
 + 5973 Proxy client TLS authentication example
 + 5977 Cache-Control header set by a filter is override by the value from
   DefaultServlet configuration
 + 5979 Configurable gzip Etag extension

jetty-9.4.36.v20210114 - 14 January 2021
 + 5310 Jetty Http2 client discards the response frames when there is GOAWAY
   and sends RST_STREAM
 + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
 + 5633 Allow to configure HttpClient request authority
 + 5689 Jetty ssl keystorePath doesn't work with absolute path
 + 5755 Cannot configure maxDynamicTableSize on HTTP2Client
 + 5783 Fix ConnectionStatistics.*Rate() methods
 + 5785 Reduce log level for WebSocket connections closed by clients
 + 5794 ServerConnector leaks closed sockets which can lead to file descriptor
   exhaustion
 + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
 + 5830 Jetty-util contains wrong Import-Package
 + 5844 download flag to jetty-start causes NullPointerException
 + 5845 Use UTF-8 encoding for client basic auth if requested
 + 5855 HttpClient may not send queued requests
 + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
   due to URI case comparison bug

jetty-9.4.36.v20210114 - 14 January 2021
 + 5310 Jetty Http2 client discards the response frames when there is GOAWAY
   and sends RST_STREAM
 + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate
 + 5633 Allow to configure HttpClient request authority
 + 5689 Jetty ssl keystorePath doesn't work with absolute path
 + 5755 Cannot configure maxDynamicTableSize on HTTP2Client
 + 5783 Fix ConnectionStatistics.*Rate() methods
 + 5785 Reduce log level for WebSocket connections closed by clients
 + 5794 ServerConnector leaks closed sockets which can lead to file descriptor
   exhaustion
 + 5824 Build up of ConstraintMappings when stopping and starting WebAppContext
 + 5830 Jetty-util contains wrong Import-Package
 + 5844 download flag to jetty-start causes NullPointerException
 + 5845 Use UTF-8 encoding for client basic auth if requested
 + 5855 HttpClient may not send queued requests
 + 5870 jetty-maven-plugin fails to run ServletContainerInitializer on Windows
   due to URI case comparison bug

jetty-11.0.0 - 02 December 2020
 + 1923 GCThreadLeakPreventer won't work with Java 9
 + 4711 Reset trailers on recycled response
 + 5086 Review Scanner locking
 + 5272 The UserStore and PropertyUserStore classes are hard to re-use for
   caching eg JDBC data
 + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and
   sends RST_STREAM
 + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
   web application causes ClassCastException
 + 5486 PropertyFileLoginModule retains PropertyUserStores
 + 5488 jetty-dir.css not found when using JPMS
 + 5493 StatisticsHandler broken for async applications
 + 5521 ResourceCollection NPE in list()
 + 5535 Support regex in SslContextFactory include/exclude of protocols
 + 5539 StatisticsServlet output is not valid
 + 5555 NPE for servlet with no mapping
 + 5562 ArrayTernaryTrie consumes too much memory
 + 5575 Add SEARCH as a known HttpMethod
 + 5605 java.io.IOException: unconsumed input during http request parsing
 + 5633 Allow to configure HttpClient request authority
 + 5679 Distro argument --list-all-modules does not work
 + 5680 No way to see which modules are enabled for the distro
 + 5691 HttpInput may skip setting fill interest

jetty-10.0.0 - 02 December 2020
 + 1923 GCThreadLeakPreventer won't work with Java 9
 + 4711 Reset trailers on recycled response
 + 5272 The UserStore and PropertyUserStore classes are hard to re-use for
   caching eg JDBC data
 + 5310 Jetty Http2 client discards the response fames when there is GOAWAY and
   sends RST_STREAM
 + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
   web application causes ClassCastException
 + 5486 PropertyFileLoginModule retains PropertyUserStores
 + 5488 jetty-dir.css not found when using JPMS
 + 5493 StatisticsHandler broken for async applications
 + 5498 Review ServletHolder.getServlet
 + 5521 ResourceCollection NPE in list()
 + 5535 Support regex in SslContextFactory include/exclude of protocols
 + 5539 StatisticsServlet output is not valid
 + 5555 NPE for servlet with no mapping
 + 5562 ArrayTernaryTrie consumes too much memory
 + 5575 Add SEARCH as a known HttpMethod
 + 5605 java.io.IOException: unconsumed input during http request parsing
   (CVE-2020-27218)
 + 5633 Allow to configure HttpClient request authority
 + 5679 Distro argument --list-all-modules does not work
 + 5680 No way to see which modules are enabled for the distro
 + 5691 HttpInput may skip setting fill interest

jetty-9.4.35.v20201120 - 20 November 2020
 + 4711 Reset trailers on recycled response
 + 5486 PropertyFileLoginModule retains PropertyUserStores
 + 5539 StatisticsServlet output is not valid
 + 5562 ArrayTernaryTrie consumes too much memory
 + 5575 Add SEARCH as a known HttpMethod
 + 5605 java.io.IOException: unconsumed input during http request parsing -
   Resolves CVE-2020-27218
 + 5633 Allow to configure HttpClient request authority

jetty-9.4.35.v20201120 - 20 November 2020
 + 4711 Reset trailers on recycled response
 + 5486 PropertyFileLoginModule retains PropertyUserStores
 + 5539 StatisticsServlet output is not valid
 + 5562 ArrayTernaryTrie consumes too much memory
 + 5575 Add SEARCH as a known HttpMethod
 + 5605 java.io.IOException: unconsumed input during http request parsing
   (CVE-2020-27218)
 + 5633 Allow to configure HttpClient request authority

jetty-9.4.34.v20201102 - 02 November 2020
 + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
   web application causes ClassCastException
 + 5488 jetty-dir.css not found when using JPMS
 + 5498 ServletHolder lifecycle correctness
 + 5521 ResourceCollection NPE in list()
 + 5535 Support regex in SslContextFactory include/exclude of protocols
 + 5555 NPE for servlet with no mapping

jetty-9.4.34.v20201102 - 02 November 2020
 + 5320 Using WebSocketClient with jetty-websocket-httpclient.xml in a Jetty
   web application causes ClassCastException
 + 5488 jetty-dir.css not found when using JPMS
 + 5498 ServletHolder lifecycle correctness
 + 5521 ResourceCollection NPE in list()
 + 5535 Support regex in SslContextFactory include/exclude of protocols
 + 5555 NPE for servlet with no mapping

jetty-11.0.0.beta3 - 21 October 2020
 + 5022 Cleanup ServletHandler, specifically with respect to making filter
   chains more extensible
 + 5287 CompressionPools should use the new jetty-util Pool class
 + 5360 demo-spec module incorrectly depends on demo-jndi
 + 5368 WebSocket text event execute in same thread as running binary event and
   destroy Threadlocal
 + 5378 Filter/Servlet/Listener Holders are not started if added during
   STARTING state.
 + 5379 Better handling for wrong SNI
 + 5394 Quickstart does not inject/decorate objects
 + 5401 Move jetty-http-tools under the project root
 + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
 + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
   produced by ForwardedHeader
 + 5443 Request without Host header fails with NullPointerException in
   ForwardedRequestCustomizer
 + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10
 + 5451 Improve Working Directory creation
 + 5454 Request error context is not reset
 + 5475 Update to spifly 1.3.2 and asm 9
 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown

jetty-10.0.0.beta3 - 21 October 2020
 + 5022 Cleanup ServletHandler, specifically with respect to making filter
   chains more extensible
 + 5287 CompressionPools should use the new jetty-util Pool class
 + 5360 demo-spec module incorrectly depends on demo-jndi
 + 5368 WebSocket text event execute in same thread as running binary event and
   destroy Threadlocal
 + 5378 Filter/Servlet/Listener Holders are not started if added during
   STARTING state.
 + 5379 Better handling for wrong SNI
 + 5394 Quickstart does not inject/decorate objects
 + 5401 Move jetty-http-tools under the project root
 + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
 + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
   produced by ForwardedHeader
 + 5443 Request without Host header fails with NullPointerException in
   ForwardedRequestCustomizer
 + 5448 Request.isSecure() returns false for `https` schemes in Jetty 10
 + 5451 Improve Working Directory creation (CVE-2020-27216)
 + 5454 Request error context is not reset
 + 5475 Update to spifly 1.3.2 and asm 9
 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown

jetty-9.4.33.v20201020 - 20 October 2020
 + 5022 Cleanup ServletHandler, specifically with respect to making filter
   chains more extensible
 + 5368 WebSocket text event execute in same thread as running binary event and
   destroy Threadlocal
 + 5378 Filter/Servlet/Listener Holders are not started if added during
   STARTING state.
 + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
 + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
   produced by ForwardedHeader
 + 5443 Request without Host header fails with NullPointerException in
   ForwardedRequestCustomizer
 + 5451 Improve Working Directory creation - Resolves CVE-2020-27216
 + 5454 Request error context is not reset
 + 5475 Update to spifly 1.3.2 and asm 9
 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown

jetty-9.4.33.v20201020 - 20 October 2020
 + 5022 Cleanup ServletHandler, specifically with respect to making filter
   chains more extensible
 + 5368 WebSocket text event execute in same thread as running binary event and
   destroy Threadlocal
 + 5378 Filter/Servlet/Listener Holders are not started if added during
   STARTING state.
 + 5409 HttpClient fails intermittently with "Invalid response state TRANSIENT"
 + 5417 Badly configured HttpConfiguration.securePort can lead to wrong port
   produced by ForwardedHeader
 + 5443 Request without Host header fails with NullPointerException in
   ForwardedRequestCustomizer
 + 5451 Improve Working Directory creation (CVE-2020-27216)
 + 5454 Request error context is not reset
 + 5475 Update to spifly 1.3.2 and asm 9
 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown

jetty-11.0.0.beta2 - 02 October 2020
 + 1337 MultiPart Part.write(String fileName) - Write method used unexpected
   path
 + 1761 Make GzipHandler module more configurable
 + 2609 Make finding orphaned expired sessions common across SessionDataStores
 + 2796 HTTP/2 max local stream count exceeded when request fails
 + 3766 Introduce HTTP/2 API to batch frames
 + 3916 multipart/byterange output is invalid to RFC7233
 + 4430 Duplicate generation of servlets/filters/listeners from context xml
   with quickstart
 + 4572 Replace Jetty Logging with slf4j
 + 4736 Update Import-Package version start ranges
 + 4808 Review HttpClient Request header APIs
 + 4809 Set a max number of requests per connection
 + 4824 WebSocket server outgoing message queue memory growth
 + 4888 Request getSession() method throws IllegalStateException when Session
   exists
 + 4919 websocket container stop ordering
 + 4954 Simplify ability to get Byte Counts about requests
 + 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet()
 + 4988 The check for whether a mime type is gzipable modifies (lower-cases)
   the content type
 + 4996 Warning log printed when debug is enabled in AbstractLifecycle.java
 + 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate
 + 5018 WebSocketClient connect / upgrade timeout not configurable
 + 5019 Automatically hot-reload SSL certificates if keystore file changed
 + 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle
   events
 + 5025 dispatcher.include() with welcome files lead to stack overflow error
 + 5029 Open redirect when sending custom Host header to URL with no trailing
   forward-slash
 + 5032 Introduce Listeners to aid in tracking timings within ServletContext
   and WebApp
 + 5043 WebSocketListener anonymous classes should be invocable
 + 5044 Jetty WebSocket UpgradeRequest & UpgradeResponse types in Jetty 10
 + 5053 CWE-331 in DigestAuthentication class
 + 5057 `javax.servlet.include.context_path` attribute on root context. should
   be empty string, but is `"/"`
 + 5064 NotSerializableException for OpenIdConfiguration
 + 5079 authority header for IPv6 address not having square brackets
 + 5083 Convert synchronized usages to AutoLock
 + 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter
 + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2
   client
 + 5104 AbstractProxyServlet include incorrect protocol version in Via header
   when accessed over H2
 + 5105 Graceful shutdown does not wait for resumed requests
 + 5108 Improve SessionTracker scalability
 + 5122 Retrieving websocket connections via jmx
 + 5129 No jars added when using a folder in extraClasspath of the webapp
   context xml file
 + 5133 Improve ResourceFactory and Resource list handling
 + 5147 Set MaxUsageCount with existing connection pool changing the behavior
 + 5150 Zero connection timeout is not supported in HTTP client with
   non-blocking connect
 + 5152 HttpClient should handle unsolicited responses
 + 5162 DecoratingListener raises a NullPointerException
 + 5165 Wrong messagesIn count for HttpClient
 + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client
   Upgrade
 + 5171 GzipHandler Vary head should be configurable
 + 5174 Reorganize jetty-distribution in version 10.0.0 to encourage jetty-home
   vs jetty-base split
 + 5178 Update to asm 8.0.1
 + 5185 Introduce DoSFilter Listener for Alert messages
 + 5193 WebSocket unimplemented BINARY message handling can result in TEXT
   message delivery to fail
 + 5198 Update GzipHandler
 + 5201 QueuedThreadPool setDetailedDump gives less detail
 + 5204 SNI does not work with PKIX
 + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE
 + 5217 Review RoundRobinConnectionPool
 + 5224 HttpServletRequest.getServerName can include port when using
   ForwardedRequestCustomizer
 + 5233 Bad/Unsupported HTTP version should return 505 not 400
 + 5246 GzipHandler's DeflaterPool should be dumpable
 + 5247 Improve ForwardRequestCustomizer authority priority
 + 5254 Short list of Jetty modules
 + 5256 Cleanup Jetty 10 Start
 + 5263 Introduce jetty-home contamination warning
 + 5264 Create demo module
 + 5268 WARN Ignoring eviction setting: 0
 + 5280 Remove unused methods on SessionHandler
 + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415
   Unsupported Media Type
 + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty
   10, but a valid value on Jetty 9
 + 5316 Review <Map> element in Jetty XML
 + 5317 Remove jetty-all from Jetty 10
 + 5324 Jetty XML <Get> should support nested elements
 + 5327 NPE from jetty test webapp
 + 5357 Update http://eclipse.org to https://eclipse.org in source
 + 5360 demo-spec module incorrectly depends on demo-jndi
 + 5362 Default ProxyServlet cannot proxy to https urls
 + 5365 org.eclipse.jetty.server.Request throws NullPointerException if
   SessionHandler newHttpSession returns null

jetty-10.0.0.beta2 - 02 October 2020
 + 1337 MultiPart Part.write(String fileName) - Write method used unexpected
   path
 + 1761 Make GzipHandler module more configurable
 + 2609 Make finding orphaned expired sessions common across SessionDataStores
 + 2796 HTTP/2 max local stream count exceeded when request fails
 + 3766 Introduce HTTP/2 API to batch frames
 + 3916 multipart/byterange output is invalid to RFC7233
 + 4430 Duplicate generation of servlets/filters/listeners from context xml
   with quickstart
 + 4572 Replace Jetty Logging with slf4j
 + 4736 Update Import-Package version start ranges
 + 4808 Review HttpClient Request header APIs
 + 4809 Set a max number of requests per connection
 + 4824 WebSocket server outgoing message queue memory growth
 + 4888 Request getSession() method throws IllegalStateException when Session
   exists
 + 4919 websocket container stop ordering
 + 4954 Simplify ability to get Byte Counts about requests
 + 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet()
 + 4988 The check for whether a mime type is gzipable modifies (lower-cases)
   the content type
 + 4996 Warning log printed when debug is enabled in AbstractLifecycle.java
 + 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate
 + 5018 WebSocketClient connect / upgrade timeout not configurable
 + 5019 Automatically hot-reload SSL certificates if keystore file changed
 + 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle
   events
 + 5025 dispatcher.include() with welcome files lead to stack overflow error
 + 5029 Open redirect when sending custom Host header to URL with no trailing
   forward-slash
 + 5032 Introduce Listeners to aid in tracking timings within ServletContext
   and WebApp
 + 5043 WebSocketListener anonymous classes should be invocable
 + 5044 Jetty WebSocket UpgradeRequest & UpgradeResponse types in Jetty 10
 + 5053 CWE-331 in DigestAuthentication class
 + 5057 `javax.servlet.include.context_path` attribute on root context. should
   be empty string, but is `"/"`
 + 5064 NotSerializableException for OpenIdConfiguration
 + 5069 HttpClientTimeoutTests can occasionally fail due to unreachable network
 + 5079 authority header for IPv6 address not having square brackets
 + 5081 Review HouseKeeper locking
 + 5083 Convert synchronized usages to AutoLock
 + 5096 using JettyWebSocketServlet without having a WebSocketUpgradeFilter
 + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2
   client
 + 5104 AbstractProxyServlet include incorrect protocol version in Via header
   when accessed over H2
 + 5105 Graceful shutdown does not wait for resumed requests
 + 5108 Improve SessionTracker scalability
 + 5122 Retrieving websocket connections via jmx
 + 5129 No jars added when using a folder in extraClasspath of the webapp
   context xml file
 + 5133 Improve ResourceFactory and Resource list handling
 + 5137 WebAppContext Tests need cleanup
 + 5147 Set MaxUsageCount with existing connection pool changing the behavior
 + 5150 Zero connection timeout is not supported in HTTP client with
   non-blocking connect
 + 5152 HttpClient should handle unsolicited responses
 + 5162 DecoratingListener raises a NullPointerException
 + 5165 Wrong messagesIn count for HttpClient
 + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client
   Upgrade
 + 5171 GzipHandler Vary head should be configurable
 + 5174 Remove jetty-distribution in favor of jetty-home
 + 5178 Update to asm 8.0.1
 + 5185 Introduce DoSFilter Listener for Alert messages
 + 5193 WebSocket unimplemented BINARY message handling can result in TEXT
   message delivery to fail
 + 5198 Update GzipHandler
 + 5201 QueuedThreadPool setDetailedDump gives less detail
 + 5204 SNI does not work with PKIX
 + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE
 + 5217 Review RoundRobinConnectionPool
 + 5224 HttpServletRequest.getServerName can include port when using
   ForwardedRequestCustomizer
 + 5233 Bad/Unsupported HTTP version should return 505 not 400
 + 5246 GzipHandler's DeflaterPool should be dumpable
 + 5247 Improve ForwardRequestCustomizer authority priority
 + 5254 Short list of Jetty modules
 + 5256 Cleanup Jetty 10 Start
 + 5263 Introduce jetty-home contamination warning
 + 5264 Create demo module
 + 5268 WARN Ignoring eviction setting: 0
 + 5280 Remove unused methods on SessionHandler
 + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415
   Unsupported Media Type
 + 5304 HTTP/2 with HttpServletRequest.getHeader("Host") returns null on Jetty
   10, but a valid value on Jetty 9
 + 5316 Review <Map> element in Jetty XML
 + 5317 Remove jetty-all from Jetty 10
 + 5321 javadoc:aggregate-jar broken in Jetty 10
 + 5324 Jetty XML <Get> should support nested elements
 + 5327 NPE from jetty test webapp
 + 5357 Update http://eclipse.org to https://eclipse.org in source
 + 5360 demo-spec module incorrectly depends on demo-jndi
 + 5362 Default ProxyServlet cannot proxy to https urls
 + 5365 org.eclipse.jetty.server.Request throws NullPointerException if
   SessionHandler newHttpSession returns null

jetty-9.4.32.v20200930 - 30 September 2020
 + 2796 HTTP/2 max local stream count exceeded when request fails
 + 3766 Introduce HTTP/2 API to batch frames
 + 3916 multipart/byterange output is invalid to RFC7233
 + 4809 Set a max number of requests per connection
 + 4824 WebSocket server outgoing message queue memory growth
 + 4888 Request getSession() method throws IllegalStateException when Session
   exists
 + 4954 Simplify ability to get Byte Counts about requests
 + 5032 Introduce Listeners to aid in tracking timings within ServletContext
   and WebApp
 + 5079 authority header for IPv6 address not having square brackets
 + 5103 Proxy sets protocol version to 2.0 instead of 1.1 when accessed from H2
   client
 + 5104 AbstractProxyServlet include incorrect protocol version in Via header
   when accessed over H2
 + 5105 Graceful shutdown does not wait for resumed requests
 + 5108 Improve SessionTracker scalability
 + 5121 Add if (LOG.isDebugEnabled()) in CompressExtension.decompress
 + 5122 Retrieving websocket connections via jmx
 + 5129 No jars added when using a folder in extraClasspath of the webapp
   context xml file
 + 5147 Set MaxUsageCount with existing connection pool changing the behavior
 + 5150 Zero connection timeout is not supported in HTTP client with
   non-blocking connect
 + 5152 HttpClient should handle unsolicited responses
 + 5162 DecoratingListener raises a NullPointerException
 + 5165 Wrong messagesIn count for HttpClient
 + 5170 NullPointerException in HttpReceiverOverHTTP during WebSocket client
   Upgrade
 + 5185 Introduce DoSFilter Listener for Alert messages
 + 5193 WebSocket unimplemented BINARY message handling can result in TEXT
   message delivery to fail
 + 5201 QueuedThreadPool setDetailedDump gives less detail
 + 5204 SNI does not work with PKIX
 + 5214 Servlet HEAD doesn't support content-length over Integer.MAX_VALUE
 + 5217 Review RoundRobinConnectionPool
 + 5224 HttpServletRequest.getServerName can include port when using
   ForwardedRequestCustomizer
 + 5233 Bad/Unsupported HTTP version should return 505 not 400
 + 5246 GzipHandler's DeflaterPool should be dumpable
 + 5247 Improve ForwardRequestCustomizer authority priority
 + 5268 WARN Ignoring eviction setting: 0
 + 5285 Per RFC7694, if a Content-Encoding isn't recognized, reject with 415
   Unsupported Media Type
 + 5362 Default ProxyServlet cannot proxy to https urls
 + 5365 org.eclipse.jetty.server.Request throws NullPointerException if
   SessionHandler newHttpSession returns null

jetty-9.4.31.v20200723 - 23 July 2020
 + 1100 JSR356 Encoder#init is not called when created on demand
 + 4736 Update Import-Package version start ranges
 + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
   SETTINGS Frame.
 + 4904 WebsocketClient creates more connections than needed
 + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2
   session
 + 4967 Possible buffer corruption in HTTP/2 session failures
 + 4971 Simplify Connection.upgradeFrom()/upgradeTo()
 + 4976 HttpClient async content throws NPE in DEBUG log
 + 4981 Incorrect example for TryFilesFilter API docs
 + 4985 Fix NPE related to use of Attributes.Wrapper getAttributeNameSet()
 + 4989 Prevent parsing of module-info.class in OSGi bundles
 + 5000 NPE from Server.dump of FilterMapping
 + 5013 Bundle-ClassPath and lib place on WEB-INF/lib make classpath duplicate
 + 5018 WebSocketClient connect / upgrade timeout not configurable
 + 5019 Automatically hot-reload SSL certificates if keystore file changed
 + 5020 LifeCycle.Listener not called for Filter/Servlet/Listener lifecycle
   events
 + 5025 dispatcher.include() with welcome files lead to stack overflow error
 + 5053 CWE-331 in DigestAuthentication class
 + 5057 `javax.servlet.include.context_path` attribute on root context. should
   be empty string, but is `"/"`
 + 5064 NotSerializableException for OpenIdConfiguration

jetty-11.0.0.beta1 - 10 July 2020
 + 1100 JSR356 Encoder#init is not called when created on demand
 + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest
 + 3428 Support Decoder lists on javax.websocket endpoints
 + 4776 Incorrect path matching for WebSocket using PathMappings
 + 4826 Upgrade to Apache Jasper 8.5.54
 + 4855 occasional h2spec failures on jenkins
 + 4877 Review PathSpec classes
 + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
   SETTINGS Frame.
 + 4903 Give better errors for non public Websocket Endpoints
 + 4904 WebsocketClient creates more connections than needed
 + 4920 Restore ability to delete sessions on stop
 + 4921 Quickstart run improperly runs dynamically added context initializers
 + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
   before
 + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
 + 4936 Response header overflow leads to buffer corruptions
 + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2
   session
 + 4967 Possible buffer corruption in HTTP/2 session failures
 + 4971 Simplify Connection.upgradeFrom()/upgradeTo()
 + 4976 HttpClient async content throws NPE in DEBUG log
 + 4981 Incorrect example for TryFilesFilter API docs
 + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from
   9.4.26 to 9.4.30
 + 4989 annotation get NPE when parse library contain module-info.class
   (example jakarta.xml.ws-api_2.3.2.jar)
 + 5000 NPE from Server.dump of FilterMapping
 + 5018 WebSocketClient upgrade request timeout not configurable

jetty-10.0.0.beta1 - 10 July 2020
 + 1100 JSR356 Encoder#init is not called when created on demand
 + 2540 Flaky test: org.eclipse.jetty.client.ConnectionPoolTest
 + 3428 Support Decoder lists on javax.websocket endpoints
 + 4741 getHttpServletMapping for async dispatch
 + 4776 Incorrect path matching for WebSocket using PathMappings
 + 4826 Upgrade to Apache Jasper 8.5.54
 + 4855 occasional h2spec failures on jenkins
 + 4877 Review PathSpec classes
 + 4885 setCookie() must not change the headers in a response during an include
 + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
   SETTINGS Frame.
 + 4903 Give better errors for non public Websocket Endpoints
 + 4904 WebsocketClient creates more connections than needed
 + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro
 + 4920 Restore ability to delete sessions on stop
 + 4921 Quickstart run improperly runs dynamically added context initializers
 + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
   before
 + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
 + 4936 Response header overflow leads to buffer corruptions
 + 4965 WINDOW_UPDATE for locally failed stream should not close the HTTP/2
   session
 + 4967 Possible buffer corruption in HTTP/2 session failures
 + 4971 Simplify Connection.upgradeFrom()/upgradeTo()
 + 4976 HttpClient async content throws NPE in DEBUG log
 + 4981 Incorrect example for TryFilesFilter API docs
 + 4985 NPE related to WebSocket with Vaadin / Atmosphere after switching from
   9.4.26 to 9.4.30
 + 4989 annotation get NPE when parse library contain module-info.class
   (example jakarta.xml.ws-api_2.3.2.jar)
 + 5000 NPE from Server.dump of FilterMapping
 + 5018 WebSocketClient upgrade request timeout not configurable

jetty-9.4.30.v20200611 - 11 June 2020
 + 4776 Incorrect path matching for WebSocket using PathMappings
 + 4826 Upgrade to Apache Jasper 8.5.54
 + 4855 occasional h2spec failures on jenkins
 + 4873 Server.join not working when used with ExecutorThreadPool
 + 4885 setCookie() must not change the headers in a response during an include
 + 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in
   SETTINGS Frame.
 + 4894 JDBCSessionDataStore fails to create multiple JettySessions for server
   with multiple databases
 + 4903 Give better errors for non public Websocket Endpoints
 + 4904 WebsocketClient creates more connections than needed
 + 4913 DirectoryNotEmptyException when using mvn jetty:run-distro
 + 4920 Restore ability to delete sessions on stop
 + 4921 Quickstart run improperly runs dynamically added context initializers
 + 4923 SecureRequestCustomizer.SslAttributes does not cache cert chain like
   before
 + 4929 HttpClient: HttpCookieStore.Empty prevents sending cookies
 + 4936 Response header overflow leads to buffer corruptions (CVE-2019-17638)

jetty-11.0.0-alpha0 - 30 May 2020

jetty-9.4.29.v20200521 - 21 May 2020
 + 2188 Lock contention creating HTTP/2 streams
 + 4235 communicate the reason of failure to the OpenID error page
 + 4695 HttpChannel recycling in h2
 + 4764 HTTP2 Jetty Server does not send back content-length
 + 4778 Enforcing SNI when there are only non-wildcards certificates
 + 4787 Make org.eclipse.jetty.client.HttpRequest's host name writable
 + 4789 org.eclipse.jetty.util.thread.ShutdownThread should use an appropriate
   name to identify itself in Thread dump
 + 4798 Better handling of fatal Selector failures
 + 4814 Allow a ConnectionFactory (eg SslConnectionFactory) to automatically
   add a Customizer
 + 4820 Jetty OSGi DefaultJettyAtJettyHomeHelper refers to non-existent config
   file
 + 4824 WebSocket server outgoing message queue memory growth
 + 4828 NIO ByteBuffer corruption in embedded Jetty server
 + 4835 GzipHandler and GzipHttpOutputInterceptor do not flush response when
   body is empty
 + 4860 org.eclipse.jetty.server.HttpChannel busyloop on HttpFields
   NullPointerException
 + 4861 Combine `AttributesMap` and `Attributes.Wrapper`
 + 4868 Update to asm 7.3.1
 + 4892 Non-blocking JSON parser
 + 4895 AbstractSessionCache.setFlushOnResponseCommit(true) can write an
   invalid session to the backing store

jetty-9.4.28.v20200408 - 08 April 2020
 + 847 Setting async timeout on WebSocketClient does not seem to timeout writes
 + 2896 Wrong Certificate Selected When Using Multiple Virtual Host Names in
   Conscrypt
 + 4443 Track backport of ALPN APIs to Java 8
 + 4529 ErrorHandler showing servlet info, can not be disabled unless
   overriding most of its functionality
 + 4542 servlet context root mapping incorrect
 + 4619 Inconsistent library versions notice
 + 4620 Using console-capture with StdErrLog results in empty log file
 + 4621 jetty-jaspi in jetty-all uber aggregate artifact requires
   javax.security.auth.message.AuthException which cannot be included
 + 4628 Add support for conditional module dependencies in jetty-start
 + 4631 Startup XmlConfiguration WARN on Arg threadpool
 + 4638 maxFormContentSize fix in Issue #3856 broke JenkinsCI/Winstone
 + 4644 no injection of env-entry if env-entry-value is whitespace only or
   missing
 + 4645 Empty "X-Forwarded-Port" header results in NumberFormatException
 + 4647 Hazelcast remote.xml configuration file do not configure hazelcast
   remote addresses
 + 4650 Do not use ServiceLoader every time a WebSocketSession is created
 + 4654 Hazelcast configurationLocation is not configurable via mod files
 + 4662 Jetty 9.4.x calls ServletContextListener.contextDestroyed() too early
 + 4671 CustomRequestLog throws NullPointerException when no request cookie is
   present
 + 4673 Short reads break form-data multipart parsing
 + 4676 ALPN support for Java 15
 + 4682 "UnreadableSessionDataException Unreadable session ..." after upgrading
   to 9.4.27
 + 4693 Version 9.4.25 breaks binary compatibility by renaming
   Response.closeOutput()
 + 4699 ServletContainerInitializer.onStartUp is not called with maven jar
   packaging using Jetty Maven Plugin
 + 4711 Reset trailers on recycled response
 + 4714 Low setMaxConcurrentStreams causes "1/unexpected_data_frame" errors
 + 4735 Get env variables in PHP scripts served through FastCGIProxyServlet
 + 4737 PreDestroy not called for non-async and run-as servlets
 + 4739 @RunAs not honoured on servlets
 + 4751 Refresh NetworkTraffic* classes

jetty-9.4.27.v20200227 - 27 February 2020
 + 3247 Generate jetty-maven-plugin website
 + 4247 Cookie security attributes are going to mandated by Google Chrome
 + 4360 Upgrade to Apache Jasper 8.5.49
 + 4475 WebSocket JSR356 implementation not honoring javadoc of MessageHandler
   on Whole<Reader>
 + 4495 Review ReservedThreadExecutor's concurrency model
 + 4504 X-Forwarded-Server header overwrites X-Forwarded-Host
 + 4520 Jetty jdbc session manager causing exceptions for violating primary key
   in inserting session in the table
 + 4529 ErrorHandler showing servlet info, can not be disabled unless
   overriding most of its functionality
 + 4533 Reinstate hard close in dispatcher
 + 4537 High CPU on Jetty Websocket thread
 + 4541 Jetty server always allocates maximum response header size
 + 4550 XmlConfiguration constructor selection based on number of arguments
 + 4567 Jetty logging supporting Throwable as last argument
 + 4573 Order dependency of X-Forwarded-Host and X-Forwarded-Port
 + 4575 Stopping ReservedThreadExecutor may hang
 + 4577 request getPathInfo returns null
 + 4594 ServletContextListeners added to destroyServletContextListeners in
   ContextHandler::startContext() are not removed by
   ContextHandler::removeEventListener()
 + 4606 DateCache.formatNow(long now) does not honor the passed in long
 + 4612 ReservedThreadExecutor hangs when the last reserved thread idles out

jetty-9.4.26.v20200117 - 17 January 2020
 + 2620 Exception from user endpoint onClose results in unclosed
   WebSocketSession
 + 4383 Errors deleting multipart tmp files java.lang.NullPointerException
   under heavy load
 + 4444 TLS Connection Timeout Intermittently
 + 4461 IllegalStateException in HttpOutput with Jersey

jetty-9.4.25.v20191220 - 20 December 2019
 + 995 UrlEncoded.encodeString should skip more characters
 + 2195 Add parameter expansion to start.jar --exec parameters
 + 3512 File descriptor is not released after zip file uploaded via
   jetty-client
 + 3730 WebSocketClient constructor cleanup (and deprecations)
 + 4269 ResponseWriter should not throw RuntimeIOExceptions
 + 4323 QOS Filter does not handle IllegalStateException and never releases
   passes
 + 4329 rewrite prevents URL session tracking
 + 4331 Improve handling of HttpOutput.close() for pending writes
 + 4350 Deprecated MultiPartInputStreamParser still used in jetty-server
   (MultiPartsUtilParser) but OSGi ExportPackage suppressed
 + 4351 Servlet.service called before Servlet.init is finished when servlet is
   lazily initialized
 + 4363 jetty-maven-plugin no longer processes supplied context.xml-file
 + 4366 HTTP client uses SOCKS4 proxy hostname for SSL hostname verification
 + 4374 Jetty client: Response.AsyncContentListener.onContent is not called
 + 4376 Async Content Complete bug results in
   org.eclipse.jetty.io.EofException: Async closed
 + 4385 Limit new UnsupportedOperationException to direct base class
   SslContextFactory usage
 + 4392 Suppress logging of QuietException in HttpChannelState.asyncError()
 + 4402 NPE in JettyRunWarExplodedMojo
 + 4411 Jetty server spins on incomplete request due to delayed dispatch until
   content
 + 4415 GzipHandler invalid input zip size on large (over 2,147,483,647 bytes)
   request body content
 + 4421 HttpClient support for PROXY protocol
 + 4427 Retried HttpClient Requests can result in duplicates cookies

jetty-9.4.24.v20191120 - 20 November 2019
 + 3083 The ini-template for jetty.console-capture.dir does not match the
   default value
 + 4128 OpenIdCredetials can't decode JWT ID token
 + 4334 Better test ErrorHandler changes (CVE-2019-17632)

jetty-9.4.23.v20191118 - 18 November 2019
 + 1485 Add systemd service file
 + 2266 Jetty maven plugin reload is triggered each time the
   `scanIntervalSeconds` pass
 + 2340 Remove raw ServletHandler usage examples from documentation
 + 2709 current default for headerCacheSize is not large enough for many
   requests
 + 3863 Enforce use of SNI
 + 3869 Update to ASM 7.2 for jdk 13
 + 4033 Ignore bad percent encodings in paths during
   URIUtil.equalsIgnoreEncodings()
 + 4138 OpenID module should use HttpClient instead of HttpURLConnection
 + 4156 IllegalStateException when forwarding to jsp with new session
 + 4161 Regression: EofException: request lifecycle violation
 + 4173 NullPointerException warning in log from WebInfConfiguration after
   upgrade
 + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
 + 4236 clean up redirect code calculation for OpenIdAuthenticator
 + 4237 simplify openid module configuration
 + 4240 CGI form post results in 500 response if no character encoding
 + 4243 ErrorHandler produces invalid json error response
 + 4247 Cookie security attributes are going to mandated by Google Chrome
 + 4248 Websocket client UpgradeListener never reports success
 + 4251 Http 2.0 clients cannot upgrade protocol
 + 4258 RateControl should be per-connection
 + 4264 Spring Boot BasicErrorController no longer invoked
 + 4265 HttpChannel SEND_ERROR should use ErrorHandler.doError()
 + 4277 Reading streamed gzipped body never terminates
 + 4279 Regression: ResponseWriter#close blocks indefinitely
 + 4282 Review HttpParser handling in case of no content
 + 4283 Wrong package for OpenJDK8ClientALPNProcessor
 + 4284 Possible NullPointerException in Main.java when stopped from command
   line
 + 4287 Move getUriLastPathSegment(URI uri) to URIUtil
 + 4296 Unable to create WebSocket connect if the query string of the URL has %
   symbol.
 + 4301 Demand beforeContent is not forwarded
 + 4305 Jetty server ALPN shall alert fatal no_application_protocol if no
   client application protocol is supported
 + 4325 Deprecate SniX509ExtendedKeyManager constructor without
   SslContextFactory$Server

jetty-9.3.28.v20191105 - 05 November 2019
 + 3989 Inform custom ManagedSelector of dead selector via optional
   onFailedSelect()
 + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop

jetty-9.2.29.v20191105 - 05 November 2019
 + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop

jetty-9.4.22.v20191022 - 22 October 2019
 + 2429 HttpClient backpressure improved
 + 3558 Error notifications can be received after a successful websocket
 + 3787 Jetty client sometimes returns EOFException instead of
   SSLHandshakeException on certificate errors.
 + 3913 Clustered HttpSession IllegalStateException: Invalid for read
 + 3989 Inform custom ManagedSelector of dead selector via optional
   onFailedSelect()
 + 4096 Thread in ReservedThreadExecutor does not exit when stopped
 + 4104 Frames are sent through ExtensionStack even if WebSocket Session is
   closed
 + 4105 QueuedThreadPool increased thread usage and no idle thread decay
 + 4115 Drop HTTP/2 pseudo headers
 + 4121 QueuedThreadPool should support ThreadFactory behaviors
 + 4122 QueuedThreadPool should reset thread interrupted on failed run
 + 4128 OpenIdCredetials can't decode JWT ID token
 + 4132 Should be possible to use OIDC without metadata
 + 4141 ClassCastException with non-async Servlet + async Filter +
   HttpServletRequestWrapper
 + 4142 Configurable HTTP/2 RateControl
 + 4144 Naked cast to Request should be avoided
 + 4156 IllegalStateException when forwarding to jsp with new session
 + 4158 Behaviour change in session handling in 9.4.21.v20190926
 + 4170 Client-side alias selection based on SSLEngine
 + 4174 ConcurrentModificationException when stopping jetty:run-war
 + 4176 Should not set header if sendError has been called
 + 4177 Configure HTTP proxy with SslContextFactory
 + 4179 Improve HttpChannel$SendCallback references for GC
 + 4183 Jetty considers bootstrap injected class to be a "server class"
 + 4188 Spin in HttpOutput.close
 + 4190 Jetty hangs after thread blocked in SharedBlockingCallback.block()
   called by HttpOutput.close
 + 4191 Increase GzipHandler minGzipSize default size
 + 4193 InetAccessHandler - new includeConnectors/excludeConnectors not quite
   correct anymore
 + 4201 Throw SSLHandshakeException in case of TLS handshake failures
 + 4203 Some Transfer-Encoding and Content-Length combinations do not result in
   expected 400 Bad Request
 + 4204 Transfer-Encoding behavior does not follow RFC7230
 + 4208 Regression in Jetty 9.4.21: 304 response with Content-Length fails
 + 4209 Unused TLS connection is not closed in Java 11
 + 4217 SslConnection.DecryptedEnpoint.flush eternal busy loop
 + 4227 First authorization request produced by OIDC module fails due to
   inclusion of sessionid

jetty-9.4.21.v20190926 - 26 September 2019
 + Includes fixes for CVE-2019-9511, CVE-2019-9512, CVE-2019-9514,
   CVE-2019-9515, CVE-2019-9516, and CVE-2019-9518
 + 97 Permanent UnavailableException thrown during servlet request handling
   should cause servlet destroy
 + 137 Support OAuth
 + 155 No way to set keystore for JSR 356 websocket clients, needed for SSL
   client authentication
 + 1036 Allow easy configuration of Scheduler-Threads and name them more
   appropriate
 + 2815 HPack fields are opaque octets
 + 3040 Allow RFC6265 Cookies to include optional SameSite attribute
 + 3106 WebSocket connection stats and request stats
 + 3734 WebSocket suspend when input closed
 + 3747 Make Jetty Demo work with JPMS
 + 3806 Error Page handling Async race with ProxyServlet
 + 3913 Clustered HttpSession IllegalStateException: Invalid for read
 + 3936 Race condition when modifying session + sendRedirect()
 + 3956 Remove and warn on use of illegal HTTP/2 response headers
 + 3964 Improve efficiency of listeners
 + 3968 WebSocket sporadic ReadPendingException using suspend/resume
 + 3978 HTTP/2 fixes for robustly handling abnormal traffic and resource
   exhaustion
 + 3983 JarFileResource incorrectly lists the contents of directories with
   spaces
 + 3985 Improve lenient Cookie parsing
 + 3989 Inform custom ManagedSelector of dead selector via optional
   onFailedSelect()
 + 4000 Add SameFileAliasChecker to help with FileSystem static file access
   normalization on Mac and Windows
 + 4007 NullPointerException while trying to run jetty start.run on Windows
 + 4009 ServletContextHandler setSecurityHandler broke handler chain
 + 4020 Revert WebSocket ExtensionFactory change to interface
 + 4022 Servlet which is added by ServletRegistration can't be started
 + 4025 Provide more write-through behaviours for DefaultSessionCache
 + 4027 Ensure AbstractSessionDataStore cannot be used unless it is started
 + 4033 Ignore bad percent encodings in paths during
   URIUtil.equalsIgnoreEncodings()
 + 4047 Gracefully stopped Jetty not flushing all response data
 + 4048 Multiple values in X-Forwarded-Port throw NumberFormatException
 + 4057 NullPointerException in o.e.j.h.HttpFields
 + 4064 NullPointerException initializing embedded servlet
 + 4075 Do not fail on servlet-mapping with url-pattern /On*
 + 4082 NullPointerExceptoin while Debug logging in client
 + 4084 Use of HttpConfiguration.setBlockingTimeout(long) in jetty.xml produces
   warning on jetty-home startup
 + 4105 Cleanup of Idle thread count in QueuedThreadPool
 + 4113 HttpClient fails with JDK 13 and TLS 1.3

jetty-9.4.20.v20190813 - 13 August 2019
 + 300 Implement Deflater / Inflater Object Pool
 + 2061 WebSocket hangs in blockingWrite
 + 3601 HTTP2 stall on reset streams
 + 3648 javax.websocket client container incorrectly creates Server
   SslContextFactory
 + 3698 Missing WebSocket ServerContainer after server restart
 + 3708 Swap various java.lang.String replace() methods for better performant
   ones
 + 3736 NPE from WebAppClassLoader during CDI
 + 3746 ClassCastException in WriteFlusher.java - IdleState cannot be cast to
   FailedState
 + 3749 Memory leak while processing AsyncListener annotations
 + 3755 ServerWithAnnotations doesn't do anything
 + 3758 Avoid sending empty trailer frames for http/2 requests
 + 3782 X-Forwarded-Port overrides X-Forwarded-For
 + 3786 ALPN support for Java 14
 + 3798 ClasspathPattern match method throws NPE. URI can be null
 + 3799 Programmatically added listeners from
   ServletContextListener.contextInitialzed() are not called
 + 3804 Weld/CDI XML backwards compat
 + 3805 XmlConfiguration odd behavior for numbers
 + 3806 The error page handler didn't process correctly in proxy
 + 3815 PropertyFileLoginModule adds user principle as a role
 + 3822 trustAll will not work on some servers
 + 3829 Avoid sending empty trailer frames for http/2 responses
 + 3835 WebSocketSession are not being stopped properly
 + 3840 Byte-range request performance problems with large files
 + 3856 Different behaviour with maxFormContentSize=0 if Content-Length header
   is present/missing
 + 3876 WebSocketPartialListener is only called for initial frames, not for
   continuation frames
 + 3884 @WebSocket without @OnWebSocketMessage handler fails when receiving a
   continuation frame
 + 3888 BufferUtil.toBuffer(Resource resource,boolean direct) does not like
   large (4G+) Resources
 + 3906 Fix for #3840 breaks Path encapsulation in PathResource
 + 3929 Deadlock between new HTTP2Connection() and Server.stop()
 + 3940 Double initialization of Log
 + 3957 CustomRequestLog bad usage of MethodHandles.lookup()
 + 3960 Fix HttpConfiguration copy constructor
 + 3969 X-Forwarded-Port header customization isn't possible

jetty-9.4.19.v20190610 - 10 June 2019
 + 2909 Remove B64Code
 + 3332 jetty-maven-plugin - transitive dependencies not loaded from
   "target/classes"
 + 3498 WebSocket Session.suspend() now suspends incoming frames instead of
   reads
 + 3534 Use System nanoTime, not currentTimeMillis for IdleTimeout
 + 3550 Server becomes unresponsive after sitting idle from a load spike
 + 3562 InetAccessHandler should be able to apply to a certain port or
   connector
 + 3568 Make UserStore able to be started/stopped with its LoginService
 + 3583 jetty-maven plugin in multi-module-project does not use files from
   /target/test-classes folder of dependent projects
 + 3605 IdleTimeout with Jetty HTTP/2 and InputStreamResponseListener
 + 3608 Reply with 400 Bad request to malformed WebSocket handshake
 + 3616 Backport WebSocket SessionTracker from Jetty 10
 + 3620 Use of `throwUnavailableOnStartupException=true` does not stop Server
   in jetty-home
 + 3627 Only renew session id when spnego authentication is fully complete
 + 3628 NPE in QueuedThreadPool.getReservedThreads()
 + 3630 X-Forwarded-For missing last hextet for ipv6
 + 3633 endpointIdentificationAlgorithm enabled by default
   jetty-ssl-context.xml
 + 3653 access control exception if programmatic security manager is used
 + 3655 Spaces missing on Cookies generated via RFC6265
 + 3663 Remove deprecation of HttpClient replacement methods in WebSocketClient
 + 3680 Bom manages non-existent infinispan-remote and infinispan-embedded
   dependencies due to config classifier
 + 3683 Multipart file not deleted when client aborts upload
 + 3690 Upgrade to asm 7.1
 + 3713 Emit warning when invoking deprecated method in Jetty XML
 + 3715 Improve Log.condensePackage performance
 + 3722 HttpSessionListener.sessionDestroyed should be able to access webapp
   classes
 + 3726 Remove OSGi export uses of servlet-api from jetty-util
 + 3729 Make creation of java:comp/env threadsafe
 + 3743 Update XmlConfiguration usage in Jetty to always use Constructors that
   provide Location information
 + 3748 @Resource field not injected in Jetty Demo
 + 3750 NPE in WebSocketClient.toString()
 + 3751 Modern Configure DTD / FPI is used inconsistently

jetty-9.4.18.v20190429 - 29 April 2019
 + 3476 IllegalStateException in WebSocket ConnectionState
 + 3550 Server becomes unresponsive after sitting idle from a load spike
 + 3563 Update to apache jasper 8.5.40
 + 3573 Update jetty-bom for new infinispan artifacts
 + 3582 HeapByteBuffer cleared unexpected
 + 3597 Session persistence broken from 9.4.13+
 + 3609 Fix infinispan start module dependencies

jetty-9.4.17.v20190418 - 18 April 2019
 + 2140 Infinispan and hazelcast changes to scavenge zombie expired sessions
 + 3464 Split SslContextFactory into Client and Server
 + 3549 Directory Listing on Windows reveals Resource Base path
   (CVE-2019-10246)
 + 3555 DefaultHandler Reveals Base Resource Path of each Context
   (CVE-2019-10247)

jetty-9.3.27.v20190418 - 18 April 2019
 + 3549 Directory Listing on Windows reveals Resource Base path
   (CVE-2019-10246)
 + 3555 DefaultHandler Reveals Base Resource Path of each Context
   (CVE-2019-10247)

jetty-9.2.28.v20190418 - 18 April 2019
 + 3549 Directory Listing on Windows reveals Resource Base path
   (CVE-2019-10246)
 + 3555 DefaultHandler Reveals Base Resource Path of each Context
   (CVE-2019-10247)

jetty-9.4.16.v20190411 - 11 April 2019
 + 1861 Limit total bytes pooled by ByteBufferPools
 + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException`
 + 3159 WebSocket permessage-deflate RSV1 validity check
 + 3274 OSGi versions of java.base classes in
   org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
 + 3319 Modernize Directory Listing: HTML5 and Sorting (CVE-2019-10241)
 + 3361 HandlerCollection.addHandler is lacking synchronization
 + 3373 OutOfMemoryError: Java heap space in GZIPContentDecoder
 + 3389 Websockets jsr356 willDecode not invoked during decoding
 + 3394 java.security.acl.Group is deprecated and marked for removal
 + 3404 Cleanup QuotedQualityCSV internal use of Double
 + 3411 HttpClient does not timeout during multiple redirection
 + 3421 Duplicate JSESSIONID sent when invalidating new session
 + 3422 CLOSE_WAIT socket status forever after terminating websocket client
   side
 + 3425 Upgrade conscrypt version to 2.0.0 and remove usage of reflection
 + 3429 JMX Operation to trigger manual deployment scan in WebAppProvider
 + 3440 Stop server if Unavailable thrown
 + 3444 org.eclipse.jetty.http.Http1FieldPreEncoder generates an invalid header
   byte-array if header is null
 + 3456 Allow multiple programmatic login/logout in same request
 + 3464 Split SslContextFactory into Client and Server
 + 3481 TLS close_notify() is not guaranteed
 + 3489 Using setExtraClasspath("lib/extra/*") does not work on Microsoft
   Windows
 + 3526 HTTP Request Locale not retained in WebsocketUpgrade Request
 + 3540 Use configured Provider in SslContextFactory consistently
 + 3545 NullPointerException on ServletOutputStream.print("");

jetty-9.3.26.v20190403 - 03 April 2019
 + 2954 Improve cause reporting for HttpClient failures
 + 3274 OSGi versions of java.base classes in
   org.apache.felix:org.osgi.foundation:jar conflicts with new rules on Java 9+
 + 3302 Support host:port in X-Forwarded-For header in
   ForwardedRequestCustomizer
 + 3319 Allow reverse sort for directory listed files (CVE-2019-10241)

jetty-9.2.27.v20190403 - 03 April 2019
 + 3319 Refactored Directory Listing to modernize and avoid XSS
   (CVE-2019-10241)

jetty-9.4.15.v20190215 - 15 February 2019
 + 113 Add support for NCSA Extended Log File Format
 + 150 extraClasspath() method on WebAppContext dont support dir path
 + 2646 Better handle concurrent calls to change session id and invalidate
   within a context
 + 2718 NPE using more than one Endpoint.publish
 + 2817 Change HttpClient and WebSocketClient default to always have SSL
   support enabled
 + 3030 Enforce Content-Encoding check only on parameter extraction
 + 3038 SSL Connection Leak
 + 3049 Warn on common SslContextFactory problematic configurations
 + 3133 Logging of `key.readyOps()` can throw unchecked `CancelledKeyException`
 + 3139 NPE on
   WebSocketServerContainerInitializer.configureContext(ServletContextHandler)
 + 3146 ServletContainerInitializer from war WEB-INF/classes not executing
 + 3154 Add support for javax.net.ssl.HostnameVerifier to HttpClient
 + 3161 Update to Apache JSP 8.5.35
 + 3178 BufferingResponseListener does not clear buffer in onHeaders
 + 3186 Jetty maven plugin - javax.annotation.jar picked up from jetty plugin
   rather than from applications classpath
 + 3202 jetty-maven plugin in multi-module project not using files from /target
   folders of sister projects
 + 3207 Async ServletOutputStream print methods
 + 3210 Threadpool module creates unmanged threadpool
 + 3212 Client and server need to to treat an incoming HTTP/2 RST_STREAM frame
   differently
 + 3234 AuthenticationProtocolHandler should not cache the failed results
 + 3240 ALPN support for Java 13
 + 3241 Missing main manifest attribute in jetty-runner.jar
 + 3242 Fix WebSocket components dump()
 + 3278 NullPointerException if base resource is an empty ResourceCollection
 + 3279 WebSocket write may hang forever
 + 3302 Support host:port in X-Forwarded-For header in
   ForwardedRequestCustomizer
 + 3305 Avoid additional selectNow() on non-Windows runtimes
 + 3307 WebAppClassLoader loadClass can throw NullPointerException for missing
   class
 + 3311 Ability to serve HTTP and HTTPS from the same port
 + 3317 Improve uncaught exception handler double logging
 + 3329 Hazelcast delete expired session fails in deserialize
 + 3350 Do not expect to be able to connect to https URLs with the HttpClient
   created from a parameterless constructor

jetty-9.4.14.v20181114 - 14 November 2018
 + 3097 Duplicated programmatic Servlet Listeners causing duplicate calls
 + 3104 Align jetty-schemas version within apache-jsp module as well

jetty-9.4.13.v20181111 - 11 November 2018
 + 2191 JPMS Support
 + 2431 Upgrade to Junit 5
 + 2691 LdapLoginModule does not find accounts in subtrees
 + 2702 ArithmeticException in Credentials.stringEquals and .byteEquals
 + 2718 NPE using more than one Endpoint.publish
 + 2727 Cleanup behavior of JMX MBean discovery
 + 2740 Ensure OSGiWebappClassLoader uses bundleloader for all loadClass
   methods
 + 2787 Use status code from nested BadMessageException wrapped in
   ServletException
 + 2796 HTTP/2 max local stream count exceeded when request fails
 + 2834 Support Java 11 bytecode during annotation scanning
 + 2865 Update to apache jasper 8.5.33
 + 2868 Adding SPNEGO authentication support for Jetty Client
 + 2871 HTTP/2 Server reads -1 after client resets stream
 + 2875 Fix WebSocketClient.connect() hang when attempting to connect at an
   invalid websocket endpoint
 + 2886 SNI matching does not work in certain cases when there is only one CN
   certificate in the keystore
 + 2901 Introduce HttpConnectionUpgrader as a conversation component in
   HttpClient
 + 2903 Avoid Listener instantiation during QuickStart generation
 + 2906 jetty-maven-plugin run goal adds output directory of reactor project
   dependencies to classpath without regard for scope
 + 2912 Requests handled with GzipHandler should remove Content-Encoding and
   Content-Length headers
 + 2913 Remove reliance on sun.reflect.Reflection to be compatible with Java 11
 + 2936 Error during initial RequestDispatch with bad request query results in
   failure for ErrorHandler to process
 + 2941 Upgrade to ASM 7 to support Java 11 bytecode
 + 2954 Improve cause reporting for HttpClient failures
 + 2970 Ensure HttpChannel.onComplete is always called
 + 3018 Improve error handling and logging of min data rate violations
 + 3023 Wrong non-redirect behaviour with "null" path info
 + 3030 Enforce Content-Encoding check only on parameter extraction
 + 3041 Cookies parsing in RFC2965 should allow deprecated comma separators
 + 3049 Warn on common SslContextFactory problematic configurations
 + 3054 Update OSGi to ASM 7
 + 3090 MBeanContainer throws NPE for arrays
 + 3092 Wrong classloader used to load *MBean classes

jetty-9.3.25.v20180904 - 04 September 2018
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2777 Workaround for Conscrypt's ssl == null
 + 2787 BadMessageException wrapped as ServletException not handled
 + 2860 Leakage of HttpDestinations in HttpClient
 + 2871 Server reads -1 after client resets HTTP/2 stream

jetty-9.4.12.v20180830 - 30 August 2018
 + 300 Implement Deflater / Inflater Object Pool
 + 307 Monitor contention in AbstractNCSARequestLog
 + 321 Remove JaspiAuthenticatorFactory.findServerName(Server, Subject)
 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 1688 Request with `Content-Encoding: gzip` should not perform parameter
   extraction
 + 1905 Deprecate jetty-runner now, present warnings when using it on Java 9+
   Runtimes
 + 2075 Deprecating MultiException
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2342 File Descriptor Leak: Conscrypt: "Too many open files"
 + 2349 HTTP/2 max streams enforcement
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2501 Include accepting connections in connection limit
 + 2530 Client waits forever for cancelled large uploads
 + 2560 Review PathResource exception handling
 + 2565 HashLoginService silently ignores file:/ config paths from 9.3.x
 + 2631 IllegalArgumentException: Buffering capacity exceeded, from HttpClient
   HEAD Requests to resources referencing large body contents
 + 2648 LdapLoginModule fails with forceBinding=true under Java 9
 + 2655 WebSocketClient not removing closed WebSocket Session's from managed
   beans
 + 2662 Remove unnecessary boxing conversions
 + 2663 Guard Throwable.addSuppressed() calls
 + 2672 Max local stream count exceeded for HttpClient with HTTP/2 transport
 + 2675 Demo rewrite rules prevent URL Session tracking
 + 2677 Decode URI before matching against "/favicon.ico"
 + 2679 HTTP/2 Spec Compliance
 + 2681 Jetty Hot Deployment Module does not stop exploded webapps after
   removal from webapps directory
 + 2683 NPE in FrameFlusher toString()
 + 2684 MimeTypes.getAssumedEncodings() does not work
 + 2694 Bad DynamicImport-Package in Websocket Servlet
 + 2696 GcloudDataStore dependency generation broken
 + 2706 ResourceService may return 404 for unchanged content
 + 2711 TLS 1.3 compliance
 + 2717 Async requests are not considered when shutting down gracefully
 + 2718 NPE using more than one Endpoint.publish
 + 2719 property file passed to start.jar is not read
 + 2720 <property> config tag can't access property values in WebAppContext
 + 2722 Improve configurability for SETTINGS frames
 + 2730 Limit concurrent HTTP/2 pushed resources
 + 2737 HTTP Authentication parameters containing =
 + 2739 AuthenticationProtocolHandler Multiple Challenge Pattern
 + 2745 JDBCSessionDataStore schema potential performance issue
 + 2746 Move jmh classes to a dedicated module and run those daily or weekly
 + 2749 Graceful shutdown causes repeated 503s on keep-alive connections
 + 2754 Don't eagerly instantiate @WebListener during annotation scan if it is
   explicitly referenced in the webapp descriptor as well
 + 2755 Repeatedly stopping/starting an active HttpClient can result in a stuck
   ManagedSelector
 + 2757 Possible double release of HTTP/2 ByteBuffers
 + 2762 Fix typo in jetty.sh
 + 2767 WebSocket Policy on JSR356 ClientContainer not represented correctly
 + 2775 Make LowResourceMonitor extendable
 + 2777 Workaround for Conscrypt's ssl == null
 + 2778 Upgrade h2spec-maven-plugin 0.4
 + 2787 BadMessageException wrapped as ServletException not handled
 + 2794 Generate p2 repos for Jetty 9.3.24.v20180605 and Jetty 9.2.25.v20180606
 + 2796 Max local stream count exceeded when request fails
 + 2798 ThreadPoolBudget logs WARN when minThreads == maxThreads (was:
   Reasoning behind ThreadPoolBudget warning logic change on 3/5/18)
 + 2807 Exclude TLS_RSA_* ciphers by default
 + 2811 SslContextFactory.dump incorrectly uses default enabled for determining
   "jre:disabled" flag
 + 2817 Change HttpClient and WebSocketClient default to always have SSL
   support enabled
 + 2821 AuthenticationProtocolHandler should not always cache
   Authentication.Result
 + 2824 Every call to HttpServletRequest.getParameter*() methods results in a
   newly created Map object if both query and body content exist
 + 2828 connectionListener of AbstractHTTP2ServerConnectionFactory cause the
   low performance of concurrent connect of http2
 + 2832 Wrong initialization of HTTP/2 UnknownBodyParser
 + 2835 JarFileResource#lastModified() side effect is URL caching preventing
   hot redeploy on Windows
 + 2836 Sequential HTTPS requests may not reuse the same connection
 + 2844 Clean up webdefault.xml and DefaultServlet doc
 + 2847 Wrap Connection.Listener invocations in try/catch
 + 2860 Leakage of HttpDestinations in HttpClient
 + 2871 Server reads -1 after client resets HTTP/2 stream

jetty-9.2.26.v20180806 - 06 August 2018
 + 2777 Workaround for Conscrypt's ssl == null

jetty-9.2.25.v20180606 - 06 June 2018
 + 2114 Fix NPE in JettyHttpServerProvider
 + 2135 Android 8.1 needs direct buffers for SSL/TLS to work
 + 2529 HttpParser cleanup
 + 2603 WebSocket ByteAccumulator initialized with wrong maximum
 + 2604 WebSocket ByteAccumulator should report sizes in
   MessageTooLargeException

jetty-9.4.11.v20180605 - 05 June 2018
 + 1785 Support for vhost@connectorname syntax of virtual hosts
 + 2346 Revert stack trace logging for HTTPChannel.onException
 + 2439 Remove HTTP/2 data copy
 + 2472 central.maven.org doesn't work with https
 + 2484 Repeated null check in MimeTypes.getDefaultMimeByExtension
 + 2496 Jetty Maven Plugin should skip execution on projects it cannot support
 + 2516 NPE at SslClientConnectionFactory.newConnection()
 + 2518 HttpClient cannot handle bad servers that report multiple 100-continue
   responses in the same conversation
 + 2525 Deprecate BlockingTimeout mechanism for removal in future release
 + 2529 HttpParser cleanup
 + 2532 Improve parser handing of tokens
 + 2545 Slow HTTP2 per-stream download performance
 + 2546 Incorrect parsing of PROXY protocol v2
 + 2548 Possible deadlock failing HTTP/2 stream creation
 + 2549 ConsumeAll and requestRecycle
 + 2550 Coalesce overlapping HTTP requested byte ranges
 + 2556 "file:" prefix in jetty.base variable
 + 2559 Use Configurator declared in ServerEndpointConfig over one declared in
   the @ServerEndpoint annotation
 + 2560 PathResource exception handling
 + 2568 QueuedThreadPool.getBusyThreads() should take into account
   ReservedThreadExecutor.getAvailable()
 + 2571 Jetty Client 9.4.x incorrectly handles too large fields from nginx 1.14
   server
 + 2574 Clarify max request queued exception message
 + 2575 Work around broken OSGi implementations Bundle.getEntry() behavior
   returning with unescaped URLs
 + 2580 Stop creating unnecessary exceptions with MultiException
 + 2586 Update to asm 6.2
 + 2603 WebSocket ByteAccumulator initialized with wrong maximum
 + 2604 WebSocket ByteAccumulator report sizes in MessageTooLargeException
 + 2616 Trailers preventing client from processing all the data
 + 2619 QueuedThreadPool race can shrink newly created idle threads before use

jetty-9.3.24.v20180605 - 05 June 2018
 + 2529 HttpParser cleanup
 + 2560 PathResource exception handling
 + 2603 WebSocket ByteAccumulator initialized with wrong maximum
 + 2604 WebSocket ByteAccumulator should report sizes in
   MessageTooLargeException

jetty-9.4.10.v20180503 - 03 May 2018
 + 110 Jetty JAASLoginService should not use getContextClassLoader to load role
   class name under OSGi
 + 1027 MultiPartInputStreamParser is slow for largish files
 + 1555 AuthenticationProtocolHandler unable to parse Digest WWW Header
 + 2018 No HttpClient API for receiving Server Sent Events
 + 2145 Enabled h2, http/1.1 + https failed with invalid preface
 + 2152 Produce jetty-home-source artifacts for Eclipse Jetty source jars
 + 2164 Ensure all jetty modules that use ServiceLoader have correct OSGi
   manifest headers
 + 2205 100% CPU usage in Selector using Jetty on Windows
 + 2311 TimeoutException when server sends unexpected content
 + 2337 ServletUpgradeRequest getSubProtocols() creates an ArrayList even if
   sub protocols is absent in WebSocket Upgrade Request.
 + 2349 Review HTTP/2 max streams enforcement
 + 2350 Support multiplexing in RoundRobinConnectionPool
 + 2361 CachingWebAppClassLoader is not using cache properly
 + 2366 Review HTTP/2 interleaving
 + 2376 Relax ContextHandler and ServletContextHandler requirements in
   WebSocket to allow SpringBoot's MockMVC to function
 + 2387 NPE in URIUtil.equalsIgnoreEncodings when working with jar:file:// URIs
 + 2388 AtomicBiInteger.compareAndSet(long,int,int) not using encoded parameter
 + 2391 Allow for optional "\u####" escaping in
   org.eclipse.jetty.util.ajax.JSON.toString()
 + 2398 MultiPartFormInputStream parsing should default to UTF-8, but allowed
   to be overridden by Request.setCharacterEncoding()
 + 2403 allow --add-to-start to  specify maven repository location
 + 2409 Ensure no duplicate config classes are assigned to WebApps in OSGi
   environments
 + 2413 Server log timestamp is inconsistent
 + 2420 Simplify HttpTransportOverHTTP2
 + 2425 Review BufferUtil.isMappedBuffer()
 + 2427 SessionInactivityTimeout does not stop upon expiration
 + 2430 CDI version mismatch with jetty-maven-plugin:run-forked and Weld
 + 2435 Class.newInstance() is deprecated in Java 9+
 + 2445 Add HttpServletRequest support to DefaultCallbackHandler
 + 2446 AttributeNormalizer does not support "user.home" to be "/"
 + 2451 ReservedThreadExecutor.getAvailable() is not atomic and can return
   incorrect value
 + 2454 Avoid sending empty DATA frame in case of HTTP/2 trailers
 + 2464 NPE when constructing subclasses of ExecutorThreadPool
 + 2468 EWYK concurrent produce can fail SSL connections
 + 2472 Default Maven Central Repository URL used to download artifacts in
   start.jar should use https
 + 2474 HTTP/2 client not handling invalid servers correctly
 + 2478 ThreadPoolExecutor does nto reap Idle threads
 + 2482 Possible NPE in MemcachedSessionDataMapFactory
 + 2491 WebSocket FragmentExtension can produce an invalid stream of frames
 + 2495 FileSessionDataStore: private save method
 + 2496 Jetty Maven Plugin should skip execution on projects it cannot support
 + 2498 Add QueuedThreadPool.removeThread(Thread) for extendability reasons

jetty-9.4.9.v20180320 - 20 March 2018
 + 347 Avoid sending request using a connection that is idle timing out
 + 1416 GzipHandler generated ETag suffix has problems with If-Match header
   logic
 + 1602 WebAppContext is started twice, once by deployer, again by lifecycle
 + 1614 AbstractNCSARequestLog does not extract the user from the http header
   when it has not been authenticated
 + 1770 SniX509ExtendedKeyManager.chooseServerAlias() throws
   NullPointerException when socket is null
 + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
 + 1832 Bad HTTP Close prevents proper TCP close
 + 1918 Scalable scheduler implementation
 + 1933 Use CLASSPATH for scanning java9 system classes
 + 1940 Embedded CDI: SessionScoped gives a NPE
 + 1949 Client-side problems with digest authentication
 + 1956 Store and report build information of Jetty
 + 1966 HttpMethod case sensitive
 + 1970 ManagedSelector can lose selector thread under high concurrent load
 + 1973 Implement minimum response data rate
 + 1983 Improve warning for incompatible ALPN processor
 + 1986 ServletContextHandler.Context addListener() methods support session
   listeners
 + 2003 Do not submit blocking tasks as managed selector actions
 + 2006 ServletInputStream.isReady not registering interest when it should
 + 2010 SniX509ExtendedKeyManager causes exception: "FIPS mode: only SunJSSE
   KeyManagers may be used"
 + 2014 Support unix domain sockets in HttpClient
 + 2015 jetty-alpn-conscrypt-server needs appropriate osgi headers in manifest
 + 2016 jetty-alpn-openjdk8-server needs correct osgi headers in manifest
 + 2019 Expose HttpClientTransport in JMX
 + 2020 Introduce a name for `HttpClient` instances
 + 2022 Fine grained RFC HTTP Compliance modes: including OWS prior to field
   colon
 + 2028 Add osgi headers for alpn-java client and server
 + 2030 NPE in AnnotationConfiguration with DEBUG enabled
 + 2033 Improve HTTP/2 session and stream stall times report
 + 2034 Improve HTTP2Session dump
 + 2035 FlowControlStrategy keeps around reset streams
 + 2037 HTTP/2 stream reset leaves stream frames in the flusher
 + 2038 FileSessionDataStore.deleteAllFiles(File, String) can become slow
 + 2043 ConcurrentModificationException during annotation parsing
 + 2046 Server.stop not closing connections
 + 2050 Clarify ObjectMBean getObject[Name|Context]Basis() methods
 + 2079 Upgrade to apache jasper 8.5.24
 + 2080 Exclude more maven machinery dependencies from the jetty-maven-plugin
   server path
 + 2081 No idle timeout exception when dispatch is delayed
 + 2088 Recycle HTTP/2 channels on the client
 + 2090 Jetty fails to start on OpenJDK 9: "Invalid Java version 9.0.1.3"
 + 2093 Correcting Bom managed dependencies that do not exist
 + 2114 Fix NPE in JettyHttpServerProvider
 + 2117 Allow to configure HttpClient default request Content-Type
 + 2130 Introduce thread pool module for simpler configuration of thread pool
   in standalone
 + 2131 Introduce a monitored thread pool
 + 2136 maven & jetty-maven-plugin & offline
   error:java.net.UnknownHostException: www.eclipse.org
 + 2148 Limit BufferUtil.toDetailString() raw character display to USASCII
   7-bit printable characters
 + 2152 Produce jetty-home-source artifacts for Eclipse Jetty source jars
 + 2160 Digest authentication should use absolute path
 + 2164 Ensure all jetty modules that use ServiceLoader have correct OSGi
   manifest headers
 + 2190 HTTP/2 close and GOAWAY behavior
 + 2203 Use GlobalWebAppConfigBinding rather than special methods on
   DeploymentManager/WebAppProvider
 + 2209 jetty-maven-plugin deploy-war silently fails (unless the pom has war
   packaging)
 + 2210 NPE at org.eclipse.jetty.client.HttpDestination.newExchangeQueue
 + 2218 Adding workaround for Windows NIO Selector Bug
 + 2232 Dependency Conflict: Conflicting JARs org.apache.maven:maven-project
 + 2255 Notify SSL handshake failures on write failures
 + 2275 jetty.server.ResourceService.doGet() + RequestDispatcher INCLUDE
 + 2278 Could not find artifact
   org.eclipse.jetty.tests:test-webapps-parent:pom:9.4.8.v20171121
 + 2279 Jetty 9.4.x start.jar:  "?=" in [ini] defeats Issue #1139 functionality
 + 2280 Default application/json to utf-8 encoding in encoding.properties
 + 2284 NPE from start.jar during JVM version parsing
 + 2288 Cleanup the statistics classes
 + 2291 Expose HTTP/2 close reason in dumps
 + 2293 HTTP/2 client multiplexed connection pool creates too many connections
 + 2297 HTTP/2 client transport should honor HttpClient.connectBlocking
 + 2298 Override the processor number with an environment variable
 + 2307 Error page can have null charset in content type
 + 2308 Type change in MonitorTask - int cannot be converted to
   ThreadPoolExecutor
 + 2312 HTTP/2 Connection.Listener notified after first request
 + 2313 Dump HTTP/2 channel state
 + 2318 HttpParser.Listener.onBadMessage() should take BadMessageException
 + 2346 Missing stack traces in HTTPChannel.onException
 + 2358 Add ALPN module file for JDK 10

jetty-9.2.24.v20180105 - 05 January 2018
 + 2065 Backport #347 to Jetty 9.2.x. HttpClient Idle timeout connection reuse

jetty-9.2.23.v20171218 - 18 December 2017
 + 1556 Remove a timing channel in Password matching
 + 1685 Update ALPN support for Java 8u141
 + 1702 Update ALPN support for Java 8u144
 + 1914 HttpClient fails to parse Content-Type response header with RFC 2045
   charset="utf-8" syntax
 + 2065 Backport #347 to Jetty 9.2.x
 + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with
   CONNECT

jetty-9.4.8.v20171121 - 21 November 2017
 + 212 HttpClient should support pluggable AuthenticationStore
 + 215 Add Conscrypt for native ALPN/TLS/SSL
 + 272 WebSocket hangs in blockingWrite
 + 487 JDK 9 build compatibility
 + 901 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 922 Implements methods Connection.getBytes[In|Out]()
 + 1209 IllegalStateException when HTTP/2 push is disabled
 + 1213 Upgrade to ASM Version 6.0 for JDK9
 + 1509 Improve GZIPContentDecoder buffer pooling sizing
 + 1550 Resolve inconsistent Shutdown configuration with Jetty Runner
 + 1640 Introduce :run-distro goal for local jetty distribution deployment
 + 1692 Annotation scanning should ignore `module-info.class` files
 + 1696 Missing stacktraces on debug of WriteFlusher onFail
 + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks
 + 1760 Update to apache jasper 8.5.20
 + 1768 Allow jetty properties to be set for the jetty:run-forked goal
 + 1782 Using assembly.tarLongFileMode=posix for jetty-home and
   jetty-distribution assembly
 + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
 + 1806 Improved ReservedThreads idle timeout
 + 1807 Add new HttpChannel listener and events for metrics libraries
 + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
 + 1818 Improve Infinispan support on JDK 9
 + 1819 Race condition during annotation parsing
 + 1823 ResourceHandler with ranged requests does not return Content-Type
   response header
 + 1829 OSGi webbundle classes scanned twice
 + 1833 Request.startAsync requires context path
 + 1835 Locker is not reentrant on ServerConnector#setConnectionFactories
 + 1836 Migrate Locker implementation to JVM ReentrantLock implementation
 + 1841 Reduce contention on ServletHolder
 + 1845 Allow null User-Agent in HttpClient
 + 1849 Refactoring of SelectorManager.defaultSchedulers()
 + 1851 Improve insufficient thread warnings/errors
 + 1854 Consistent IOException and timeout handling when extracting form
   parameters
 + 1856 ResourceHandler without ServletContext throws NPE for welcome files if
   used directly
 + 1857 GZIPContentTransformer fails to send entire message if used with
   BufferedContentTransformer
 + 1865 Improve Exception on invalid redirect usage
 + 1867 Improve Exception thrown during Expect 100 Continue
 + 1868 Need a way to randomly select ports for tests
 + 1871 JMXify SslContextFactory
 + 1878 Handle 100 Continue response without Expect header
 + 1879 'Bad tld url' seen during :jetty-run when running integration tests
 + 1881 Improve support of WebSocket over Unix Domain Socket
 + 1885 SessionHandler get/set maxInactiveInterval is not symmetric with
   negative values
 + 1888 Implement cookie matching on Path attribute per RFC 6265
 + 1891 Make HTTP/2 async error notifications configurable
 + 1892 NPE resulting from bad JEP 238 MultiReleaseJarFile structure
 + 1893 Add ability to set HttpClient Connection TTL
 + 1897 Introduce a round-robin connection pool for HttpClient
 + 1900 Update to CDI 2.0 for cdi module
 + 1901 Reimplement PathWatcher as scanner
 + 1909 Update to Apache Jasper 8.5.23
 + 1910 Remove unused jetty-jsp module
 + 1912 AbstractConnector EndPoint leak for failed SSL connections
 + 1914 HttpClient fails to parse Content-Type response header with RFC 2045
   charset="utf-8" syntax
 + 1919 Review LowResourceMonitor
 + 1920 Connect Timeouts with NonBlocking CreateEndPoint
 + 1924 ManagedSelector can livelock under high load
 + 1931 Expose RolloverOutputStream for pluggable behaviour
 + 1933 Use CLASSPATH for scanning java9 system classes
 + 1956 Store and report build information of Jetty
 + 1958 Blocking Timeout has different behavior in HttpInput vs HttpOutput
 + 1970 ManagedSelector can lose selector thread under high concurrent load
 + 1980 PushCacheFilter does not push TLS offloaded HTTP/2 requests
 + 1981 Loading resource content failed
 + 1984 Remove jetty-client dependency in jetty-rewrite

jetty-9.3.22.v20171030 - 30 October 2017
 + 1213 Upgrade to ASM Version 6.0_ALPHA for JDK9
 + 1692 Annotation scanning should ignore `module-info.class` files
 + 1705 Rejected executions in QueuedThreadPool can lead to memory leaks
 + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
 + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
 + 1901 Reimplement PathWatcher as scanner
 + 1912 AbstractConnector EndPoint leak for failed SSL connections
 + 1914 jetty client fails to parse response with RFC2045 conformant
   Content-Type: charset="utf-8"
 + 1928 Backport #1705 to jetty-9.3.x. Fixed leak on Rejected execution

jetty-9.3.21.v20170918 - 18 September 2017
 + 487 JDK 9 build compatibility
 + 1116 Support empty HTTP header values
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
 + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled
 + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception
 + 1513 RolloverFileOutputStream: can't handle multiple instances
 + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior
 + 1556 Remove a timing channel in Password matching
 + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones
 + 1655 Improve extensibility of ServerConnector
 + 1661 AbstractProxyServlet onProxyResponseFailure Error
 + 1664 IPAccessHandler CIDR IP range check is incorrect
 + 1685 Update ALPN support for Java 8u141
 + 1687 HTTP2: Correcting missing callback notification when channel not found
 + 1702 Update ALPN support for Java 8u144
 + 1703 Improve HttpInput failure logging
 + 1719 HTTP/2: Improve handling of queued requests
 + 1741 Java 9 javadoc failure in build
 + 1749 Dump HttpDestination exchange queue
 + 1750 PoolingHttpDestination creates ConnectionPool twice
 + 1759 HTTP/2: producer can block in onReset
 + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint
 + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with
   CONNECT

jetty-9.4.7.v20170914 - 14 September 2017
 + 215 Consider native ALPN/SSL provider
 + 487 JDK 9 build compatibility
 + 1116 Support empty HTTP header values
 + 1200 Use PathWatcher in DeploymentManager
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
 + 1416 GzipHandler generated ETag suffix has problems with If-Match header
   logic
 + 1468 Configure PKIX Revocation Checker for SslContextFactory
 + 1469 RolloverFileOutputStream: IllegalStateException Task already scheduled
 + 1498 Add JRTResource to support future Java 9 classloader behaviors
 + 1499 ClasspathPattern needs MODULE ruleset to support future Java 9
   classloader behaviors
 + 1503 IPv6 address needs normalization (without brackets) in
   ForwardedRequestCustomizer
 + 1507 RolloverFileOutputStream: Negative delay Timer.schedule exception
 + 1513 RolloverFileOutputStream: can't handle multiple instances
 + 1515 Improved RollOverFileOutputStream removeOldFiles() behavior
 + 1520 PropertyUserStore should extract packed config file
 + 1556 Remove a timing channel in Password matching
 + 1571 Support Hazelcast session management in 9.4
 + 1590 Improve RolloverFileOutputStream functionality with multiple TimeZones
 + 1591 JDBCSessionDataStore doesn't work with root context on Oracle DB
 + 1592 CompressedContentFormat.tagEquals() - incorrect comparison of entity
   tag hashes
 + 1595 HTTP/2: Avoid sending unnecessary stream WINDOW_UPDATE frames
 + 1600 Update jndi.mod and plus.mod
 + 1603 WebSocketServerFactory NPE in toString()
 + 1604 WebSocketContainer stop needs improvement
 + 1605 ContainerProvider.getWebSocketContainer() behavior is not to spec
 + 1618 AsyncContext.dispatch() does not use raw/encoded URI
 + 1622 HeaderFilter doesn't work if the response has been committed
 + 1623 JettyRunMojo use dependencies from reactor (outputdirectory)
 + 1625 Support new IANA declared Websocket Close Status Codes
 + 1637 Thread per connection retained in HTTP/2
 + 1638 Add it test for Maven Plugin
 + 1642 Using RewriteHandler with AsyncContext.dispatch() and
   HttpServletRequestWrapper not possible
 + 1643 ProxyServlet always uses default number of selector threads -
   constructor should allow to overwrite the default.
 + 1645 NotSerializableException: DoSFilter when using Non-Clustered Session
   Management: File System
 + 1655 Improve extensibility of ServerConnector
 + 1656 Improve configurability of ConnectionPools
 + 1661 AbstractProxyServlet onProxyResponseFailure Error
 + 1662 NPE with WebSocket Compress Extensions
 + 1664 IPAccessHandler CIDR IP range check is incorrect
 + 1671 Asymmetric usage of trailers in MetaData.Request
 + 1675 Session id should not be logged with INFO level in AbstractSessionCache
 + 1679 DeploymentManagerMBean not usable through JMX
 + 1682 Jetty-WarFragmentFolderPath directive has no effect in eclipse runtime
   mode except for the first launch
 + 1685 Update ALPN support for Java 8u141
 + 1687 HTTP2: Correcting missing callback notification when channel not found
 + 1692 Annotation scanning should ignore `module-info.class` files
 + 1698 Missing WWW-Authenticate from SpnegoAuthenticator when other
   Authorization header provided
 + 1702 Update ALPN support for Java 8u144
 + 1703 Improve HttpInput failure logging
 + 1706 Log Implementation ignored when executing under OSGi
 + 1709 SpnegoAuthenticator improperly handling case-insensitive Negotiate
   header
 + 1713 Do not over allocate selectors for small thread pools
 + 1715 Standardise properties and ids in jetty XML files
 + 1717 DoSFilter getRateTracker IP/Port loadId minor improvement
 + 1718 QueuedThreadPool not exposed on JMX
 + 1719 HTTP/2: Improve handling of queued requests
 + 1721 Async I/O POST fails with big files
 + 1724 Add dependency on jetty-annotations for apache-jsp
 + 1732 Allow pause accepting new connections during high load
 + 1737 DefaultServlet wrong welcome dispatcher using non-root URL path
 + 1738 jetty-bom fails oss.sonatype.org validation
 + 1741 Java 9 javadoc failure in build
 + 1749 Dump HttpDestination exchange queue
 + 1750 PoolingHttpDestination creates ConnectionPool twice
 + 1759 HTTP/2: producer can block in onReset
 + 1766 JettyClientContainerProvider does not actually use common objects
   correctly
 + 1790 HTTP/2: 100% CPU usage seen during close/shutdown of endpoint
 + 1792 Accept ISO-8859-1 characters in response reason
 + 1794 Config properties typos in session-store-cache.mod
 + 1795 Fix session id manager workerName
 + 1796 ReservedThreadExecutor defaulting to capacity=1 only
 + 1797 JEP 238 - Multi-Release JAR files break bytecode scanning
 + 1798 JMXify EatWhatYouKill
 + 1804 Make EndPoint creation and destroy a non-blocking task
 + 1805 ReservedThreadExecutor should start ReservedThreads lazily
 + 1809 NPE: StandardDescriptorProcessor.visitSecurityConstraint() with null/no
   security manager
 + 1814 Move JavaVersion to jetty-util for future Java 9 support requirements
 + 475546 ClosedChannelException when connection to HTTPS over HTTP proxy with
   CONNECT

jetty-9.2.22.v20170606 - 06 June 2017
 + 920 no main manifest attribute, in jetty-runner-9.2.19.v20160908.jar
 + 1108 Please improve logging in SslContextFactory when there are no approved
   cipher suites
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
 + 1469 IllegalStateException in RolloverFileOutputStream
 + 1507 Negative delay Timer.schedule exception due to mismatched local and
   _logTimeZone values
 + 1532 RolloverFileOutputStream can't handle multiple instances
 + 1523 Update ALPN support for Java 8u131
 + 1556 A timing channel in Password.java
 + 1590 RolloverFileOutputStream not functioning in Jetty 9.2.21+

jetty-9.4.6.v20170531 - 31 May 2017
 + 523 TLS close behaviour breaking session resumption
 + 1108 Please improve logging in SslContextFactory when there are no approved
   cipher suites
 + 1505 Adding jetty.base.uri and jetty.home.uri
 + 1514 websocket dump badly formatted
 + 1516 Delay starting of WebSocketClient until an attempt to connect is made
 + 1520 PropertyUserStore should extract packed config file
 + 1526 MongoSessionDataStore old session scavenging is broken due to the
   missing $ sign in "and" operation
 + 1527 Jetty BOM should not depend on jetty-parent
 + 1528 Internal HttpClient usages should have common configurable technique
 + 1536 Jetty BOM should include more artifacts
 + 1538 NPE in Response.putHeaders
 + 1539 JarFileResource mishandles paths with spaces
 + 1544 Disabling JSR-356 doesn't indicate context it was disabled for
 + 1546 Improve handling of quotes in cookies
 + 1553 X509.isCertSign() can throw ArrayIndexOutOfBoundsException on
   non-standard implementations
 + 1556 A timing channel in Password.java
 + 1558 When creating WebAppContext without session-config and with NO_SESSIONS
   throws NPE
 + 1567 XmlConfiguration will start the same object multiple times
 + 1568 ServletUpgradeRequest mangles query strings containing percent-escapes
   by re-escaping them
 + 1569 Allow setting of maxBinaryMessageSize to 0 in WebSocketPolicy
 + 1579 NPE in Quoted Quality CSV

jetty-9.3.20.v20170531 - 31 May 2017
 + 523 TLS close behaviour breaking session resumption
 + 1108 Improve logging in SslContextFactory when there are no approved cipher
   suites
 + 1527 Jetty BOM should not depend on jetty-parent
 + 1556 A timing channel in Password.java
 + 1567 XmlConfiguration will start the same object multiple times

jetty-9.4.5.v20170502 - 02 May 2017
 + 304 Review dead code - StringUtil.sidBytesToString
 + 1235 DNS lookup in newSSLEngine(InetSocketAddress address)
 + 1348 Add a BOM artifact
 + 1390 HashLoginService and "this.web-inf.url" property are incompatible
 + 1404 Jetty 9.4.2 does not support constructors with varargs in XML config
   files
 + 1448 StackOverflowError when using URLStreamHandlerFactory in
   WebAppClassloader
 + 1475 SIOOBE in ContextHandler startup
 + 1481 Add convenient method to add user to Realm
 + 1486 redirect to welcome file broken for sub directory
 + 1487 add decoded paths
 + 1492 Unable to override logback.version
 + 1493 Response.sendError should preserve cookies
 + 1494 Module resolution ignores alternate providers where a .mod file of the
   same name exists
 + 1500 HttpServletResponse.sendError() should commit and close
 + 1502 WebSocket endpoints cannot be mapped when the session id is url encoded
 + 1504 Improve defaults for HTTP/2 flow control
 + 1505 jetty.base.uri and jetty.home.uri
 + 1506 Make HttpChannels recycling configurable for HTTP/2
 + 1507 Negative delay Timer.schedule exception due to mismatched local and
   _logTimeZone values
 + 1508 Update to gcloud datastore 1.0.0
 + 1510 Look for SessionHandlers instead of ContextHandlers in
   DefaultSessionIdManager
 + 1513 RolloverFileOutputStream can't handle multiple instances
 + 1517 Review JMX's ConnectorServer
 + 1521 Prevent copy of jetty jars to lib/gcloud
 + 1523 Update ALPN support for Java 8u131

jetty-9.3.19.v20170502 - 02 May 2017
 + 877 Programmatic servlet mappings cannot override mappings from
   webdefault.xml using quickstart
 + 1348 Add a BOM artifact
 + 1390 HashLoginService and "this.web-inf.url" property are incompatible
 + 1463 SSL Renegotiate limit
 + 1469 IllegalStateException in RolloverFileOutputStream
 + 1486 redirect to welcome file broken for sub directory
 + 1487 add decoded paths
 + 1507 Negative delay Timer.schedule exception due to mismatched local and
   _logTimeZone values
 + 1513 RolloverFileOutputStream can't handle multiple instances
 + 1523 Update ALPN support for Java 8u131

jetty-9.4.4.v20170414 - 14 April 2017
 + 612 Support HTTP Trailer
 + 877 Programmatic servlet mappings cannot override mappings from
   webdefault.xml using quickstart
 + 1201 X-Forwarded-For incorrectly set in jetty-http-forwarded.xml
 + 1334 Dispatcher.commitResponse() failure is unreported
 + 1386 Optimise session writes
 + 1411 Use short-circuit operator in websocket Frame
 + 1417 Improve classloader dumping
 + 1418 setWriteListener causes race
 + 1423 Update to gcloud datastore 0.10.0-beta
 + 1433 Wrong status message for code 417
 + 1434 Improve properties in jetty-gzip.xml
 + 1435 Apply setCharacterEncoding to static content without an assumed
   encoding
 + 1436 NullPointerException when calling changeSessionId
 + 1439 Allow UNC paths to function as Resource bases
 + 1440 Improve lock contention for low resources scheduling strategy
 + 1444 Deprecate Continuations
 + 1448 StackOverflowError when using URLStreamHandlerFactory in
   WebAppClassloader
 + 1449 Unable to find the JVM Lib directory in WebAppContext
 + 1450 JMX does not export session statistics
 + 1454 CachedContentFactory locks filesystem after first read of file
 + 1456 Error dispatch race with async write
 + 1463 SSL Renegotiate limit
 + 1466 Only use ServletContainerInitializers from server path for web.xml <
   3.0
 + 1467 Change default for WebAppContext.isConfiguredDiscovered to false
 + 1469 IllegalStateException in RolloverFileOutputStream
 + 1472 Broken *.gz symlinks cause NPE in DefaultServlet
 + 1475 SIOOBE in ContextHandler startup

jetty-9.3.18.v20170406 - 06 April 2017
 + 877 Programmatic servlet mappings cannot override mappings from
   webdefault.xml using quickstart
 + 1201 X-Forwarded-For incorrectly set in jetty-http-forwarded.xml
 + 1316 Request.extract*Parameters() reports context
 + 1322 Request.extract*Parameters() throws for bad UTF8 same as for bad
   ISO88591
 + 1326 Removed non-standard "%uXXXX" encoding support
 + 1417 Improve classloader dumping
 + 1439 Allow UNC paths to function as Resource bases

jetty-9.4.3.v20170317 - 17 March 2017
 + 329 Javadoc for HttpTester and ServletTester needs to reference limited HTTP
   version scope
 + 856 Add server/port and auth configuration for mongo sessions
 + 1015 Ensure jetty-distribution excludes git / temp files
 + 1184 IllegalStateException for HEAD requests responded with 404
 + 1340 PushCacheFilter question
 + 1351 StringIndexOutOfBoundsException thrown on incomplete Accept-Language
   header
 + 1353 A Large ClasspathPattern results in infinite loop
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
 + 1363 HttpInput.read deadlock (async mode)
 + 1374 When `Server.start` fails, beans ought to be stopped
 + 1375 Support pushed resources in HTTP client
 + 1378 Slow TLS clients may hang the server
 + 1379 Misleading javadoc for initialization of SessionIdPathParameterName
 + 1383 javadoc build on JDK 8u121 fails due to scripts
 + 1384 Expose StatisticsServlet to webapp
 + 1387 Windows and paxexam failure due to "renaming bundle"
 + 1389 Update to gcloud datastore-0.9.4-beta
 + 1390 HashLoginService and "this.web-inf.url" property are incompatible
 + 1396 Set-Cookie produced by Jetty is invalid for RFC6265 and Chrome
 + 1398 Ensure all SessionDataStores store lastsaved time
 + 1401 HttpOutput.recycle() does not clear the write listener
 + 1402 Move RFC syntax validation to jetty-http Syntax class
 + 1403 Move new CookieCompliance class to jetty-http
 + 1405 Cookie name cannot be blank or null

jetty-9.3.17.v20170317 - 17 March 2017
 + 329 Javadoc for HttpTester and ServletTester needs to reference limited HTTP
   version scope
 + 1015 Ensure jetty-distribution excludes git / temp files
 + 1047 ReadPendingException and then thread death
 + 1296 Introduce HTTP parser "content complete" event
 + 1326 Jetty shutdown command got NullPointerException (http2 module added to
   start)
 + 1328 Response.setBufferSize(int) ISE should be more clear on reason
 + 1340 PushCacheFilter question
 + 1342 Improve ByteBufferPool scalability
 + 1351 StringIndexOutOfBoundsException thrown on incomplete Accept-Language
   header
 + 1357 RolloverFileOutputStream: No rollout performed at midnight
 + 1374 When `Server.start` fails, beans ought to be stopped
 + 1375 Support pushed resources in HTTP client
 + 1378 Slow TLS clients may hang the server
 + 1383 javadoc build on JDK 8u121 fails due to scripts
 + 1384 Expose StatisticsServlet to webapp
 + 1387 Windows and paxexam failure due to "renaming bundle"
 + 1389 Update to gcloud datastore-0.9.4-beta
 + 1390 HashLoginService and "this.web-inf.url" property are incompatible
 + 1394 Default OS Locale/Encoding/Charset can cause test failures
 + 1396 Set-Cookie produced by Jetty is invalid for RFC6265 and Chrome
 + 1401 HttpOutput.recycle() does not clear the write listener

jetty-9.4.2.v20170220 - 20 February 2017
 + 612 Support HTTP Trailer
 + 1047 ReadPendingException and then thread death
 + 1226 Undefined JETTY_LOGS breaks jetty.sh
 + 1284 IllegalStateException updating session inactive interval
 + 1290 http2-hpack not visible in OSGi
 + Allow application to hint that chunking should be used
 + 1292 jetty-home has unresolvable dependencies
 + 1296 Introduce HTTP parser "content complete" event
 + 1298 Generate gcloud-datastore.mod
 + 1300 Update to gcloud-datastore 0.8.2
 + 1307 Session scavenge needs to invalidate session
 + 1309 HttpClient GZIPContentDecoder should use the clients ByteBufferPool
 + 1313 Insufficient Bytes behavior change in jetty 9.4.x due to HTTP Trailers
   support?
 + 1315 Update to gcloud datastore 0.8.3-beta
 + 1326 Jetty shutdown command got NullPointerException (http2 module added to
   start)
 + 1328 Response.setBufferSize(int) ISE should be more clear on reason
 + 1329 Update to gcloud-datastore 0.9.2-beta
 + 1331 NPE in ClasspathPattern.add when using module logging-log4j2.mod and
   other logging modules
 + 1342 Improve ByteBufferPool scalability

jetty-9.4.1.v20170120 - 20 January 2017
 + 486 JDK 9 ALPN implementation
 + 592 Support no-value Host header in HttpParser
 + 612 Support HTTP Trailer
 + 1044 Unix socket connector blocks for 30 seconds on stopping the server
 + 1073 JDK9 support in Jetty 9.3.x
 + 1138 Ensure xml validation works on web descriptors
 + 1139 Support configuration of properties during --add-to-start
 + 1146 jetty.server.HttpInput deadlock
 + 1161 HttpClient and WebSocketClient should not remove all cookies on stop
 + 1162 Make request.changeSessionId() work with NullSessionCache
 + 1163 Start error results in NPE
 + 1167 NPE while completing a reset HTTP/2 stream
 + 1169 HTTP/2 reset on a stalled write does not unblock writer thread
 + 1171 jetty-client throws NPE for request to IDN hosts only when
   `HttpClient#send(...)` is called
 + 1175 Reading HttpServletRequest InputStream from a Filter then accessing
   getParameterNames() results in java.io.IOException: Missing content for
   multipart request
 + 1181 Review buffer underflow cases in SslConnection
 + 1184 IllegalStateException for HEAD requests responded with 404
 + 1185 Connection abruptly closed for HEAD requests
 + 1188 Cannot --add-to-start=logback-access due to logback-core dependancy
 + 1195 Problem using STOP.PORT and STOP.KEY with --exec
 + 1197 WebSocketClient not sending `Authorization` request header
 + 1200 Context path not set for symlink from root
 + 1201 X-Forwarded-For incorrectly set in jetty-http-forwarded.xml
 + 1202 NPE in JsrSession when dealing with a response missing the
   `Sec-WebSocket-Extensions` header
 + 1203 HttpSessionBindingListener#valueUnbound not called consistently in
   9.4.0
 + 1207 WebSocketPolicy configuration inconsistent when using JSR
 + 1209 IllegalStateException when HTTP/2 push is disabled
 + 1214 Accepted subprotocol is not provided when @OnWebSocketConnect method is
   invoked
 + 1216 Can't stop/start a WebAppContext with websocket
 + 1218 ReadPendingException is thrown when using
   o.e.j.websocket.api.Session.suspend
 + 1220 PushCacheFilter does not add the context path to pushed resources
 + 1222 Authenticated sessions throw exception on invalidate
 + 1223 Allow session workername to be null
 + 1224 HttpSessionListener.sessionDestroyed can no longer access session
 + 1226 Undefined JETTY_LOGS breaks jetty.sh
 + 1228 Internal error during SSL handshake
 + 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
   with WEB-INF/lib/jetty-http.jar present
 + 1234 onBadMessage called from with handled message
 + 1254 9.4.x Server resource handler welcome files forwarding not working
 + 1260 Expand system properties in start
 + 1262 BufferUtil.isMappedBuffer() uses reflection on private JDK fields
 + 1265 JAXB not available in JDK 9
 + 1267 Request.getRemoteUser can throw undeclared IllegalStateException via
   DeferredAuthentication & FormAuthenticator
 + 1268 <jsp-file>incorrectly handled when the jsp is at the top directory
 + 1269 Extensible assumed charset for mimetypes
 + 1270 GzipHandler rework on dispatches
 + 1271 Update to apache jasper 8.5.9
 + 1272 Update ALPN versions for 8u111
 + 1274 Distinguish no tlds vs no MetaInfConfiguration tld scanning for
   quickstart
 + 1276 Remove org.eclipse.jetty.websocket.server.WebSocketServerFactory from
   SPI

jetty-9.3.16.v20170120 - 20 January 2017
 + 486 JDK 9 ALPN implementation
 + 592 Support no-value Host header in HttpParser
 + 612 Support HTTP Trailer
 + 1073 JDK9 support in Jetty 9.3.x
 + 1195 Problem using STOP.PORT and STOP.KEY with --exec
 + 1197 WebSocketClient not sending `Authorization` request header
 + 1200 Context path not set for symlink from root
 + 1202 NPE in JsrSession when dealing with a response missing the
   `Sec-WebSocket-Extensions` header
 + 1228 Internal error during SSL handshake
 + 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
   with WEB-INF/lib/jetty-http.jar present
 + 1234 onBadMessage called from with handled message
 + 1262 BufferUtil.isMappedBuffer() uses reflection on private JDK fields
 + 1265 JAXB not available in JDK 9
 + 1267 Request.getRemoteUser can throw undeclared IllegalStateException via
   DeferredAuthentication & FormAuthenticator
 + 1268 <jsp-file>incorrectly handled when the jsp is at the top directory
 + 1269 Extensible assumed charset for mimetypes
 + 1270 GzipHandler rework on dispatches
 + 1272 Update ALPN versions for 8u111
 + 1274 Distinguish no tlds vs no MetaInfConfiguration tld scanning for
   quickstart
 + 1275 Get rid of Mockito
 + 1276 Remove org.eclipse.jetty.websocket.server.WebSocketServerFactory from
   SPI

jetty-9.2.21.v20170120 - 20 January 2017
 + 592 Support no-value Host header in HttpParser
 + 1229 ClassLoader constraint issue when using NativeWebSocketConfiguration
   with WEB-INF/lib/jetty-http.jar present
 + 1267 Request.getRemoteUser can throw undeclared IllegalStateException via
   DeferredAuthentication & FormAuthenticator

jetty-9.3.15.v20161220 - 20 December 2016
 + 240 Missing content for multipart request after upgrade to Jetty > 9.2.7
 + 905 Jetty terminates SSL connections too early with Connection: close
 + 1020 Java Util Logging properties in wrong location
 + 1050 Add multiple FilterHolder to a ServletContextHandler may cause problems
 + 1051 NCSARequestLog/RolloverFileOutputStream does not roll day after DST
   ends
 + 1054 Using WebSocketPingPongListener with empty PING payload results in
   NullPointerException
 + 1057 Improve WebSocketUpgradeFilter fast path performance
 + 1062 Jetty allows requests to hang under PUT load
 + 1063 HostPortHttpField should handle port-only values
 + 1064 HttpClient sets chunked transfer-encoding
 + 1065 Response.setBufferSize checks for written content
 + 1069 Host header should be sent with HTTP/1.0
 + 1072 InetAccessHandler needs InetAddress & Path based restrictions like
   IPAccessHandler did
 + 1078 DigestAuthentication should use realm from server, even if unknown in
   advance
 + 1081 DigestAuthenticator does not check the realm sent by the client
 + 1090 Allow WebSocketUpgradeFilter to be used by WEB-INF/web.xml
 + 1092 jetty-runner jstl support
 + 1098 MimeTypes.getCharsetFromContentType() unable parse "application/pdf;;;
   charset=UTF-8"
 + 1099 PushCacheFilter pushes POST requests
 + 1108 Please improve logging in SslContextFactory when there are no approved
   cipher suites
 + 1118 Filter.destroy() conflicts with ContainerLifeCycle.destroy() in
   WebSocketUpgradeFilter
 + 1123 Broken lifecycle for WebSocket's mappings
 + 1124 Allow configuration of WebSocket mappings from Spring
 + 1130 PROXY protocol support reports incorrect remote address
 + 1134 Jetty HTTP/2 client problems
 + 1135 Avoid allocations from Method.getParameterTypes() if possible
 + 1146 jetty.server.HttpInput deadlock
 + 1161 HttpClient and WebSocketClient should not remove all cookies on stop
 + 1169 HTTP/2 reset on a stalled write does not unblock writer thread
 + 1171 jetty-client throws NPE for request to IDN hosts only when
   `HttpClient#send(...)` is called
 + 1175 Reading HttpServletRequest InputStream from a Filter then accessing
   getParameterNames() results in java.io.IOException: Missing content for
   multipart request
 + 1181 Review buffer underflow cases in SslConnection
 + 1186 Where can i find SocketConnector .java and
   BlockingChannelConnector.java etc?

jetty-9.2.20.v20161216 - 16 December 2016
 + 295 Ensure Jetty Client use of Deflater / Inflater calls .end() to avoid
   memory leak
 + Reset Response buffer size
 + 1051 NCSARequestLog/RolloverFileOutputStream does not roll day after DST
   ends
 + 1057 Improve WebSocketUpgradeFilter fast path performance
 + 1090 Allow WebSocketUpgradeFilter to be used by WEB-INF/web.xml
 + 1124 Allow configuration of WebSocket mappings from Spring
 + 1130 PROXY protocol support reports incorrect remote address

jetty-9.4.0.v20161208 - 08 December 2016
 + 1112 How config async support in jsp tag?
 + 1124 Allow configuration of WebSocket mappings from Spring
 + 1139 Support configuration of properties during --add-to-start
 + 1146 jetty.server.HttpInput deadlock
 + 1148 Support HTTP/2 HEADERS trailer
 + 1151 NPE in ClasspathPattern.match()
 + 1153 Make SessionData easier to subclass
 + 123 AbstractSessionIdManager can't atomically check for uniqueness of new
   session ID

jetty-9.4.0.RC3 - 05 December 2016
 + 1051 NCSARequestLog/RolloverFileOutputStream does not roll day after DST
   ends
 + 1062 Jetty allows requests to hang under PUT load
 + 1090 Allow WebSocketUpgradeFilter to be used by WEB-INF/web.xml
 + 1092 jetty-runner jstl support
 + 1108 Please improve logging in SslContextFactory when there are no approved
   cipher suites
 + 1117 quickstart generator of quickstart-web.xml should keep ids
 + 1118 Filter.destroy() conflicts with ContainerLifeCycle.destroy() in
   WebSocketUpgradeFilter
 + 1123 Broken lifecycle for WebSocket's mappings
 + 1124 Allow configuration of WebSocket mappings from Spring
 + 1128 Stats Servlet hidden from classpath
 + 1130 PROXY protocol support reports incorrect remote address
 + 1134 Jetty HTTP/2 client problems
 + 1135 Avoid allocations from Method.getParameterTypes() if possible
 + 1138 Ensure xml validation works on web descriptors
 + 1139 Support configuration of properties during --add-to-start
 + 1142 Do not warn for default settings in sessions
 + 1143 Upgrade google cloud APIs to 0.7.0
 + 117 Support proxies with WebSocketClient
 + 572 Don't reject HTTP/2 requests without body in low threads mode
 + 877 Programmatic servlet mappings cannot override mappings from
   webdefault.xml using quickstart

jetty-9.4.0.RC2 - 16 November 2016
 + 240 Missing content for multipart request after upgrade to Jetty > 9.2.7
 + 586 Thread pools and connectors
 + 644 Modules for enabling logging
 + 905 Jetty terminates SSL connections too early with Connection: close
 + 907 Update to support apache jasper 8.5.5
 + 1020 Java Util Logging properties in wrong location
 + 1023 Error on configuring slf4j-simple-impl module
 + 1029 Restore Request.setHttpVersion()
 + 1031 Improve HttpField pre-encoding
 + 1032 Remove jetty dependencies in jetty jasper classes
 + 1037 Don't execute AsyncListener.onTimeout events in spare Scheduler-Thread
 + 1038 AttributeNormalizer does not favor ${WAR} over other attributes, like
   ${jetty.base}
 + 1039 AttributeNormalizer should not track attributes that are null
 + 1045 Abort HttpChannel onCompletion if wrong content length set
 + 1046 Improve HTTP2Flusher error report
 + 1050 Add multiple FilterHolder to a ServletContextHandler may cause problems
 + 1054 Using WebSocketPingPongListener with empty PING payload results in
   NullPointerException
 + 1057 Improve WebSocketUpgradeFilter fast path performance
 + 1062 Jetty allows requests to hang under PUT load
 + 1063 HostPortHttpField should handle port-only values
 + 1064 HttpClient sets chunked transfer-encoding
 + 1065 Response.setBufferSize checks for written content
 + 1066 Content-Length: 0 set when not required
 + 1067 Ensure if session scavenging is disabled, no candidate expired sessions
   accumulate
 + 1069 Host header should be sent with HTTP/1.0
 + 1070 Refactor calculation for session expiry
 + 1071 Ensure dirty flag set on a new session
 + 1072 InetAccessHandler needs InetAddress & Path based restrictions like
   IPAccessHandler did
 + 1074 Improve HttpInput for non dispatched calls
 + 1075 If read from session data cache fails, fallback to session data store
 + 1077 doHandle defined twice for ScopedHandler
 + 1078 DigestAuthentication should use realm from server, even if unknown in
   advance
 + 1081 DigestAuthenticator does not check the realm sent by the client
 + 1091 Update to gcloud datastore 0.5.1
 + 1098 MimeTypes.getCharsetFromContentType() unable parse "application/pdf;;;
   charset=UTF-8"
 + 1099 PushCacheFilter pushes POST requests
 + 1103 AbstractNCSARequestLog reports too much of the Request URI

jetty-9.3.14.v20161028 - 28 October 2016
 + 292 NPE in SslConnectionFactory newConnection
 + 295 Ensure Jetty Client use of Deflater / Inflater calls .end() to avoid
   memory leak
 + 989 InputStreamResponseListener.get() throws with HTTP/2 following redirect
 + 1009 9.3.x] ThreadLimitHandler has no method setBlockForMs
 + 1018 Remove dependency on asm types in oej.annotations.Util
 + 1029 Restore Request.setHttpVersion()
 + 1031 Improve HttpField pre-encoding
 + 1032 Remove jetty dependencies in jetty jasper classes
 + 1037 Don't execute AsyncListener.onTimeout events in spare Scheduler-Thread
 + 1038 AttributeNormalizer does not favor ${WAR} over other attributes, like
   ${jetty.base}
 + 1039 AttributeNormalizer should not track attributes that are null
 + 1046 Improve HTTP2Flusher error report
 + 480764 Add extra tests for empty multipart

jetty-9.4.0.RC1 - 21 October 2016
 + 277 Proxy servlet does not handle HTTP status 100 correctly
 + 292 NPE in SslConnectionFactory newConnection
 + 295 Ensure Jetty Client use of Deflater / Inflater calls .end() to avoid
   memory leak
 + 382 Support Request auto decompress in GzipHandler
 + 644 Modules for enabling logging
 + 788 Attempting to activate a module that is already enabled
 + 914 Regularize the naming of the session configuration properties
 + 915 The jetty-maven-plugin:stop goal doesn't stop everything completely
 + 918 Support certificates hot reload
 + 926 No LSB Tags on jetty.sh script cause warning on Ubuntu 16.04
 + 927 Allow custom schema for session tables
 + 940 Reset Response buffer size
 + 941 Make GCloudSessionDataStore more configurable
 + 944 Make a NullSessionCache module
 + 945 Property for SessionCache.saveOnCreate missing in session-cache-hash.mod
 + 946 Fix javadoc on MongoSessionDataStore
 + 948 jetty-distribution invalid config etc/jetty-http2c.xml
 + 953 Add namespace support to GCloudSessionDataStore
 + 954 Fallback to less efficient queries if no indexes for
   GCloudSessionDataStore
 + 955 Response listeners not invoked when using Connection.send()
 + 959 CompleteListener invoked twice for HTTP/2 transport and response content
 + 960 Async I/O spin when reading early EOF
 + 963 location based black/white classpath patterns
 + 966 Remove usages of ConcurrentArrayQueue
 + 984 Improve logging modules and module listing
 + 989 InputStreamResponseListener.get() throws with HTTP/2 following redirect
 + 993 Add GAE_MODULE_INSTANCE env var as default for session id manager
 + 998 Normalize [tags] directive in *.mod files
 + 999 Create a Flight Recorder module
 + 1000 Allow legacy behaviour if 2 servlets map to same path
 + 1003 Better error messages when invoking deprecated modules
 + 1007 Update to gcloud datastore 0.4.0
 + 1009 ThreadLimitHandler has no method setBlockForMs
 + 1013 Overlay directory for modules
 + 1014 Sessions created via https throw "invalid for write" exception
 + 1017 Output session configuration for dump
 + 1018 Remove dependency on asm types in oej.annotations.Util

jetty-9.3.13.v20161014 - 14 October 2016
 + 295 Ensure Jetty Client use of Deflater / Inflater calls .end() to avoid
   memory leak
 + 926 No LSB Tags on jetty.sh script cause warning on Ubuntu 16.04
 + 999 Create a Flight Recorder module
 + 1000 Allow legacy behaviour if 2 servlets map to same path

jetty-9.3.13.M0 - 30 September 2016
 + 277 Proxy servlet does not handle HTTP status 100 correctly
 + 870 TLS protocol exclusion broken for SslContextFactory(String)
 + 915 The jetty-maven-plugin:stop goal doesn't stop everything completely
 + 918 Support certificates hot reload
 + 930 Add module instructions to SSL section
 + 943 Docs: Error in 'Embedding Jetty' page - example 'FileServer'
 + 948 9.4.0.RC0 jetty-distribution invalid config etc/jetty-http2c.xml
 + 955 Response listeners not invoked when using Connection.send()
 + 959 CompleteListener invoked twice for HTTP/2 transport and response content
 + 960 Async I/O spin when reading early EOF
 + 965 Link from High Load docs to Garbage Collection Tuning is broken
 + 966 Remove usages of ConcurrentArrayQueue

jetty-9.4.0.RC0 - 15 September 2016
 + 131 Improve Connector Statistic names and values
 + 572 Don't reject HTTP/2 requests without body in low threads mode
 + 725 Provide a private way to report security issues
 + 731 Update modules in Jetty 9.4
 + 806 Jetty HttpClient authentication - missing any realm option
 + 844 Implement a Thread Limit Handler
 + 845 Improve blocking IO for data rate limiting
 + 851 MBeanContainer no longer unregisters MBeans when "stopped"
 + 854 If container.destroy() is called, calling container.start() again should
   throw an IllegalStateException
 + 855 JMXify MBeanContainer
 + 856 Add server/port and auth configuration for mongo sessions
 + 860 Only TLS 1.2 Supported
 + 868 ClassLoader leak with Jetty and Karaf - static instances of
   java.lang.Throwable
 + 870 TLS protocol exclusion broken for SslContextFactory(String)
 + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class
 + 882 Add IPv6 support to IPAddressMap in jetty-util
 + 889 ConstantThrowable.name can be removed
 + 890 Review MappedByteBufferPool
 + 894 When adding servless class, preserve Class instead of going through
   String
 + 897 Remove GzipHandler interceptor when out of scope
 + 898 GzipHandler adds multiple Vary header
 + 902 Expect: 100-Continue does not work with HTTP/2
 + 906 Expose jetty juli log for jasper in osgi
 + 909 Path and Domain not properly matched in addCookie()
 + 911 Request.getRequestURI() gets decoded after startAsync(req, resp) is
   invoked
 + 913 Unprotected debug in WebAppClassLoader
 + 914 Regularize the naming of the session configuration properties
 + 922 Implements methods Connection.getBytes[In|Out]()
 + 931 Update gcloud datastore to 0.3.0

jetty-9.3.12.v20160915 - 15 September 2016
 + 56 Fix authn issues in LdapLoginModule
 + 131 Improve Connector Statistic names and values
 + 185 Implement RFC 7239 (Forwarded header)
 + 700 Bundle org.eclipse.jetty.http.spi not available via p2 repository
 + 725 Provide a private way to report security issues
 + 752 Implement support for HTTP2 SETTINGS_MAX_HEADER_LIST_SIZE
 + 759 Ensure wrapped Responses will close and commit outputstream or writer
 + 780 The moved websocket PathSpec is incompatible with cometd 3.0.x
 + 783 Report name of broken jar file
 + 784 JSP Session updated before sendRedirect() lose their information
 + 786 Buffering Response Handler
 + 790 AsyncContentListener semantic broken with HTTP/2 transport
 + 792 HTTP/2] Socket seems to be not closed completely
 + 797 MimeTypes resource loading incorrect on OSGi
 + 798 async IO Write closed race
 + 804 setting default Url Encoding broken in Jetty >= 9.3
 + 806 Jetty HttpClient authentication - missing any realm option
 + 817 NPE in jndi Resource
 + 826 Better default for HTTP/2's max concurrent streams
 + 827 HTTPClient fails connecting to HTTPS host through an HTTP proxy
   w/authentication
 + 830 Test webapp not properly copied to demo-base
 + 832 ServerWithJNDI example uses wrong webapp
 + 841 support reset in buffering interceptors
 + 844 Implement a Thread Limit Handler
 + 845 Improve blocking IO for data rate limiting
 + 851 MBeanContainer no longer unregisters MBeans when "stopped"
 + 854 If container.destroy() is called, calling container.start() again should
   throw an IllegalStateException
 + 855 JMXify MBeanContainer
 + 860 Only TLS 1.2 Supported
 + 868 ClassLoader leak with Jetty and Karaf - static instances of
   java.lang.Throwable
 + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class
 + 882 Add IPv6 support to IPAddressMap in jetty-util
 + 889 ConstantThrowable.name can be removed
 + 894 When adding servless class, preserve Class instead of going through
   String
 + 897 Remove GzipHandler interceptor when out of scope
 + 898 GzipHandler adds multiple Vary header
 + 902 Expect: 100-Continue does not work with HTTP/2
 + 909 Path and Domain not properly matched in addCookie()
 + 911 Request.getRequestURI() gets decoded after startAsync(req, resp) is
   invoked
 + 913 Unprotected debug in WebAppClassLoader
 + 922 Implements methods Connection.getBytes[In|Out]()

jetty-9.2.19.v20160908 - 08 September 2016
 + 817 NPE in jndi Resource
 + 830 Test webapp not properly copied to demo-base
 + 832 ServerWithJNDI example uses wrong webapp
 + 851 MBeanContainer no longer unregisters MBeans when "stopped"
 + 868 ClassLoader leak with Jetty and Karaf - static instances of
   java.lang.Throwable
 + 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class
 + 882 Add IPv6 support to IPAddressMap in jetty-util
 + 894 When adding servless class, preserve Class instead of going through
   String
 + 899 PathFinderTest fails in jetty-9.2.x

jetty-9.4.0.M1 - 15 August 2016
 + 185 Implement RFC 7239 (Forwarded header)
 + 213 jetty.osgi.boot requires Server services registered before
   ContextHandler services
 + 282 When warning about conflicting servlet mappings, detail where each
   mapping comes from
 + 306 Merge jetty-parent into jetty-project
 + 388 Add methods to send text frames with pre-encoded strings
 + 425 Incorrect @ServerEndpoint Encoder/Decoder lifecycle
 + 487 JDK 9 build compatibility
 + 515 Alternate start modules
 + 56 Fix authn issues in LdapLoginModule
 + 592 Support no-value Host header in HttpParser
 + 620 Missing call to setPattern in RewritePatternRule constructor
 + 623 Add --gzip suffix to 304 responses with ETAGs
 + 624 AsyncContext.onCompleted called twice
 + 627 Use only start.ini or start.d, not both
 + 628 IOException: Unable to open root Jar file
   MetaInfConfiguration.getTlds(MetaInfConfiguration.java:406) with Spring boot
   loader + WebAppContext + non-expanded war
 + 638 ConnectHandler responses should have Content-Length
 + 639 ServerContainer stores WebSocket sessions twice
 + 640 ClientContainer should store WebSocket sessions as beans
 + 641 MongoSessionIdManager uses deprecated ensureIndex
 + 644 Modules for enabling logging
 + 647 HTTP/2 CONTINUATION frame parsing throws IllegalStateException
 + 648 Problem using InputStreamResponseListener to handle HTTP/2 responses
 + 654 Jetty 9.3 ServletContext.getResourceAsStream("/") returns an unusable
   stream
 + 658 Add memcached option for gcloud-sessions in jetty-9.3
 + 659 CONNECT request fails spuriously
 + 660 NullPointerException in Request.getParameter: _parameters is null
 + 661 JsrExtension is missing hashCode() and equals()
 + 663 Update gcloud datastore to 0.2.3
 + 667 Introduce optional `jetty.deploy.monitoredPath` for jetty-deploy paths
   outside of ${jetty.base}
 + 668 Introduce optional `jetty.deploy.defaultsDescriptorPath` for
   jetty-deploy defaults descriptor outside of ${jetty.home}
 + 671 Incorrect ALPN default protocol
 + 672 Allow logging configuration announcement to be programmatically disabled
 + 673 ClasspathPattern needs a match all pattern
 + 675 Slf4jLog.ignore() should produce at DEBUG level
 + 676 JavaUtilLog.ignore() should produce at DEBUG level
 + 677 Logging of .ignore() should indicate that it was an "Ignored Exception"
 + 678 Log at less than DEBUG level when annotation scanning takes significant
   time
 + 682 Quickstart should not scan all container path jars
 + 684 HttpClient proxies (HttpProxy and Socks4Proxy) do not support
   authentication
 + 685 SecureRequestCustomizer SSLSession attribute not set
 + 687 AllowSymLinkAliasChecker not normalizing relative symlinks properly
 + 689 Drop support for http2 drafts
 + 690 jetty-maven-plugin does not configure AnnotationConfiguration for
   jetty:effective-web-xml goal
 + 695 Deprecate LocalConnector.getResponses() in favor of using .getResponse()
 + 696 LocalConnector.getResponse() doesn't find close if using HTTP/1.1
   w/Connection: close
 + 700 Bundle org.eclipse.jetty.http.spi not available via p2 repository
 + 701 Document CachingWebAppClassLoader
 + 706 org.apache.jasper.compiler.disablejsr199 is no longer present in Jetty
   9.3+
 + 708 SslContextFactory: newSslServerSocket/newSslSocket are not completely
   customized
 + 717 GzipHandler.minGzipSize still compresses small responses
 + 718 Document HttpClient transports
 + 720 asciiToLowerCase throws NullPointerException
 + 721 HTTP Response header value encoding is invalid for RFC7230
 + 723 Improve bad/missing mime.properties reporting
 + 730 "Slow" client causes IllegalStateException
 + 739 Illegal WindowUpdate frame with delta=0
 + 747 Update documentation to reflect TLS and SSL support
 + 749 Invalid WebSocket Upgrade should result in error 400, not 405
 + 751 Remove usages of ArrayQueue
 + 752 Implement support for HTTP2 SETTINGS_MAX_HEADER_LIST_SIZE
 + 755 NPE in HttpChannelOverHTTP2.requestContent()
 + 756 Filter out headers
 + 759 Ensure wrapped Responses will close and commit outputstream or writer
 + 761 Clarify retainDays for NCSARequestLog in documentation
 + 764 Chapter 16 Build Issue
 + 780 The moved websocket PathSpec is incompatible with cometd 3.0.x
 + 783 Report name of broken jar file
 + 784 JSP Session updated before sendRedirect() lose their information
 + 786 Buffering Response Handler
 + 788 Attempting to activate a module that is already enabled
 + 790 AsyncContentListener semantic broken with HTTP/2 transport
 + 792 HTTP/2] Socket seems to be not closed completely
 + 797 MimeTypes resource loading incorrect on OSGi
 + 798 async IO Write closed race
 + 802 Warning for --add-to-startd is not complete in 9.4.x
 + 804 setting default Url Encoding broken in Jetty >= 9.3
 + 815 Simplify infinispan session module
 + 817 NPE in jndi Resource
 + 826 Better default for HTTP/2's max concurrent streams
 + 827 HTTPClient fails connecting to HTTPS host through an HTTP proxy
   w/authentication
 + 830 Test webapp not properly copied to demo-base
 + 832 ServerWithJNDI example uses wrong webapp
 + 837 Update to support apache jasper 8.5.4
 + 841 support reset in buffering interceptors

jetty-9.3.11.v20160721 - 21 July 2016
 + 230 customize Content-Type in ErrorHandler's default error page
 + 592 Support no-value Host header in HttpParser
 + 631 SLOTH protection
 + 643 NPE in passing websocket client test
 + 649 LDAPLoginModule should disallow blank username and password
 + 658 Add memcached option for gcloud-sessions in jetty-9.3
 + 660 NullPointerException in Request.getParameter: _parameters is null
 + 663 Update gcloud datastore to 0.2.3
 + 667 Introduce optional `jetty.deploy.monitoredPath` for jetty-deploy paths
   outside of ${jetty.base}
 + 668 Introduce optional `jetty.deploy.defaultsDescriptorPath` for
   jetty-deploy defaults descriptor outside of ${jetty.home}
 + 669 Support UNC paths in PathResource
 + 671 Incorrect ALPN default protocol
 + 672 Allow logging configuration announcement to be programmatically disabled
 + 673 ClasspathPattern needs a match all pattern
 + 675 Slf4jLog.ignore() should produce at DEBUG level
 + 676 JavaUtilLog.ignore() should produce at DEBUG level
 + 677 Logging of .ignore() should indicate that it was an "Ignored Exception"
 + 678 Log at less than DEBUG level when annotation scanning takes significant
   time
 + 682 Quickstart should not scan all container path jars
 + 684 HttpClient proxies (HttpProxy and Socks4Proxy) do not support
   authentication
 + 685 SecureRequestCustomizer SSLSession attribute not set
 + 687 AllowSymLinkAliasChecker not normalizing relative symlinks properly
 + 690 jetty-maven-plugin does not configure AnnotationConfiguration for
   jetty:effective-web-xml goal
 + 693 QoSFilterTest failures are not capture by junit
 + 694 http2.client.StreamResetTest.testServerExceptionConsumesQueuedData stack
   not suppressed in test
 + 695 Deprecate LocalConnector.getResponses() in favor of using .getResponse()
 + 696 LocalConnector.getResponse() doesn't find close if using HTTP/1.1
   w/Connection: close
 + 701 Document CachingWebAppClassLoader
 + 706 org.apache.jasper.compiler.disablejsr199 is no longer present in Jetty
   9.3+
 + 708 SslContextFactory: newSslServerSocket/newSslSocket customization
 + 717 GzipHandler.minGzipSize still compresses small responses
 + 718 Document HttpClient transports
 + 720 asciiToLowerCase throws NullPointerException
 + 721 HTTP Response header value encoding is invalid for RFC7230
 + 723 Improve bad/missing mime.properties reporting
 + 726 Http2 Client parse error
 + 730 "Slow" client causes IllegalStateException
 + 733 Allow setCharacterEncoding after getOutputStream
 + 739 Illegal WindowUpdate frame with delta=0
 + 742 Fixed link to webtide.com
 + 745 Removed README.txt
 + 747 Update documentation to reflect TLS and SSL support
 + 751 Remove usages of ArrayQueue
 + 752 Implement support for HTTP2 SETTINGS_MAX_HEADER_LIST_SIZE
 + 755 NPE in HttpChannelOverHTTP2.requestContent()
 + 756 Filter problematic headers from CGI and FastCGIProxy

jetty-9.2.18.v20160721 - 21 July 2016
 + 425 Incorrect @ServerEndpoint Encoder/Decoder lifecycle
 + 649 LDAPLoginModule should disallow blank username and password
 + 654 Jetty 9.3 ServletContext.getResourceAsStream("/") returns an unusable
   stream
 + 661 JsrExtension is missing hashCode() and equals()
 + 756 Filter problematic headers from CGI and FastCGIProxy

jetty-9.3.11.M0 - 22 June 2016
 + 425 Incorrect @ServerEndpoint Encoder/Decoder lifecycle
 + 624 AsyncContext.onCompleted called twice
 + 645 jetty-requestlog.xml default log path
 + 654 Jetty 9.3 ServletContext.getResourceAsStream("/") returns an unusable
   stream
 + 659 CONNECT request fails spuriously
 + 660 NullPointerException in Request.getParameter: _parameters is null
 + 661 JsrExtension is missing hashCode() and equals()

jetty-9.3.10.v20160621 - 21 June 2016
 + 388 Add methods to send text frames with pre-encoded strings
 + 605 Guard concurrent calls to WebSocketSession.close()
 + 608 reset encoding set from content type?
 + 609 websocket ClientCloseTest testServerNoCloseHandshake is failing
 + 610 HttpClientRedirectTest/testRedirectWithWrongScheme test failing in CI
 + 620 Missing call to setPattern in RewritePatternRule constructor
 + 622 NoSqlSessionManager test for expired session does not use
   session.maxInactiveInterval
 + 623 Add --gzip suffix to 304 responses with ETAGs
 + 624 AsyncContext.onCompleted called twice
 + 628 IOException: Unable to open root Jar file
   MetaInfConfiguration.getTlds(MetaInfConfiguration.java:406) with Spring boot
   loader + WebAppContext + non-expanded war
 + 632 JMX tests rely on fixed port
 + 633 If jmx and websocket is enabled, redploying a context produces a
   NullPointerException
 + 638 ConnectHandler responses should have Content-Length
 + 639 ServerContainer stores WebSocket sessions twice
 + 640 ClientContainer should store WebSocket sessions as beans
 + 641 MongoSessionIdManager uses deprecated ensureIndex
 + 647 HTTP/2 CONTINUATION frame parsing throws IllegalStateException
 + 648 Problem using InputStreamResponseListener to handle HTTP/2 responses

jetty-9.4.0.M0 - 03 June 2016
 + 356 Element error-page/location must start with a '/'
 + 360 Improve HTTP/2 stream interleaving
 + 367 Resolve remaining git.eclipse.org build references
 + 411 ensure MongoSessionManager saves maxInactiveInterval and expiry
   correctly Issue #415 ensure setting > MAX_INT session-timeout is detected
 + 412 Clarify ServletContextListener.contextDestroyed
 + 418 Add osgi capability for endpoint configurator
 + 437786 SslContextFactory: Allow Password.getPassword to be overridden
 + 469 Update to Apache Jasper 8.0.33
 + 472675 No main manifest attribute, in jetty-runner regression
 + 478918 Change javax.servlet.error,forward,include literals to
   RequestDispatcher constants
 + 479179 Fixed NPE from debug
 + 479343 calls to MetaData#orderFragments() with relative ordering adds
   duplicate jars
 + 479537 Server preface sent after client preface reply
 + 479678 Support HTTP/1.1 Upgrade in HttpClient
 + 479712 Documented --approve-all-licenses
 + 479832 Update comment in gcloud-sessions.xml file
 + 479839 Regression when starting application with excessive scan times
 + 479865 IllegalStateException: Multiple servlets map to path: *.jsp: jsp,jsp
 + 479903 improve async onError handling
 + 480 jetty-osgi] org.eclipse.jetty.annotations should be optional
 + 480162 Continuations behavior differences due to HttpURI behavior
 + 480272 Update to newer jdt ecj version
 + 480827 Implemented Unix Domain Socket Connector
 + 480898 Introduce FilterMapping.getDispatcherTypes() method
 + 480904 jetty-util Loader simplification
 + 481075 Session statistics are not accurate
 + 481116 Introduce connection pooling also for HTTP/2 transport
 + 481203 Add ability to set configurations to apply to WebAppContext for
   jetty-maven-plugin
 + 481373 Corner cases where session may remain in JDBCSessionManager memory
 + 481717 Make Callback and Promise CompletableFuture-friendly
 + 481718 Improve stream interleaving
 + 481903 Module Descriptions
 + 482039 Create shaded jar for isolated jetty-client use
 + 482041 Add ServletHandler.newCachedChain() to ease customization
 + 482042 New API, Allow customization of ServletHandler path mapping
 + 482056 Compact path before using it in getRequestDispatcher()
 + 482057 MultiPartInputStream temp file permissions should be limited to user
 + 482172 Report form key size count in UrlEncoded exceptions
 + 482173 Track original Query string in Rewrite RuleContainer too
 + 483059 Remove cache of authenticated users
 + 483119 CachingWebAppClassLoader breaks JSP
 + 483427 AsyncContext complete while pending async Reads/Writes
 + 484349 Optimized PathMappings lookup
 + 484350 Allow GzipHandler path include/exclude to use regex
 + 484603 HashLoginService does not stop its PropertyUserStore
 + 484616 Outdated version of javaee_web_services_client_1_2.xsd
 + 484818 Expose interesting HTTP/2 attributes and operations via JMX
 + 484822 Jetty ThreadMonitor memory leak
 + 485 Multiple compressed formats from static content
 + 485031 two PathWatcher threads running after automatically restarting webapp
 + 485063 After stopping JettyWebAppContext, it still contains reference to old
   WebAppClassLoader via ServerContainer bean
 + 485064 HashSessionManager leaks ScheduledExecutorScheduler with reference to
   un-deployed webapp
 + 485199 Remove copyright blurb from pom.xml files
 + 485625 Allow overriding the conversion of a String into a Credential
 + 486497 NPE in MappedLoginService
 + 486530 Handler added to WebAppContext prevents ServletContext initialization
 + 493 OSGiClassLoader contains dead code
 + 495 EventSender might leak service-references or miss them at all
 + 514 Allow ExecutionStrategy to be configurable
 + 515 #467
 + 525 fix blockForContent spin
 + 532 Get rid of generated jetty-start/dependency-reduced-pom.xml
 + 533 Do not hide file resource exception
 + 605 Guard concurrent calls to WebSocketSession.close()
 + 608 reset encoding set from content type

jetty-9.3.10.M0 - 26 May 2016
 + 354 Spin loop in case of exception thrown during accept()
 + 464 Improve reporting of SSLHandshakeException
 + 542 Support Connection.Listener bean on clients
 + 574 Introduce a TLS handshake completed listener
 + 581 Initial session recv window setting not working
 + 85 Expose TLS protocol used for connection in SecureRequestCustomizer

jetty-9.3.9.v20160517 - 17 May 2016
 + 436 Migrate Jetty Documentation
 + 437 updates to NPE prevention
 + 501 clear continuation initial on undispatch
 + 510 Module [depend] property expansion should support eg
   foo/${bar}/${bar}-xxx
 + 514 Allow ExecutionStrategy to be configurable
 + 518 jarfile fix for springboot
 + 519 Disable SSL session caching
 + 521 Separate usage of the Server and the ServerConnector Executors
 + 525 Spin in HttpInputOverHttp.blockForContent with malformed HTTP-Request
 + 526 Headers set from RequestDispatcher.include() not showing up in response
 + 529 Start property for non standard JRE versions
 + 533 Do not hide file resource exception
 + 534 Deadlock in MongoSessionManager
 + 546 Guard concurrent calls to ExecutionStrategy.execute()
 + 547 ExecuteProduceConsume (EWYK) does not exit low threads mode
 + 552 Improve HTTP/2 idle timeout handling
 + 553 Abort HttpChannel if response has wrong content-length
 + 556 Improve Resource.getAlias() checks on Windows
 + 557 Review ThreadPool.isLowOnThreads()
 + 558 HTTP/2 server hangs when thread pool is low on threads
 + 560 Jetty Client Proxy Authentication does not work with HTTP Proxy
   tunneling
 + 561 Fixed test timer
 + 567 NPE in ErrorPageErrorHandler debug
 + 570 URIUtil.encodePath does not always encode utf8 chars
 + 571 AbstractAuthentication.matchesURI() fails to match scheme
 + 572 Don't reject HTTP/2 requests without body in low threads mode
 + 486530 Handler added to WebAppContext prevents ServletContext initialization

jetty-9.2.17.v20160517 - 17 May 2016
 + 560 Jetty Client Proxy Authentication does not work with HTTP Proxy
   tunneling
 + 571 AbstractAuthentication.matchesURI() fails to match scheme

jetty-9.2.16.v20160414 - 14 April 2016
 + 85 Expose TLS protocol used for connection in SecureRequestCustomizer
 + 316 add chm mime mapping to mime.properties
 + 353 Jetty Client doesn't forward authentication headers with redirects when
   using proxy
 + 365 Potential connection leakage in case of aborted request
 + 367 Build downloads from git.eclipse.org
 + 371 jasper dependencies are outdated in 9.2.x
 + 377 HttpClient - No supported cipher suites leads to stuck requests
 + 418 Javax websocket server impl does not expose all required services as
   OSGi capabilities
 + 424 Jetty impl. of Websocket ServerEndpointConfig.Configurator lifecycle out
   of spec.
 + 437 NPE is raised inside Jetty websocket client on receiving empty message
   through MessageHandler.Partial<>
 + 438 File and Path Resources with control characters should be rejected
 + 469 Update to support apache jasper 8.0.33
 + 510 Module [depend] property expansion should support eg
   foo/${bar}/${bar}-xxx

jetty-9.3.9.M1 - 11 April 2016
 + 481 Event response.success notified without waiting for content callback for
   HTTP/2 transport
 + 490 serverClasses set from jetty-web.xml
 + 491 Do not assume gzip acceptable for HTTP/2
 + 503 Wrong request-per-connection counting in MultiplexHttpDestination in
   case of failures
 + 504 HTTP/2 client transport cannot send request after idle timeout
   jetty-9.3.9.M0 - 05 April 2016
 + 184 Empty Realm for BasicAuthentication
 + 371 update apache jsp to 8.0.27
 + 418 Add osgi capability for endpoint configurator
 + 424 Jetty impl. of Websocket ServerEndpointConfig.Configurator lifecycle out
   of spec
 + 427 Squelch intentional exceptions seen during websocket testing
 + 434 RequestTest stack traces
 + 435 adjust debug log message
 + 437 Avoid NPE on receiving empty message though MessageHandler.Partial
 + 438 File and Path Resources with control characters should be rejected
 + 446 jetty-quickstart path normalization uses improper paths on Windows
 + 448 RFC2616 Compliance Mode should track and report RFC7230 violations
 + 450 Client AuthenticationProtocolHandler sends request failures to response
   failure listener
 + 451 RFC2616 Compliance mode should support empty headers
 + 453 Change logging of setting session maxInactiveInterval to DEBUG from WARN
 + 454 DoSFilter does not send an error status code when closing a connection
   because of timeout
 + 458 Improve Quality list handling
 + 467 Compact // rule
 + 469 Update to Apache Jasper 8.0.33
 + 470 AsyncContextState NPE if called after reset
 + 472 Use LongAdder for statistics
 + 476 HttpClient should not send absolute-form target with non HttpProxy

jetty-9.3.8.v20160314 - 14 March 2016
 + 107 ResourceHandler range support testcase
 + 124 Don't produce text/html if the request doesn't accept it
 + 247 improving invalid buffer manipulation exception messages
 + 258 Http request to origin server over https proxy contains absolute URL
 + 266 jetty-client redirection process is aborted if redirect response have
   corrupt body
 + 305 NPE when notifying the session listener if the channel is closed before
   a session has been opened
 + 316 Add *.chm mimetype mapping
 + 343 ensure release deployment of test-jetty-webapp:war and
   test-proxy-webapp:war
 + 346 HttpParser RFC2616 Compliance mode
 + 353 Jetty Client doesn't forward authentication headers with redirects when
   using proxy
 + 356 Element error-page/location must start with a '/'
 + 362 Very slow page load and missing resources when using HTTP/2 with Jetty
   9.3.7
 + 365 Potential connection leakage in case of aborted request
 + 366 Avoid HTTP2Flusher reentrancy
 + 367 Resolve remaining git.eclipse.org build references
 + 372 Data race in HttpReceiverOverHTTP2
 + 377 HttpClient - No supported cipher suites leads to stuck requests
 + 378 Can't configure per nodes settings in start.ini
 + 379 Insufficient information on asyncNotSupported
 + 381 HttpClient does not send the Authorization header with authenticating
   proxy
 + 386 Explicit Authorization header is dropped when handling 407s
 + 397 Multipart EOF handling
 + 402 Don't use Thread.isAlive() in ShutdownMonitor
 + 405 adding testcase for problematic HttpURI parsing of path params
 + 406 GzipHandler: allow to override the Vary response header
 + 407 JSR356 Server WebSocket Sessions no longer being tracked
 + 408 Http client does not work on https with proxy
 + 411 Add more debug log for mongosessionmanager and remove debug printlns
 + 413 HotSwapHandler null handlers
 + 416 Support HTTPS forward proxies
 + 417 HttpClient: review support for OPTIONS *
 + 423 Duplicate Content-Length header not handled correctly

jetty-9.3.8.RC0 - 25 February 2016
 + 81 Exception not always thrown in Jetty to application when upload part is
   too big
 + 82 Request.getPart() that results in Exception still allows other parts to
   be fetched
 + 251 Removing SSLEngine.beginHandshake() calls
 + 285 PathContentProvider - Use of Direct buffers without pooling
 + 298 qtp threads spin-locked in MBeanContainer.beanAdded
 + 342 Reintroducing Response parameter to logExtended
 + 344 init script does not properly display status of a non running service
 + 346 HttpParser RFC2616 Compliance mode
 + 347 Avoid sending request using a connection that is idle timing out
 + 352 Integrate session idling for MongoSessionManager
 + 354 Spin loop in case of exception thrown during accept()
 + 355 Improve close behavior for failed pending writes
 + 478918 Change javax.servlet.error,forward,include literals to
   RequestDispatcher constants
 + 484446 InputStreamResponseListener's InputStream uses default read (3) and
   blocks early on never-ending response.
 + 485306 HttpParser (HttpURI) mistaking basic auth password as a port number
 + 485469 permessage-deflate extension causes protocol error in Firefox/Chrome
 + 486394 Restore MultiPartFilter behavior with regards to temp file access
 + 486497 NPE in MappedLoginService
 + 486511 Server.getURI() returns wrong scheme on SSL/HTTPS
 + 486530 Handler added to WebAppContext prevents ServletContext initialization
 + 486589 HttpRequest has a wrong HTTP Version in HTTP/2
 + 486604 Add debug logging of ErrorPageErrorHandler logic
 + 486674 Quickstart path attribute normalization should be based on longest
   path match
 + 486829 Cancel stream error after a failed request with the HTTP/2.0 client
 + 486877 Google Chrome flagging 'obsolete cipher suite' in Jetty and will soon
   issue broken padlock
 + 486930 Selector does not correctly handle rejected execution exception
 + 487158 Switched SCM URIs to github
 + 487197 Deflater/Inflater memory leak with WebSocket permessage-deflate
   extension
 + 487198 ContextScopeListener should be called on context start and stop
 + 487277 Introduce http-forwarded module for X-Forwarded support
 + 487354 Aborted request or response does not send RST_STREAM frame
 + 487511 Jetty HTTP won't work on turkish systems
 + 487714 Avoid NPE in close race for async write
 + 487750 HTTP/2 push must not be recursive

jetty-9.2.15.v20160210 - 10 February 2016
 + 482042 New API, Allow customization of ServletHandler path mapping
 + 482243 Fixed GzipHandler for Include
 + 482270 Expose upgrade request locales
 + 482855 Content-Length omitted for POST requests with empty body
 + 483620 Servlet annotation mapping to "/" should override webdefault.xml
   mapping
 + 483857 jetty-client onComplete isn't called in case of exception in
   GZIPContentDecoder.
 + 484349 Promote WebSocket PathMappings / PathSpec to Jetty Http
 + 484350 Allow GzipHandler path include/exclude to use regex
 + 484397 Unavoidable NullPointerException in onMessage-Handler for
   PongMessages
 + 484603 HashLoginService does not stop its PropertyUserStore
 + 484612 Restore WebSocket Session.close() sending 1000/Normal status code
 + 484621 Client hangs till timeout when Authentication.authenticate() throws
   exception.
 + 487511 Jetty HTTP won't work on turkish systems

jetty-9.3.7.RC1 - 13 January 2016
 + 481986 Dead JSR 356 Server Session still being tracked after
   Session/Connection closure
 + 484616 Outdated version of javaee_web_services_client_1_2.xsd
 + 485031 two PathWatcher threads running after automatically restarting webapp
 + 485063 After stopping JettyWebAppContext, it still contains reference to old
   WebAppClassLoader via ServerContainer bean
 + 485064 HashSessionManager leaks ScheduledExecutorScheduler with reference to
   un-deployed webapp
 + 485376 Multiple charset attributes in Content-Type
 + 485535 jetty.sh results in FAILED when running service restart
 + 485663 NullPointerException in WebSocketSession during upgrade with DEBUG
   logging
 + 485712 Quickstart web.xml is absolute

jetty-9.3.7.RC0 - 05 January 2016
 + 458745 Async ISE in async Echo
 + 481567 permessage-deflate causing data-dependent ju.zip.DataFormatException:
   invalid stored block lengths
 + 482173 Track original Query string in Rewrite RuleContainer too
 + 482243 Fixed GzipHandler for Include
 + 482270 Expose upgrade request locales
 + 482272 Fixed relative symlink checking
 + 482506 HTTP/2 load test with h2load fails
 + 482670 HttpURI wrongly parser URI paths starting with /@
 + 482855 Content-Length omitted for POST requests with empty body
 + 482959 Local stream count never decrements when closing a stream causing
   IllegalStateException.
 + 483009 MultiPartContentProvider may send wrong Content-Length
 + 483039 HTTP2 Upgrade case sensitivity on Connection header
 + 483344 text/csv Mime Type For CSV in mime properties File
 + 483413 Warn on @Deprecated servlet/filter use
 + 483422 Empty chunked body in 304 Response
 + 483620 Servlet annotation mapping to "/" should override webdefault.xml
   mapping
 + 483857 jetty-client onComplete isn't called in case of exception in
   GZIPContentDecoder.
 + 483878 Parallel requests stuck via the http client transport over HTTP/2
 + 484167 GOAWAY frames aren't handling disconnects appropriately on Client
 + 484210 HttpClient over HTTP/2 should honor maxConcurrentStreams
 + 484262 Race condition between GOAWAY disconnect and ability to make new
   request.
 + 484349 Promote WebSocket PathMappings / PathSpec to Jetty Http
 + 484350 Allow GzipHandler path include/exclude to use regex
 + 484397 Unavoidable NullPointerException in onMessage-Handler for
   PongMessages
 + 484440 Swap WebSocket PathMappings for new jetty-http PathMappings
 + 484585 Avoid sending request using a connection that is idle timing out
 + 484603 HashLoginService does not stop its PropertyUserStore
 + 484612 Restore WebSocket Session.close() sending 1000/Normal status code
 + 484621 Client hangs till timeout when Authentication.authenticate() throws
   exception.
 + 484622 Improve handling of Direct and Mapped buffers for static content
 + 484624 Disable CachingWebAppClassLoader
 + 484657 Support HSTS rfc6797
 + 484683 FastCGI request idle timeout is handled incorrectly
 + 484718 Review idle timeout handling
 + 484801 Avoid non-cached memory mapped files
 + 484818 Expose interesting HTTP/2 attributes and operations via JMX
 + 484822 Jetty ThreadMonitor memory leak
 + 484861 Improve FlowControlStrategy stall handling
 + 484876 Make simpler to customize the FlowControlStrategy
 + 484878 Make BufferingFlowControlStrategy.bufferRatio configurable via JMX

jetty-9.3.6.v20151106 - 06 November 2015
 + 419966 Add ContentProvider that submits multipart/form-data
 + 472675 No main manifest attribute, in jetty-runner regression
 + 476641 Proxy rewriteTarget() null return does not call error handler
 + 478757 DebugHandler thread name is mangled
 + 479179 Fixed NPE from debug
 + 479378 Incorrect REQUEST_URI
 + 479712 Documented --approve-all-licenses
 + 479832 Use system properties for gcloud config for GCloudDatastore session
   manager
 + 479839 Regression when starting application with excessive scan times
 + 479865 IllegalStateException: Multiple servlets map to path: *.jsp: jsp,jsp
 + 480061 HTTP/2 server doesn't send GOAWAY frame when shutting down
 + 480162 Continuations behavior differences due to HttpURI behavior
 + 480260 HPack decode error for buffers with offset
 + 480272 Update to newer jdt ecj version
 + 480452 Large downloads via FastCGI proxy keep HttpClient connections active
 + 480764 Error parsing empty multipart
 + 481006 SSL requests intermittently fail with EOFException when SSL
   renegotiation is disallowed.
 + 481203 Add ability to set configurations to apply to WebAppContext for
   jetty-maven-plugin
 + 481225 Secondary resources with query parameters are not properly pushed
 + 481236 Make ShutdownMonitor java security manager friendly
 + 481355 Nested Symlinks
 + 481373 Corner cases where session may remain in JDBCSessionManager memory
 + 481385 Incorrect parsing of END_REQUEST frames
 + 481418 ResourceHandler sets last modified
 + 481437 Port ConnectHandler connect and context functionality from Jetty 8
 + 481554 DispatcherType reset race

jetty-9.2.14.v20151106 - 06 November 2015
 + 428474 Expose batch mode in the Jetty WebSocket API
 + 471055 Restore legacy/experimental WebSocket extensions (deflate-frame)
 + 472082 isOpen returns true on CLOSING Connection
 + 474068 Update WebSocket Extension for permessage-deflate draft-22
 + 474319 Reintroduce blocking connect()
 + 474321 Allow synchronous address resolution
 + 474453 Tiny buffers (under 7 bytes) fail to compress in permessage-deflate
 + 474454 Backport permessage-deflate from Jetty 9.3.x to 9.2.x
 + 474936 WebSocketSessions are not always cleaned out from openSessions
 + 476023 Incorrect trimming of WebSocket close reason
 + 476049 When using WebSocket Session.close() there should be no status code
   or reason sent
 + 477385 Problem in MANIFEST.MF with version 9.2.10 / 9.2.13
 + 477817 Fixed memory leak in QueuedThreadPool
 + 481006 SSL requests intermittently fail with EOFException when SSL
   renegotiation is disallowed.
 + 481236 Make ShutdownMonitor java security manager friendly
 + 481437 Port ConnectHandler connect and context functionality from Jetty 8

jetty-9.3.5.v20151012 - 12 October 2015
 + 479343 calls to MetaData#orderFragments() with relative ordering adds
   duplicate jars
 + 479537 Server preface sent after client preface reply
 + 479584 WS Session does not contain UpgradeRequest information in
   WebSocketAdapter.onWebSocketConnect callback

jetty-9.3.4.v20151007 - 07 October 2015
 + 428474 Expose batch mode in the Jetty WebSocket API
 + 472082 isOpen returns true on CLOSING Connection
 + 474936 WebSocketSessions are not always cleaned out from openSessions
 + 475209 WebSocketServerFactory should not hand null object to
   DecoratedObjectFactory
 + 476023 Incorrect trimming of WebSocket close reason
 + 476049 When using WebSocket Session.close() there should be no status code
   or reason sent
 + 476170 Support servers that close connections without sending Connection:
   close header.
 + 476720 getTrustStoreResource fixed
 + 477087 Enforce that the preface contains a SETTINGS frame
 + 477123 AsyncListener callbacks need context scope
 + 477270 Add ability to send a single PRIORITY frame
 + 477278 Refactored DefaultServlet for cached Gzip & Etags
 + 477385 Make jetty osgi manifests only resolve jetty packages against a
   single distro version
 + 477641 ALPN classes exposed to webapps - fixed typo
 + 477680 Encode merged query parameters
 + 477737 Improve handling of etags with dynamic and static gzip
 + 477757 Null args in TypeUtil .call & .construct result in confusing
   exceptions
 + 477817 Fixed memory leak in QueuedThreadPool
 + 477878 HttpClient over HTTP/2 doesn't close upload stream
 + 477885 Jetty HTTP2 client fails to connect with Netty server - HTTP2 client
   preface missing or corrupt.
 + 477890 Overwhelmed HTTP/2 server discards data
 + 477895 Prevent leak of handles to deleted files after redeploy
 + 477900 Increase client authentication default max content size
 + 478008 Do not reset current value of CounterStatistics
 + 478021 Client sending Connection: close does not shutdown output
 + 478105 prependFilterMapping check for null FilterHolder
 + 478239 Remove pointless synchronize in infinispan scavenging
 + 478247 WebappClassLoader pinned after redeploy
 + 478275 Priority information in HEADERS frame is not sent
 + 478280 property file in temp directory
 + 478372 JavaUtilLog setSourceClass and setSourceMethod
 + 478434 Priority weights should be between 1 and 256 inclusive
 + 478752 Clarify support for HttpServletRequest.upgrade()
 + 478757 DebugHandler thread name is mangled
 + 478829 WebsocketSession not cleaned up / memory leak
 + 478862 Update to jstl 1.2.5
 + 478923 threads stuck at SharedBlockingCallback$Blocker.block
 + 479026 Wrong CONNECT request idle timeout
 + 479277 HttpClient with HTTP/2 transport does not work for "https" URLs

jetty-9.3.3.v20150827 - 27 August 2015
 + 470311 Introduce a proxy-protocol module
 + 471055 Restore legacy/experimental WebSocket extensions (deflate-frame)
 + 472411 PathResource.checkAliasPath() typo
 + 473321 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 474025 SslContextFactory does not work with JCEKS Keystore
 + 474068 Update WebSocket Extension for permessage-deflate draft-22
 + 474319 Reintroduce blocking connect()
 + 474321 Allow synchronous address resolution
 + 474344 apache-jstl includes test dependencies
 + 474358 DefaultServlet bad Content-Type on compressed content
 + 474361 Handle JVM version extensions like -internal
 + 474453 Tiny buffers (under 7 bytes) fail to compress in permessage-deflate
 + 474454 Backport permessage-deflate from Jetty 9.3.x to 9.2.x
 + 474455 Enable permessage-deflate WebSocket extension
 + 474558 Debug log ServletContainerInitializer @HandlesTypes contents
 + 474617 AsyncListener.onError not called for errors
 + 474618 AsyncListener.onComplete not called when error occurs
 + 474634 AsyncListener.onError() handling
 + 474685 GzipHandler configuration supports csv paths and mimetypes
 + 474888 HttpClient JMX support
 + 474936 WebSocketSessions are not always cleaned out from openSessions
 + 474961 Close input stream for classes in AnnotationParser after scanning
 + 475195 SNI matching fails when keystore does not contain wild certificates
 + 475483 Starting Jetty with [exec] should use properties file
 + 475546 ClosedChannelException when connecting to HTTPS over HTTP proxy with
   CONNECT.
 + 475605 Add support for multi-homed destinations
 + 475927 SecureRequestCustomizer fails to match host

jetty-9.3.2.v20150730 - 30 July 2015
 + 470351 Fixed SNI matching of wildcard certificates
 + 470727 Thread Starvation of selector wakeups
 + 472601 org.eclipse.jetty.util.log.Log.setLog() does not work as before
 + 472621 Unjustified timeout when serving static content
 + 472781 GzipHandler isMimeTypeGzipable() bad logic
 + 472859 ConcatServlet may expose protected resources
 + 472931 HttpConfiguration copy constructor incomplete
 + 472974 Improved StatisticsHandler 503 generation
 + 473006 Encode addPath in URLResource
 + 473118 HTTP/2 server does not retrieve Host header from client
 + 473243 Delay resource close for async default content
 + 473266 Better handling of MultiException
 + 473294 Fixed include cipher suites support for wildcards
 + 473307 Add 301 Moved Permanently Rules to jetty-rewrite
 + 473309 Add special (non-replacement) Terminating rules to jetty-rewrite
 + 473319 Parameterize status code on Redirect Rules for alternate use
 + 473321 Overriding SSL context KeyStoreType requires explicit override of
   TrustStoreType
 + 473322 GatherWrite limit handling
 + 473624 ProxyServlet.Transparent / TransparentDelegate add trailing slash
   before query when using prefix.
 + 473832 SslConnection flips back buffers on handshake exception

jetty-9.2.13.v20150730 - 30 July 2015
 + 472859 ConcatServlet may expose protected resources
 + 473006 Encode addPath in URLResource
 + 473243 Delay resource close for async default content
 + 473266 Better handling of MultiException
 + 473322 GatherWrite limit handling
 + 473624 ProxyServlet.Transparent / TransparentDelegate add trailing slash
   before query when using prefix.
 + 473832 SslConnection flips back buffers on handshake exception

jetty-9.3.1.v20150714 - 14 July 2015
 + 441020 Support HEADERS followed by CONTINUATION+
 + 460671 Rationalize property names (fix for jetty.sh)
 + 462346 Change classesPattern to scanClassesPattern and testClassesPattern to
   scanTestClassesPattern to clarify purpose
 + 464294 AsyncNCSARequestLog blocks JVM exit after failure
 + 464741 HttpFields declares IllegalArgumentException as checked exception
 + 464745 Remove @org.apache.xbean.XBean references
 + 469384 Improved javadoc for ClasspathPattern
 + 470184 Send the proxy-to-server request more lazily
 + 470327 Problem with scope provided dependencies with jspc plugin
 + 470505 jetty-maven-plugin JettyWebAppContext#setQuickStartWebDescriptor
   should accept a Maven-friendly type
 + 470664 Handle multiple RequestLogHandler in chain
 + 470727 Thread Starvation of selector wakeups
 + 470803 If a webapp is not fully started do not fully stop it
 + 470855 Only log warning for duplicate path mappings to same servlet in same
   descriptor
 + 470963 Update jetty-maven-plugin mojo annotations for maven 3
 + 471071 jetty-infinispan.xml incorrect syntax for remote named cache
 + 471076 Apache jspc ignores empty list of files to precompile and scans
   anyway
 + 471251 Improved debugging on async timeout
 + 471272 ArrayIndexOutOfBoundsException in
   org.eclipse.jetty.quickstart.PreconfigureQuickStartWar
 + 471388 StringIndexOutOfBoundsException when using <c:url> with parameters
 + 471464 Parsing issues with HttpURI
 + 471604 Extend CrossOriginFilter to provide a Timing-Allow-Origin header
 + 471623 Update to apache jsp 8.0.23 Use 8.0.23.M1 for jetty version of apache
   jsp 8.0.23
 + 471985 NPE in HttpFields.putField
 + 472310 Improved logging when no supported included ciphers
 + 472411 PathResource.checkAliasPath typo
 + 472422 Custom status codes result in a NumberFormatException while using
   http2.

jetty-9.2.12.v20150709 - 09 July 2015
 + 469414 Proxied redirects expose upstream server name
 + 469936 Remove usages of SpinLock
 + 470184 Send the proxy-to-server request more lazily

jetty-9.3.0.v20150612 - 12 June 2015
 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload
   data
 + 420678 Add WebSocketPartialListener to support receiving partial WebSocket
   TEXT/BINARY messages
 + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger
   redeploy
 + 423974 Optimize flow control
 + 424368 Add CONTRIBUTING.md
 + 430951 Support SNI with ExtendedSslContextFactory
 + 436345 Refactor AbstractSession to minimize burden on subclasses to
   implement behaviour
 + 437303 Serving of static filenames with "unwise" characters causes 404 error
 + 437395 Start / Properties in template sections should be default applied for
   enabled modules
 + 438204 getServerName returns IPv6 addresses wrapped in []
 + 439369 Remove unused class CrossContextPsuedoSession
 + 439374 Use utf-8 as default charset for html
 + 439375 preferred rfc7231 format is mime;charset=lowercase-9
 + 440106 Improve ProtocolHandler APIs
 + 440506 Jetty OSGi boot bundle does not support OSGi framework Eclipse
   Concierge
 + 442083 Client resets stream, pending server data is failed, connection
   closed.
 + 442086 Review HttpOutput blocking writes
 + 442477 Allow Symlink aliases by default
 + 442495 Bad Context ClassLoader in JSR356 WebSocket onOpen
 + 442950 Embedded Jetty client requests to localhost hangs with high cpu usage
   (NIO OP_CONNECT Solaris/Sparc).
 + 443652 Remove dependency on java.lang.management classes
 + 443661 Rename manifest and service constants for jetty osgi resource
   fragment code
 + 443662 Consume buffer in write(ByteBuffer)
 + 443713 Reduce number of SelectionKey.setInterestOps() calls
 + 443893 Make a module for weld
 + 444124 JSP include with <servlet><jsp-file> can cause infinite recursion
 + 444214 Socks4Proxy fails when reading less than 8 bytes
 + 444222 replace CRLF in header values with whitespace rather than ?
 + 444416 AsyncProxyServlet recursion
 + 444485 Client resets stream, pending server data is failed, write hangs
 + 444517 Ensure WebSocketUpgradeFilter is always first in filter chain
 + 444547 Format exception in ResourceCache.Content.toString()
 + 444617 Expose local and remote socket address to applications
 + 444721 PushCacheFilter cleanup/improvements
 + 444748 WebSocketClient.stop() does not unregister from ShutdownThread
 + 444764 HttpClient notifies callbacks for last chunk of content twice
 + 444771 JSR356 / EndPointConfig.userProperties are not unique per endpoint
   upgrade
 + 445167 Allow configuration of dispatch after select
 + 445823 Moved RequestLog calling to HttpChannel
 + 446559 Avoid spin consuming extra data
 + 446564 Refactored RequestLog Mechanism
 + 446944 ServletTester and HttpTester should be in
   <classifier>tests</classifier>
 + 447216 putAll Properties in XmlConfiguration
 + 447515 Remove GzipFilter
 + 448156 Fixed INACTIVE race in IteratingCallback
 + 448675 Impossible to set own Threadpool when using jetty-maven-plugin
 + 449003 WARNING: Cannot enable requested module [protonego-impl]: not a valid
   module name
 + 449811 handle unquoted etags when gzipping
 + 450467 Integer overflow in Session expiry calculation in MongoSessionManager
 + 451973 Ambiguous module init location when mixing --add-to-start &
   --add-to-startd in the same exec
 + 451974 Combine multiple start license acknowledgement into one
 + 452188 Delay dispatch until content optimisation
 + 452322 Restore progress messages for --add-to-start(d) use
 + 452323 Start --list-config makes no hint on transitive enabled modules
 + 452329 Transitive modules in start.jar --add-to-start(d) are not added if
   enabled already in tree
 + 452465 100% CPU spin on page reload
 + 452503 Start.jar --add-to-start=jstl results in GraphException: Unable to
   expand property in name: jsp-impl/${jsp-impl}-jstl
 + 453487 Recycle HttpChannelOverHTTP2
 + 453627 Fixed FileSystem test for nanosecond filesystems
 + 453636 Improved spin detection on test
 + 453829 Added HeaderRegexRule
 + 453834 CDI Support for WebSocket
 + 454152 Remove mux remnants from WebSocketClient
 + 454934 WebSocketClient / connectToServer can block indefinitely during
   upgrade failure
 + 454952 Allow Jetty to run in Java 8 compact 3 profile
 + 456209 Bad ContextClassLoader in WebSocket onMessage
 + 456956 Reduce ThreadLocal.remove() weak reference garbage
 + 457130 HTTPS request with IP host and HTTP proxy throws
   IllegalArgumentException.
 + 457309 Add test to ensure GET and HEAD response headers same for gzip
 + 457508 Add flag to scan exploded jars in jetty-jspc-maven-plugin
 + 457788 Powered By in o.e.j.util.Jetty conditional on sendServerVersion
 + 458478 JarFileResource improve performance of exist method
 + 458527 Implement an async proxy servlet that can perform content
   transformations.
 + 458663 Handle null header values
 + 459081 http2 push failures
 + 459542 AsyncMiddleManServlet race condition on first download content
 + 459655 Remove SPDY and NPN
 + 459681 Remove dead code after removal of glassfish jasper support
 + 459731 Update for drafts hpack-11 and http2-17
 + 459734 Update to apache jsp 8.0.20
 + 459845 Support upgrade from http1 to http2
 + 460187 infinite recursion in sending error
 + 460210 ExecutionStragegy producer for SelectManager calls onOpen from
   produce method
 + 460211 Fixed Idle race in ExecuteProduceRun
 + 460297 Parameterize infinispan.mod
 + 460670 Support multiple names in <Property> elements
 + 460671 Rationalize property names
 + 460746 HttpConfiguration#setPersistentConnectionsEnabled(boolean)
 + 461052 Local streams created after INITIAL_WINDOW_SIZE setting have wrong
   send window.
 + 461350 Update HttpParser IllegalCharacter handling to RFC7230
 + 461415 Maven Jetty Plugin ignores ZIP overlays
 + 462040 reverted and deprecated getStringField methods
 + 462098 Support setting ThreadGroup in ScheduledExecutorScheduler
 + 462162 StackOverflowException when response commit fails
 + 462193 Asynchronous HttpOutput.close()
 + 463036 system properties to set ssl password and keypasword
 + 463144 modules do not see pre-downloaded ALPN libs
 + 464419 Removed xinetd support
 + 464438 ClassFileTransformer support in
   org.eclipse.jetty.webapp.WebAppClassLoader broken
 + 464442 Enable parallel class loading
 + 464528 NPE protection in getIncludedCipher suites
 + 464537 Updated setuid dependency to 1.0.3
 + 464555 ALPN module download attempts to download jar before dir exists
 + 464556 Restrict start module downloads to ${jetty.base} paths only
 + 464564 NoSql sessions created inside a forward not persisted correctly
 + 464606 Support property expansion in "default" attribute of Property
 + 464629 JDK8 Socket customization
 + 464630 Cannot configure Configuration classlist in osgi
 + 464633 Change Selection.how to Selection.criteria
 + 464706 HTTP/2 and async I/O: onDataAvailable() not called
 + 464708 Support HttpConfiguration.delayDispatchUntilContent in HTTP/2
 + 464724 MultiPartInputStreamParser.parse ServletException never thrown
 + 464727 Update Javadoc for Java 8 DocLint
 + 464744 PathMap.match() never throws IllegalArgumentException
 + 464837 Large META-INF/resources/ jars can significantly impact startup speed
 + 464839 Add limit to MongoSessionIdManager purge queries
 + 464869 org.eclipse.jetty.util.resource.PathResource do not work
 + 465118 Fixed GzipHandler handling of multiple closes
 + 465606 IteratingCallback.close() does not fail pending callback
 + 465754 Unchecked PrintWriter errors
 + 465854 Provide java.nio.file.WatchService alternative for Scanner
 + 465857 Support HTTP/2 clear-text server-side upgrade
 + 465867 Implement --skip-file-validation=<module>
 + 466005 Use Files.move(src,trgt) instead of File.rename for
   Part.write(filename)
 + 466283 Support specifying ALPN protocols in HTTP2Client
 + 466618 Partial WebSocket Text delivery does not like incomplete UTF8
   sequences
 + 466619 Add WebSocketFrameListener for receiving WebSocket Frame information
 + 466628 Improve IllegalStateException on ServletInputStream.setReadListener()
 + 466645 Allow XmlConfiguration Properties to use Elements or Attributes
 + 466647 Add ${jetty.tag.version} property and expand URL properties
 + 466648 jetty-ssl download of keystore should be from tags, not master
 + 466669 Add nosql.mod into jetty distro
 + 466678 Make a .mod file for jdbc session management
 + 466774 Update jetty-all module for Jetty 9.3
 + 467036 WebSocketClient fails to process immediate frames from server
 + 467043 WebSocketClient close codes on protocol violation reported as policy
   violation
 + 467055 Mongodb session scavenging can result in very slow query
 + 467165 Add --skip-file-validation to start.jar --help output
 + 467281 Remove Java 1.7 support from Jetty 9.3
 + 467289 Not possible to specify jmxrmi port value
 + 467702 SslContextFactory not backward compatible
 + 467730 HTTP2 requires enabled ciphers to be sorted by blacklist
 + 467790 Update default etc files inside jetty-osgi-boot bundle
 + 468313 PushCacheFilter wrongly associates primary resources to themselves
 + 468347 Fix modules/debuglog.mod
 + 469241 Use null WatchService as loop terminator for PathWatcher
 + 469341 Not possible to use old/deprecated start properties
 + 469414 Proxied redirects expose upstream server name
 + 469633 Make SpinLock behavior pluggable
 + 469799 Transitive module dependencies without ini templates are still added
   to ini
 + 469860 Add module metadata versioning to support backwards compat
 + 469863 fixed setNeedClientAuth/setWantClientAuth
 + 469936 Remove usages of SpinLock
 + 469982 Produce warning for dynamic modules with ini-templates seen during
   --add-to-start
 + 469991 Fix logging levels in websocket client UpgradeConnection

jetty-9.2.11.v20150529 - 29 May 2015
 + 461499 ConnectionPool may leak connections
 + 463579 Add support for 308 status code
 + 464292 Implement stream-based transformer for AsyncMiddleManServlet
 + 464438 ClassFileTransformer support in
   org.eclipse.jetty.webapp.WebAppClassLoader broken
 + 464740 DosFilter whiteList check improvement
 + 464869 PathResource.addPath allows absolute resolution
 + 464989 AbstractSessionManager.removeEventListener() should remove
   HttpSessionIdListener
 + 465053 Prevent gzip buffer overflow on complete
 + 465181 HttpParser parse full end chunk
 + 465202 Forked Mojo does not extract war overlays/dependencies
 + 465359 Resource.newResource(String res, boolean useCache) does not use
   useCache argument
 + 465360 URLResource.addPath should use _useCaches setting to create new
   Resource
 + 465700 NullPointerException in ResourceHandler with welcome files
 + 465734 DosFilter whitelist bit pattern fix
 + 465747 Jetty is failing to process all HTTP OPTIONS requests
 + 466329 Fixed local only TestFilter
 + 467276 NPE protection in SslContextFactory
 + 467603 Response 401 from server hangs client
 + 467936 w Check HttpOutput aggregateSize is < bufferSize
 + 468008 Scanner ignores directory length
 + 468421 HttpClient#send fails with IllegalArgumentException on non-lowercase
   schemes.
 + 468714 SelectorManager updateKey race without submit
 + 468747 XSS vulnerability in HttpSpiContextHandler

jetty-9.3.0.RC1 - 22 May 2015
 + 464839 Add limit to MongoSessionIdManager purge queries
 + 465053 Prevent gzip buffer overflow on complete
 + 466774 Update jetty-all module for Jetty 9.3
 + 467055 Mongodb session scavenging can result in very slow query
 + 467165 Add --skip-file-validation to start.jar --help output
 + 467276 NPE protection in SslContextFactory
 + 467281 Remove Java 1.7 support from Jetty 9.3
 + 467289 Not possible to specify jmxrmi port value
 + 467603 Response 401 from server hangs client
 + 467702 SslContextFactory not backward compatible
 + 467730 HTTP2 requires enabled ciphers to be sorted by blacklist
 + 467790 Update default etc files inside jetty-osgi-boot bundle
 + 467936 w Check HttpOutput aggregateSize is < bufferSize

jetty-9.3.0.RC0 - 12 May 2015
 + 414479 Add WebSocketPingPongListener for those that want PING/PONG payload
   data
 + 420678 Add WebSocketPartialListener to support receiving partial WebSocket
   TEXT/BINARY messages
 + 423974 Optimize flow control
 + 430951 Support SNI with ExtendedSslContextFactory
 + 436345 Refactor AbstractSession to minimize burden on subclasses to
   implement behaviour
 + 440106 Improve ProtocolHandler APIs
 + 444721 PushCacheFilter cleanup/improvements
 + 446564 Refactored RequestLog Mechanism
 + 451973 Ambiguous module init location when mixing --add-to-start &
   --add-to-startd in the same exec
 + 453834 CDI Support for WebSocket
 + 454934 WebSocketClient / connectToServer can block indefinitely during
   upgrade failure
 + 457309 Add test to ensure GET and HEAD response headers same for gzip
 + 457508 Add flag to scan exploded jars in jetty-jspc-maven-plugin
 + 457788 Powered By in o.e.j.util.Jetty conditional on sendServerVersion
 + 458478 JarFileResource improve performance of exist method
 + 459273 Redundant license notices
 + 459734 Update to apache jsp 8.0.20
 + 459845 Support upgrade from http1 to http2
 + 460187 infinite recursion in sending error
 + 460297 Parameterize infinispan.mod
 + 460671 Rationalize property names
 + 460746 HttpConfiguration#setPersistentConnectionsEnabled(boolean)
 + 461415 Maven Jetty Plugin ignores ZIP overlays
 + 461499 ConnectionPool may leak connections
 + 461919 Use osgi-friendly serviceloader mechanism for WebSocketServletFactory
 + 461941 JMX Remote host:port set from start properties
 + 462040 reverted and deprecated getStringField methods
 + 462098 Support setting ThreadGroup in ScheduledExecutorScheduler
 + 462162 StackOverflowException when response commit fails
 + 462193 Asynchronous HttpOutput.close()
 + 462546 ShutdownMonitor should bind to jetty.host
 + 462616 Race between finishing a connect and timing it out
 + 463036 system properties to set ssl password and keypasword
 + 463144 modules do not see pre-downloaded ALPN libs
 + 463579 Add support for 308 status code
 + 464292 Implement stream-based transformer for AsyncMiddleManServlet
 + 464419 Removed xinetd support
 + 464438 ClassFileTransformer support in
   org.eclipse.jetty.webapp.WebAppClassLoader broken
 + 464442 Enable parallel class loading
 + 464528 NPE protection in getIncludedCipher suites
 + 464537 Updated setuid dependency to 1.0.3
 + 464555 ALPN module download attempts to download jar before dir exists
 + 464556 Restrict start module downloads to ${jetty.base} paths only
 + 464564 NoSql sessions created inside a forward not persisted correctly
 + 464606 Support property expansion in "default" attribute of Property
 + 464629 JDK8 Socket customization
 + 464630 Cannot configure Configuration classlist in osgi
 + 464633 Change Selection.how to Selection.criteria
 + 464706 HTTP/2 and async I/O: onDataAvailable() not called
 + 464708 Support HttpConfiguration.delayDispatchUntilContent in HTTP/2
 + 464724 MultiPartInputStreamParser.parse ServletException never thrown
 + 464727 Update Javadoc for Java 8 DocLint
 + 464740 DosFilter whiteList check improvement
 + 464744 PathMap.match() never throws IllegalArgumentException
 + 464837 Large META-INF/resources/ jars can significantly impact startup speed
 + 464869 org.eclipse.jetty.util.resource.PathResource do not work
 + 464989 AbstractSessionManager.removeEventListener() should remove
   HttpSessionIdListener
 + 465181 HttpParser parse full end chunk
 + 465202 Forked Mojo does not extract war overlays/dependencies
 + 465359 Resource.newResource(String res, boolean useCache) does not use
   useCache argument
 + 465360 URLResource.addPath should use _useCaches setting to create new
   Resource
 + 465606 IteratingCallback.close() does not fail pending callback
 + 465700 NullPointerException in ResourceHandler with welcome files
 + 465734 DosFilter whitelist bit pattern fix
 + 465747 Jetty is failing to process all HTTP OPTIONS requests
 + 465754 Unchecked PrintWriter errors
 + 465854 Provide java.nio.file.WatchService alternative for Scanner
 + 465857 Support HTTP/2 clear-text server-side upgrade
 + 465867 Implement --skip-file-validation=<module>
 + 466005 Use Files.move(src,trgt) instead of File.rename for
   Part.write(filename)
 + 466283 Support specifying ALPN protocols in HTTP2Client
 + 466329 Fixed local only TestFilter
 + 466618 Partial WebSocket Text delivery does not like incomplete UTF8
   sequences
 + 466619 Add WebSocketFrameListener for receiving WebSocket Frame information
 + 466628 Improve IllegalStateException on ServletInputStream.setReadListener()
 + 466645 Allow XmlConfiguration Properties to use Elements or Attributes
 + 466647 Add ${jetty.tag.version} property and expand URL properties
 + 466648 jetty-ssl download of keystore should be from tags, not master
 + 466669 Add nosql.mod into jetty distro
 + 466678 Make a .mod file for jdbc session management
 + 466774 Update jetty-all module for Jetty 9.3
 + 467036 WebSocketClient fails to process immediate frames from server
 + 467043 WebSocketClient close codes on protocol violation reported as policy
   violation

jetty-9.2.11.M0 - 25 March 2015
 + 454934 WebSocketClient / connectToServer can block indefinitely during
   upgrade failure
 + 459273 Redundant license notices
 + 461499 ConnectionPool may leak connections
 + 461919 Use osgi-friendly serviceloader mechanism for WebSocketServletFactory
 + 461941 JMX Remote host:port set from start properties
 + 462546 ShutdownMonitor should bind to jetty.host
 + 462616 Race between finishing a connect and timing it out

jetty-9.3.0.M2 - 11 March 2015
 + 383207 Use BundleFileLocatorHelperFactory to obtain BundleFileLocatorHelper
 + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger
   redeploy
 + 423974 Optimize flow control
 + 424368 Add CONTRIBUTING.md
 + 430951 Improved ordering of SSL ciphers
 + 439374 Use utf-8 as default charset for html
 + 440506 Jetty OSGi boot bundle does not support OSGi framework Eclipse
   Concierge
 + 443652 Remove dependency on java.lang.management classes
 + 445518 Provide different error callbacks to ProxyServlet
 + 446564 Refactored RequestLog Mechanism
 + 447472 Clear async context timeout on async static content
 + 448446 org.eclipse.jetty.start.Main create classloader duplicate
 + 448944 Provide m2e lifecycle mapping metadata for jetty-jspc-maven-plugin
 + 449594 Handle ArrayTrie overflow with false return
 + 449811 handle unquoted etags when gzipping
 + 450467 Integer overflow in Session expiry calculation in MongoSessionManager
 + 450483 Missing parameterization of etc/jetty-deploy.xml
 + 450484 Missing parameterization of etc/jetty-http[s].xml
 + 450855 GzipFilter MIGHT_COMPRESS exception
 + 450873 Disable tests that downcaste wrapped GzipFilterResponses
 + 450894 jetty.sh does not delete JETTY_STATE at start
 + 451092 Connector will fail if HeaderListener return false
 + 451529 Change sentinel class for finding jstl on classpath to
   org.apache.taglibs.standard.tag.rt.core.WhenTag
 + 451634 DefaultServlet: useFileMappedBuffer javadoc is misleading
 + 451973 Ambiguous module init location when mixing --add-to-start &
   --add-to-startd in the same exec
 + 451974 Combine multiple start license acknowledgement into one
 + 452188 Delay dispatch until content optimisation
 + 452201 Set the container classloader for osgi during webbundle undeploy
 + 452246 Fixed SSL hang on last chunk
 + 452261 Ensure <jsp-file> works with new JettyJspServlet
 + 452322 Restore progress messages for --add-to-start(d) use
 + 452323 Start --list-config makes no hint on transitive enabled modules
 + 452329 Transitive modules in start.jar --add-to-start(d) are not added if
   enabled already in tree
 + 452424 Do not add Date header if already set
 + 452465 100% CPU spin on page reload
 + 452503 Start.jar --add-to-start=jstl results in GraphException: Unable to
   expand property in name: jsp-impl/${jsp-impl}-jstl
 + 452516 Make HttpOutput aggregation size configurable
 + 453386 Jetty not working when configuring QueuedThreadPool with
   minThreads=0.
 + 453487 Recycle HttpChannelOverHTTP2
 + 453627 Fixed FileSystem test for nanosecond filesystems
 + 453629 Fixed big write test
 + 453636 Improved spin detection on test
 + 453793 _maxHeaderBytes>0 is not verified in parseNext() when in
   State.CLOSED.
 + 453801 Jetty does not check for already registered services when
   bootstrapping
 + 453829 removed code with yahoo copyright
 + 454152 Remove mux remnants from WebSocketClient
 + 454157 HttpInput.consumeAll spins if input is in async mode
 + 454291 Added busy threads JMX attribute to QueuedThreadPool
 + 454773 SSLConnection use on Android client results in loop
 + 454952 Allow Jetty to run in Java 8 compact 3 profile
 + 454954 Jetty osgi should skip fragment and required bundles that are in the
   uninstalled state
 + 454955 OSGi AnnotationParser should skip resources that are not in the
   classpath and close the class inputstream when done scanning it
 + 454983 Source bundles should not be singleton
 + 455047 Update JASPI
 + 455174 jetty-plus JNDI tests should use unique JNDI paths
 + 455330 Multiple Jetty-ContextFilePath entries separated by commas doesn't
   work
 + 455436 ProxyServlet sends two User-Agent values
 + 455476 Persist updated session expiry time for MongoSessionManager
 + 455655 ensure multipart form-data parsing exception thrown to servlet
 + 455863 Fixed jetty.sh handling of multiple JETTY_ARGS
 + 456209 Bad ContextClassLoader in WebSocket onMessage
 + 456426 Exception on context undeploy from EnvConfiguration
 + 456486 Jar containing ServiceContainerInitializer impl not found in TCCL in
   osgi
 + 456521 ShutdownHandler should shut down more gracefully
 + 456956 Reduce ThreadLocal.remove() weak reference garbage
 + 457017 Reflective call to websocket methods that fail have ambiguous
   exceptions
 + 457032 Request sent from a failed CompleteListener due to connect timeout is
   failed immediately.
 + 457130 HTTPS request with IP host and HTTP proxy throws
   IllegalArgumentException.
 + 457696 JMX implementation should not be overridden by WebApp classes
 + 457893 Close temp jar resource
 + 458101 added test for maxFormContentSize
 + 458140 Added DispatcherType support to RewriteHandler
 + 458174 Example Jar Server
 + 458175 multipart annotation on lazily loaded servlet does not work
 + 458209 Length check for HttpMethod MOVE lookahead
 + 458354 ALPNServerConnection.select negotiation
 + 458495 CompletableCallback may not notify failures
 + 458527 Implement an async proxy servlet that can perform content
   transformations.
 + 458568 JDBCLoginService javadoc incorrectly references HashLoginService
 + 458663 Handle null header values
 + 458849 org.eclipse.jetty.util.Uptime.DefaultImpl() not available on GAE
 + 459006 master branch does not build on norwegian locale
 + 459081 http2 push failures
 + 459125 GzipHandler default mimeType behavior incorrect
 + 459273 Redundant license notices
 + 459352 AsyncMiddleManServlet should set "Host:" header correctly in proxy to
   remote request headers.
 + 459490 Defining a duplicate error page in webdefault.xml and web.xml results
   in an error
 + 459542 AsyncMiddleManServlet race condition on first download content
 + 459560 jetty.sh handles start.d and no start.ini
 + 459655 Remove SPDY and NPN
 + 459681 Remove dead code after removal of glassfish jasper support
 + 459731 Update for drafts hpack-11 and http2-17
 + 459769 AsyncMiddleManServlet race condition on last download content
 + 459845 Support upgrade from http1 to http2/websocket
 + 459963 Failure writing content of a committed request leaks connections
 + 460176 When checking for precompiled jsp, ensure classname is present
 + 460180 Jaas demo has wrong doco in html
 + 460210 ExecutionStragegy producer for SelectManager calls onOpen from
   produce method
 + 460211 Fixed Idle race in ExecuteProduceRun
 + 460291 AsyncGzipFilter Mappings
 + 460371 AsyncMiddleManServlet.GZipContentTransformer fails if last transform
   has no output
 + 460372 if web.xml does not contain jspc maven plugin insertionMarker
   behavior is wrong
 + 460443 Race condition releasing the response buffer
 + 460642 HttpParser error 400 can expose previous buffer contents in HTTP
   status reason message
 + 460670 Support multiple names in <Property> elements
 + 460769 ClientUpgradeRequest sends cookies in the wrong format
 + 460905 Make sure TimeoutCompleteListener is cancelled if the request cannot
   be sent.
 + 461052 Local streams created after INITIAL_WINDOW_SIZE setting have wrong
   send window.
 + 461070 Handle setReadListener on request with no content
 + 461133 allow stop port to reuse address
 + 461350 Update HttpParser IllegalCharacter handling to RFC7230
 + 461452 Double release of buffer by HttpReceiverOverHTTP
 + 461499 ConnectionPool may leak connections
 + 461623 BufferUtil.writeTo does not update position consistently
 + 461643 HttpContent.advance() race

jetty-9.2.10.v20150310 - 10 March 2015
 + 445518 Provide different error callbacks to ProxyServlet
 + 456521 ShutdownHandler should shut down more gracefully
 + 458140 Added DispatcherType support to RewriteHandler
 + 460769 ClientUpgradeRequest sends cookies in the wrong format
 + 460905 Make sure TimeoutCompleteListener is cancelled if the request cannot
   be sent.
 + 461070 Handle setReadListener on request with no content
 + 461133 allow stop port to reuse address
 + 461452 Double release of buffer by HttpReceiverOverHTTP
 + 461499 ConnectionPool may leak connections
 + 461623 BufferUtil.writeTo does not update position consistently
 + 461643 HttpContent.advance() race

jetty-9.2.9.v20150224 - 24 February 2015
 + 459273 Redundant license notices
 + 460176 When checking for precompiled jsp, ensure classname is present
 + 460180 Jaas demo has wrong doco in html
 + 460291 AsyncGzipFilter Mappings
 + 460371 AsyncMiddleManServlet.GZipContentTransformer fails if last transform
   has no output
 + 460372 if web.xml does not contain jspc maven plugin insertionMarker
   behavior is wrong
 + 460443 Race condition releasing the response buffer
 + 460642 HttpParser error 400 can expose previous buffer contents in HTTP
   status reason message

jetty-9.2.8.v20150217 - 17 February 2015
 + 451092 Connector will fail if HeaderListener return false
 + 455436 ProxyServlet sends two User-Agent values
 + 457893 Close temp jar resource
 + 458101 added test for maxFormContentSize
 + 458174 Example Jar Server
 + 458175 multipart annotation on lazily loaded servlet does not work
 + 458209 Length check for HttpMethod MOVE lookahead
 + 458354 ALPNServerConnection.select negotiation
 + 458495 CompletableCallback may not notify failures
 + 458527 Implement an async proxy servlet that can perform content
   transformations.
 + 458568 JDBCLoginService javadoc incorrectly references HashLoginService
 + 458849 org.eclipse.jetty.util.Uptime.DefaultImpl() not available on GAE
 + 459006 master branch does not build on norwegian locale
 + 459125 GzipHandler default mimeType behavior incorrect
 + 459352 AsyncMiddleManServlet should set "Host:" header correctly in proxy to
   remote request headers.
 + 459490 Defining a duplicate error page in webdefault.xml and web.xml results
   in an error
 + 459542 AsyncMiddleManServlet race condition on first download content
 + 459560 jetty.sh handles start.d and no start.ini
 + 459769 AsyncMiddleManServlet race condition on last download content
 + 459845 Support upgrade
 + 459963 Failure writing content of a committed request leaks connections

jetty-9.2.7.v20150116 - 16 January 2015
 + 420944 Hot Deployment of WAR when Context XML exists doesn't trigger
   redeploy
 + 448944 Provide m2e lifecycle mapping metadata for jetty-jspc-maven-plugin
 + 452201 Set the container classloader for osgi during webbundle undeploy
 + 454291 Added busy threads JMX attribute to QueuedThreadPool
 + 454773 SSLConnection use on Android client results in loop
 + 454954 Jetty osgi should skip fragment and required bundles that are in the
   uninstalled state
 + 454955 OSGi AnnotationParser should skip resources that are not in the
   classpath and close the class inputstream when done scanning it
 + 454983 Source bundles should not be singleton
 + 455047 Update JASPI
 + 455174 jetty-plus JNDI tests should use unique JNDI paths
 + 455330 Multiple Jetty-ContextFilePath entries separated by commas doesn't
   work
 + 455476 Persist updated session expiry time for MongoSessionManager
 + 455655 ensure multipart form-data parsing exception thrown to servlet
 + 455863 Fixed jetty.sh handling of multiple JETTY_ARGS
 + 456426 Exception on context undeploy from EnvConfiguration
 + 456486 Jar containing ServiceContainerInitializer impl not found in TCCL in
   osgi
 + 456956 Reduce ThreadLocal.remove() weak reference garbage
 + 457017 Reflective call to websocket methods that fail have ambiguous
   exceptions
 + 457032 Request sent from a failed CompleteListener due to connect timeout is
   failed immediately.
 + 457130 HTTPS request with IP host and HTTP proxy throws
   IllegalArgumentException.
 + 457696 JMX implementation should not be overridden by WebApp classes

jetty-9.2.6.v20141205 - 05 December 2014
 + 383207 Use BundleFileLocatorHelperFactory to obtain BundleFileLocatorHelper
 + 443652 Remove dependency on java.lang.management classes
 + 447472 Clear async context timeout on async static content
 + 451529 Change sentinel class for finding jstl on classpath to
   org.apache.taglibs.standard.tag.rt.core.WhenTag
 + 451634 DefaultServlet: useFileMappedBuffer javadoc is misleading
 + 452188 Delay dispatch until content optimisation
 + 452201 EnvConfiguration.destroy() should set the classloader
 + 452246 Fixed SSL hang on last chunk
 + 452261 Multiple servlets map to path *.jsp when using jsp-property-group
 + 452424 Do not add Date header if already set
 + 452516 Make HttpOutput aggregation size configurable
 + 453386 Jetty not working when configuring QueuedThreadPool with
   minThreads=0.
 + 453629 Fixed big write test
 + 453793 _maxHeaderBytes>0 is not verified in parseNext() when in
   State.CLOSED.
 + 453801 Jetty does not check for already registered services when
   bootstrapping
 + 454157 HttpInput.consumeAll spins if input is in async mode

jetty-9.2.5.v20141112 - 12 November 2014
 + 448446 org.eclipse.jetty.start.Main create classloader duplicate
 + 449594 Handle ArrayTrie overflow with false return
 + 449811 handle unquoted etags when gzipping
 + 450467 Integer overflow in Session expiry calculation in MongoSessionManager
 + 450483 Missing parameterization of etc/jetty-deploy.xml
 + 450484 Missing parameterization of etc/jetty-http[s].xml
 + 450855 GzipFilter MIGHT_COMPRESS exception
 + 450873 Disable tests that downcaste wrapped GzipFilterResponses
 + 450894 jetty.sh does not delete JETTY_STATE at start

jetty-9.3.0.M1 - 03 November 2014
 + 376365 "jetty.sh start" returns 0 on failure
 + 396569 'bin/jetty.sh stop' reports 'OK' even when jetty was not running
 + 396572 Starting jetty from cygwin is not working properly
 + 437303 Serving of static filenames with "unwise" characters causes 404 error
 + 440729 SSL requests often fail with EOFException or IllegalStateException
 + 440925 NPE when using relative paths for --start-log-file
 + 442419 CrossOriginFilter javadoc says "exposeHeaders", but should be
   "exposedHeaders"
 + 442942 Content sent with status 204 (No Content)
 + 443529 CrossOriginFilter does not accept wildcard for allowedHeaders
 + 443530 CrossOriginFilter does not set the Vary header
 + 443550 improved FileResource encoded alias checking
 + 444031 Ensure exceptions do not reduce threadpool below minimum
 + 444595 nosql/mongodb - Cleanup process/Refreshing does not respect encoding
   of attribute keys
 + 444676 Goal jetty:deploy-war produces errors with version 9.2.3
 + 444722 Fixed order of setReuseAddress call
 + 444896 Overriding of web-default servlet mapping in web.xml not working with
   quickstart
 + 445157 First redeployed servlet leaks WebAppContext
 + 445167 Allow configuration of dispatch after select
 + 445239 Rename weld.mod to cdi.mod to be consistent with past module namings
 + 445258 STOP.WAIT is not really respected
 + 445374 Reevaluate org.eclipse.jetty.websocket.jsr356 enablement concepts
 + 445495 Improve Exception message when no jndi resource to bind for a name in
   web.xml
 + 445542 Add SecuredRedirectHandler for embedded jetty use to redirect to
   secure port/scheme
 + 445821 Error 400 should be logged with RequestLog
 + 445823 Moved RequestLog calling to HttpChannel
 + 445830 Support setting environment variables on forked jetty with
   jetty:run-forked
 + 445979 jetty.sh fails to start when start-stop-daemon does not exist and the
   user is not root
 + 446033 org.eclipse.jetty.websocket.server.WebSocketServerFactory not
   available in OSGi
 + 446063 ALPN Fail SSL Handshake if no supported Application Protocols
 + 446107 NullPointerException in ProxyServlet when extended by Servlet without
   a package
 + 446425 Oracle Sql error on JettySessions table when this table do not exist
   already
 + 446506 getAsyncContext ISE before startAsync on async dispatches
 + 446559 Avoid spin consuming extra data
 + 446563 Null HttpChannel.getCurrentHttpChannel() in
   ServletHandler.doFilter().
 + 446564 Refactored RequestLog Mechanism
 + 446672 NPN Specification issue in the case no protocols are selected
 + 446923 SharedBlockingCallback does not handle connector max idle time of
   Long.MAX_VALUE; BlockerTimeoutException not serializable
 + 446944 ServletTester and HttpTester should be in
   <classifier>tests</classifier>
 + 447216 putAll Properties in XmlConfiguration
 + 447381 Disable SSLv3 by default
 + 447472 test harness for slow large writes
 + 447515 Remove GzipFilter
 + 447627 MultiPart file always created when "filename" set in
   Content-Disposition
 + 447629 getPart()/getParts() fails on Multipart request if getParameter is
   called in a filter first
 + 447746 HttpClient is always going to send User-Agent header even though I do
   not want it to.
 + 447979 Refactor to make MetaData responsible for progressively ordering
   web-inf jars
 + 448156 Fixed INACTIVE race in IteratingCallback
 + 448225 Removed unnecessary synchronize on initParser
 + 448675 Impossible to set own Threadpool when using jetty-maven-plugin
 + 448841 Clarified selectors==0 javadoc 448840 Clarified ServerConnector
   javadoc 448839 Fixed javadoc typo in ServerConnector
 + 449001 Remove start.d directory from JETTY_HOME
 + 449003 WARNING: Cannot enable requested module [protonego-impl]: not a valid
   module name
 + 449038 WebSocketUpgradeFilter must support async
 + 449175 Removed extra space in NCSA log
 + 449372 Make jvmArgs of jetty:run-forked configurable from command line

jetty-9.2.4.v20141103 - 03 November 2014
 + 376365 "jetty.sh start" returns 0 on failure
 + 396569 'bin/jetty.sh stop' reports 'OK' even when jetty was not running
 + 396572 Starting jetty from cygwin is not working properly
 + 438387 NullPointerException after ServletUpgradeResponse.sendForbidden is
   called during WebSocketCreator.createWebSocket
 + 440729 SSL requests often fail with EOFException or IllegalStateException
 + 440925 NPE when using relative paths for --start-log-file
 + 442419 CrossOriginFilter javadoc says "exposeHeaders", but should be
   "exposedHeaders"
 + 442495 Bad Context ClassLoader in JSR356 WebSocket onOpen
 + 442942 Content sent with status 204 (No Content)
 + 443529 CrossOriginFilter does not accept wildcard for allowedHeaders
 + 443530 CrossOriginFilter does not set the Vary header
 + 443550 improved FileResource encoded alias checking
 + 444031 Ensure exceptions do not reduce threadpool below minimum
 + 444124 JSP include with <servlet><jsp-file> can cause infinite recursion
 + 444214 Socks4Proxy fails when reading less than 8 bytes
 + 444222 replace CRLF in header values with whitespace rather than ?
 + 444415 iterative WriteFlusher
 + 444416 AsyncProxyServlet recursion
 + 444517 Ensure WebSocketUpgradeFilter is always first in filter chain
 + 444547 Format exception in ResourceCache.Content.toString()
 + 444595 nosql/mongodb - Cleanup process/Refreshing does not respect encoding
   of attribute keys
 + 444617 Expose local and remote socket address to applications
 + 444676 Goal jetty:deploy-war produces errors with version 9.2.3
 + 444722 Fixed order of setReuseAddress call
 + 444748 WebSocketClient.stop() does not unregister from ShutdownThread
 + 444764 HttpClient notifies callbacks for last chunk of content twice
 + 444771 JSR356 / EndPointConfig.userProperties are not unique per endpoint
   upgrade
 + 444863 ProxyServlet does not filter headers listed by the Connection header
 + 444896 Overriding of web-default servlet mapping in web.xml not working with
   quickstart
 + 445157 First redeployed servlet leaks WebAppContext
 + 445167 Allow configuration of dispatch after select
 + 445239 Rename weld.mod to cdi.mod to be consistent with past module namings
 + 445258 STOP.WAIT is not really respected
 + 445374 Reevaluate org.eclipse.jetty.websocket.jsr356 enablement concepts
 + 445495 Improve Exception message when no jndi resource to bind for a name in
   web.xml
 + 445542 Add SecuredRedirectHandler for embedded jetty use to redirect to
   secure port/scheme
 + 445821 Error 400 should be logged with RequestLog
 + 445823 RequestLogHandler at end of HandlerCollection doesn't work
 + 445830 Support setting environment variables on forked jetty with
   jetty:run-forked
 + 445979 jetty.sh fails to start when start-stop-daemon does not exist and the
   user is not root
 + 446033 org.eclipse.jetty.websocket.server.WebSocketServerFactory not
   available in OSGi
 + 446063 ALPN Fail SSL Handshake if no supported Application Protocols
 + 446107 NullPointerException in ProxyServlet when extended by Servlet without
   a package
 + 446425 Oracle Sql error on JettySessions table when this table do not exist
   already
 + 446506 getAsyncContext ISE before startAsync on async dispatches
 + 446559 Avoid spin consuming extra data
 + 446563 Null HttpChannel.getCurrentHttpChannel() in
   ServletHandler.doFilter().
 + 446672 NPN Specification issue in the case no protocols are selected
 + 446923 SharedBlockingCallback does not handle connector max idle time of
   Long.MAX_VALUE; BlockerTimeoutException not serializable
 + 447381 Disable SSLv3 by default
 + 447472 test harness for slow large writes
 + 447515 Remove GzipFilter
 + 447627 MultiPart file always created when "filename" set in
   Content-Disposition
 + 447629 getPart()/getParts() fails on Multipart request if getParameter is
   called in a filter first
 + 447746 HttpClient is always going to send User-Agent header even though I do
   not want it to.
 + 447979 Refactor to make MetaData responsible for progressively ordering
   web-inf jars
 + 448156 Fixed INACTIVE race in IteratingCallback
 + 448225 Removed unnecessary synchronize on initParser
 + 448675 Impossible to set own Threadpool when using jetty-maven-plugin
 + 448841 Clarified selectors==0 javadoc 448840 Clarified ServerConnector
   javadoc 448839 Fixed javadoc typo in ServerConnector
 + 449001 Remove start.d directory from JETTY_HOME
 + 449003 WARNING: Cannot enable requested module [protonego-impl]: not a valid
   module name
 + 449038 WebSocketUpgradeFilter must support async
 + 449175 Removed extra space in NCSA log
 + 449291 create-files downloads without license
 + 449372 Make jvmArgs of jetty:run-forked configurable from command line
 + 449603 OutputStreamContentProvider hangs when host is not available

jetty-9.3.0.M0 - 24 September 2014
 + 437395 Start / Properties in template sections should be default applied for
   enabled modules
 + 438204 getServerName returns IPv6 addresses wrapped in []
 + 438387 NullPointerException after ServletUpgradeResponse.sendForbidden is
   called during WebSocketCreator.createWebSocket
 + 439369 Remove unused class CrossContextPsuedoSession
 + 439375 preferred rfc7231 format is mime;charset=lowercase-9
 + 442083 Client resets stream, pending server data is failed, connection
   closed.
 + 442086 Review HttpOutput blocking writes
 + 442477 Allow Symlink aliases by default
 + 442495 Bad Context ClassLoader in JSR356 WebSocket onOpen
 + 442950 Embedded Jetty client requests to localhost hangs with high cpu usage
   (NIO OP_CONNECT Solaris/Sparc).
 + 443652 Remove dependency on java.lang.management classes
 + 443661 Rename manifest and service constants for jetty osgi resource
   fragment code
 + 443662 Consume buffer in write(ByteBuffer)
 + 443713 Reduce number of SelectionKey.setInterestOps() calls
 + 443893 Make a module for weld
 + 444124 JSP include with <servlet><jsp-file> can cause infinite recursion
 + 444214 Socks4Proxy fails when reading less than 8 bytes
 + 444222 replace CRLF in header values with whitespace rather than ?
 + 444415 iterative WriteFlusher
 + 444416 AsyncProxyServlet recursion
 + 444485 Client resets stream, pending server data is failed, write hangs
 + 444517 Ensure WebSocketUpgradeFilter is always first in filter chain
 + 444547 Format exception in ResourceCache.Content.toString()
 + 444617 Expose local and remote socket address to applications
 + 444748 WebSocketClient.stop() does not unregister from ShutdownThread
 + 444764 HttpClient notifies callbacks for last chunk of content twice
 + 444771 JSR356 / EndPointConfig.userProperties are not unique per endpoint
   upgrade
 + 444863 ProxyServlet does not filter headers listed by the Connection header

jetty-9.2.3.v20140905 - 05 September 2014
 + 347110 renamed class transformer methods
 + 411163 Add embedded jetty code example with JSP enabled
 + 435322 Added a idleTimeout to the SharedBlockerCallback
 + 435533 Handle 0 sized async gzip
 + 435988 ContainerLifeCycle: beans never stopped on remove
 + 436862 Update jetty-osgi to asm-5 and spifly-1.0.1
 + 438500 Odd NoClassDef errors when shutting down the jetty-maven-plugin via
   the stop goal
 + 440255 ensure 500 is logged on thrown Errors
 + 441073 isEarlyEOF on HttpInput
 + 441475 org.eclipse.jetty.server.ResourceCache exceptions under high load
 + 441479 Jetty hangs due to deadlocks in session manager
 + 441649 Update to jsp and el Apache Jasper 8.0.9
 + 441756 Ssl Stackoverflow on renegotiate
 + 441897 Fixed etag handling in gzipfilter
 + 442048 fixed sendRedirect %2F encoding
 + 442383 Improved insufficient threads message
 + 442628 Update example xml file for second server instance to extract wars
 + 442642 Quickstart generates valid XML
 + 442759 Allow specific ServletContainerInitializers to be excluded
 + 442950 Embedded Jetty client requests to localhost hangs with high cpu usage
   (NIO OP_CONNECT Solaris/Sparc).
 + 443049 Improved HttpParser illegal character messages
 + 443158 Fixed HttpOutput spin
 + 443172 web-fragment.xml wrongly parsed for applications running in serlvet
   2.4 mode
 + 443231 java.lang.NullPointerException on scavenge scheduling when session id
   manager declared before shared scheduler
 + 443262 Distinguish situation where jetty looks for tlds in META-INF but
   finds none vs does not look

jetty-8.1.16.v20140903 - 03 September 2014
 + 409788 Large POST body causes java.lang.IllegalStateException: SENDING =>
   HEADERS.
 + 433689 Evict idle HttpDestinations from client
 + 433802 check EOF in send1xx
 + 438996 Scavenger-Timer in HashSessionManager can die because of
   IllegalStateException from getMaxInactiveInterval
 + 442048 fixed sendRedirect %2F encoding
 + 442839 highly fragmented websocket messages can result in corrupt binary
   messages

jetty-7.6.16.v20140903 - 03 September 2014
 + 409788 Large POST body causes java.lang.IllegalStateException: SENDING =>
   HEADERS.
 + 433802 check EOF in send1xx
 + 442839 highly fragmented websocket messages can result in corrupt binary
   messages

jetty-9.2.2.v20140723 - 23 July 2014
 + 411323 DosFilter/QoSFilter should use AsyncContext rather than
   Continuations.
 + 432815 Fixed selector stop race
 + 434536 Improved Customizer javadoc
 + 435322 Fixed Iterating Callback close
 + 435653 encode async dispatched requestURI
 + 435895 jetty spring module is not in distribution
 + 436874 WebSocket client throwing a NullPointer when handling a pong
 + 436894 GzipFilter code cleanup
 + 436916 CGI: "Search docroot for a matching execCmd" logic is wrong
 + 436987 limited range of default acceptors and selectors
 + 437051 Refactor Filter chain handling of Request.isAsyncSupported
 + 437395 Start / Properties in template sections should be default applied for
   enabled modules
 + 437419 Allow scanning of META-INF for resources,fragments,tlds for unpacked
   jars
 + 437430 jettyXml not consistent between jetty:run and jetty:run-forked
 + 437462 consistent test failure in jetty-start under windows
 + 437706 ServletTester calls LocalConnector method with hardcoded timeout
 + 437800 URLs with single quote and spaces return 404
 + 437996 avoid async status race by not setting 200 on handled
 + 438079 Review garbage creation in 9.2.x series
 + 438190 findbug improvements
 + 438204 leave IPv6 addresses [] wrapped in getServerName
 + 438327 Remove hard coded Allow from OPTIONS *
 + 438331 AbstractLogger.debug(String,long) infinite loop
 + 438434 ResourceHandler checks aliases
 + 438895 Add mvn jetty:effective-web-xml goal
 + 439066 javadoc setStopAtShutdown
 + 439067 Improved graceful stop timeout handling
 + 439194 Do not configure fake server for jetty:run-forked
 + 439201 GzipFilter and AsyncGzipFilter should strip charset from Content-Type
   before making exclusion comparison in doFilter
 + 439369 Deprecate CrossContextPseudoSession
 + 439387 Ensure empty servlet-class never generated for quickstart
 + 439390 Ensure jsp scratchdir is created same way for quickstart and
   non-quickstart
 + 439394 load-on-startup with value 0 not preserved for quickstart
 + 439399 Scan tlds for apache jasper standard taglib with jetty-maven-plugin
 + 439438 DataSourceLoginService does not refresh passwords when changed in
   database
 + 439507 Possible timing side-channel when comparing MD5-Credentials
 + 439540 setReuseAddress() in ServerConnector.java is not coded properly
 + 439652 GzipHandler super.doStart
 + 439663 Allow mappings to be declared before servlet/filter
 + 439672 support using Apache commons daemon for managing Jetty
 + 439753 ConstraintSecurityHandler has dead code for processing constraints
 + 439788 CORS filter headers gone between 9.2.0.M0 and 9.2.1 .v20140609 for
   ProxyServlet requests.
 + 439809 mvn jetty:jspc cannot find taglibs in dependency jars
 + 439895 No event callback should be invoked after the "failure" callback
 + 440020 Abort bad proxy responses with sendError(-1)
 + 440038 Content decoding may fail
 + 440114 ContextHandlerCollection does not skip context wrappers
 + 440122 Remove usages of ForkInvoker

jetty-9.2.1.v20140609 - 09 June 2014
 + 347110 Supprt ClassFileTransormers in WebAppClassLoader
 + 432192 jetty-start / Allow JETTY_LOGS use for start-log-file
 + 432321 jetty-start / Allow defining extra start directories for common
   configurations
 + 435322 Improved debug
 + 436029 GzipFilter errors on asynchronous methods with message to
   AsyncGzipFilter
 + 436345 Refactor AbstractSession to minimize burden on subclasses to
   implement behaviour
 + 436388 Allow case-insensitive STOP.KEY and STOP.PORT use
 + 436405 ${jetty.base}/resources not on classpath with default configuration
 + 436520 Start / Allow https and file urls in jetty-start's module download
   mechanism
 + 436524 Start / Downloadable [files] references in modules cannot use ":"
   themselves

jetty-9.2.0.v20140526 - 26 May 2014
 + 429390 Decoders and Encoders are not registered for non-annotated
   ClientEndpoint
 + 434810 better handling of bad messages
 + 435086 ${jetty.base}/resources not on classpath when using
   --module=resources
 + 435088 lib/npn packaging of jetty-distribution is off
 + 435206 Can't add Cookie header on websocket ClientUpgradeRequest
 + 435217 Remove deprecated TagLibConfiguration
 + 435223 High cpu usage in
   FCGIHttpParser.parseContent(ResponseContentParser.java:314).
 + 435338 Incorrect handling of asynchronous content
 + 435412 Make AbstractSession.access() more amenable to customization

jetty-9.2.0.RC0 - 15 May 2014
 + 419972 Support sending forms (application/x-www-form-urlencoded)
 + 420368 Default content types for ContentProviders
 + 428966 Per-request cookie support
 + 430418 Jetty 9.1.3 and Chrome 33 permessage-deflate do not work together
 + 431333 NPE In logging of WebSocket ExtensionConfig
 + 432321 jetty-start / Allow defining extra start directories for common
   configurations
 + 432939 Jetty Client ContentResponse should have methods such as
   getContentType() and getMediaType().
 + 433089 Client should provide Request.accept() method, like JAX-RS 2.0
   Invocation.Builder.accept().
 + 433405 Websocket Session.setMaxIdleTimeout fails with zero
 + 433689 Evict old HttpDestinations from HttpClient
 + 434386 Request Dispatcher extracts args and prevents asyncIO
 + 434395 WebSocket / memory leak, WebSocketSession not cleaned up in abnormal
   closure cases
 + 434447 Able to create a session after a response.sendRedirect
 + 434505 Allow property files on start.jar command line Signed-off-by: Tom
   Zeller<tzeller@dragonacea.biz>
 + 434578 Complete listener not called if redirected to an invalid URI
 + 434679 Log static initialization via jetty-logging.properties fails
   sometimes
 + 434685 WebSocket read/parse does not discard remaining network buffer after
   unrecoverable error case
 + 434715 Avoid call to ServletHolder.getServlet() during handle() iff servlet
   is available and instantiated

jetty-9.2.0.M1 - 08 May 2014
 + 367680 jsp-file with load-on-startup not precompiled
 + 404511 removed deprecated StringMap
 + 409105 Upgrade jetty-osgi build/test to use more recent pax junit test
   framework
 + 424982 improved PID check in jetty.sh
 + 425421 ContainerLifeCycle does not start added beans in started state
 + 428904 Add logging of which webapp has path with uncovered http methods
 + 431094 Consistent handling of utf8 decoding errors
 + 431459 Jetty WebSocket compression extensions fails to handle big messages
   properly
 + 431519 Fixed NetworkTrafficListener
 + 431642 Implement ProxyServlet using Servlet 3.1 async I/O
 + 432145 Pending request is not failed when HttpClient is stopped
 + 432270 Slow requests with response content delimited by EOF fail
 + 432321 jetty-start / Allow defining extra start directories for common
   configurations
 + 432468 Improve command CGI path handling
 + 432473 web.xml declaration order of filters not preserved on calls to init()
 + 432483 make osgi.serviceloader support for
   javax.servlet.ServletContainerInitializer optional (cherry picked from
   commit 31043d25708edbea9ef31948093f4eaf2247919b)
 + 432528 IllegalStateException when using DeferredContentProvider
 + 432777 Async Write Loses Data with HTTPS Server
 + 432901 ensure a single onError callback only in pending and unready states
 + 432993 Improve handling of ProxyTo and Prefix parameters in
   ProxyServlet.Transparent.
 + 433244 Security manager lifecycle cleanup
 + 433262 WebSocket / Advanced close use cases
 + 433365 No such servlet:
   __org.eclipse.jetty.servlet.JspPropertyGroupServlet__
 + 433370 PATCH method does not work with ProxyServlet
 + 433431 Support ServletHandler fall through
 + 433479 Improved resource javadoc
 + 433483 sync log initialize
 + 433512 Jetty throws RuntimeException when webapp compiled with jdk8
   -parameters
 + 433563 Jetty fails to startup on windows - InvalidPathException
 + 433572 default to sending date header
 + 433656 Change to Opcode.ASM5 breaks jetty-osgi
 + 433692 improved buffer resizing
 + 433708 Improve WebAppClassLoader.addClassPath() IllegalStateException
   message
 + 433793 WebSocket / empty protocol list in ServerEndpointConfig.Configurator
   when using non-exact header name
 + 433841 Resource.newResource() declares an exception it does not throw
 + 433849 FileResource string compare fix
 + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly
 + 434009 Improved javadoc for accessing HttpChannel and HttpConnection
 + 434027 ReadListener.onError() not invoked in case of read failures
 + 434056 Support content consumed asynchronously
 + 434074 Avoid double dispatch by returning false from messageComplete
 + 434077 AnnotatedServerEndpointTest emits strange exception
 + 434247 Redirect loop in FastCGI proxying for HTTPS sites

jetty-9.1.5.v20140505 - 05 May 2014
 + 431459 Jetty WebSocket compression extensions fails to handle big messages
   properly
 + 431519 Fixed NetworkTrafficListener
 + 432145 Pending request is not failed when HttpClient is stopped
 + 432270 Slow requests with response content delimited by EOF fail
 + 432473 web.xml declaration order of filters not preserved on calls to init()
 + 432483 make osgi.serviceloader support for
   javax.servlet.ServletContainerInitializer optional (cherry picked from
   commit 31043d25708edbea9ef31948093f4eaf2247919b)
 + 432528 IllegalStateException when using DeferredContentProvider
 + 432777 Async Write Loses Data with HTTPS Server
 + 432901 ensure a single onError callback only in pending and unready states
 + 432993 Improve handling of ProxyTo and Prefix parameters in
   ProxyServlet.Transparent.
 + 433365 No such servlet:
   __org.eclipse.jetty.servlet.JspPropertyGroupServlet__ (cherry picked from
   commit e2ed934978b958d6fccb28a8a5d04768f7c0432d)
 + 433370 PATCH method does not work with ProxyServlet
 + 433483 sync log initialize
 + 433692 improved buffer resizing
 + 433916 HttpChannelOverHttp handles HTTP 1.0 connection reuse incorrectly
 + 434027 ReadListener.onError() not invoked in case of read failures

jetty-8.1.15.v20140411 - 11 April 2014
 + 397167 Remote Access documentation is wrong
 + 419799 complete after exceptions thrown from async error pages
 + 420776 complete error pages after startAsync
 + 421197 fix method comment and ensure close synchronized
 + 422137 Added maxQueued to QueuedThreadPool MBean
 + 424180 improve bad message errors
 + 425038 WebSocketClient leaks file handles when exceptions are thrown from
   open()
 + 425551 Memory Leak in SelectConnector$ConnectTimeout.expired
 + 426658 backport Bug 425930 to jetty-8
 + 427761 allow endpoints to be interrupted
 + 428708 JDBCSessionIdManager when clearing expired sessions failed, jetty
   should still be able to startup
 + 428710 JDBCSession(Id)Manager use 'read committed isolation level'
 + 430968 Use wrapped response with async dispatch
 + 432452 ConnectHandler does not timeout sockets in FIN_WAIT2

jetty-7.6.15.v20140411 - 11 April 2014
 + 422137 Added maxQueued to QueuedThreadPool MBean
 + 425038 WebSocketClient leaks file handles when exceptions are thrown from
   open()
 + 425551 Memory Leak in SelectConnector$ConnectTimeout.expired
 + 432452 ConnectHandler does not timeout sockets in FIN_WAIT2

jetty-9.2.0.M0 - 09 April 2014
 + 419801 Upgrade to asm5 for jdk8
 + 423392 Fix buffer overflow in AsyncGzipFilter
 + 425736 jetty-start / Jetty 9 fails to startup with --exec option if Java
   path contain
 + 426920 jetty-start / BaseHome.listFilesRegex() and .recurseDir() do not
   detect filesystem loops
 + 427188 Re-enable automatic detection of logging-dependencies with
   logging-module
 + 429734 Implemented the HA ProxyProtocol
 + 430341 use apache jsp/jstl for maven plugins
 + 430747 jetty-start / Allow --lib and module [lib] to recursively add jars
 + 430825 jetty-start / use of jetty-jmx.xml prevents configuration of
   ThreadPool in jetty.xml
 + 431279 jetty-start / Unable to start jetty if no properties are defined
 + 431892 DefaultFileLocatorHelper.getBundleInstallLocation fails for equinox
   3.10
 + 432122 ignore frequently failing test
 + 432145 Pending request is not failed when HttpClient is stopped
 + 432270 Slow requests with response content delimited by EOF fail

jetty-9.1.4.v20140401 - 01 April 2014
 + 414206 Rewrite rules re-encode requestURI
 + 414885 Don't expose JDT classes by default
 + 417022 Access current HttpConnection from Request not ThreadLocal
 + 423619 set Request timestamp on startRequest
 + 423982 removed duplicate UrlResource toString
 + 424107 Jetty should not finish chunked encoding on exception
 + 425991 added qml mime type
 + 426897 improved ContainerLifeCycle javadoc
 + 427185 Add org.objectweb.asm. as serverClass
 + 427204 jetty-start / startup incorrectly requires directory in jetty.base
 + 427368 start.sh fails quietly on command line error
 + 428594 File upload with onMessage and InputStream fails
 + 428595 JSR-356 / ClientContainer does not support SSL
 + 428597 javax-websocket-client-impl and javax-websocket-server-impl jars
   Manifests do not export packages for OSGI
 + 428817 jetty-start / Allow for property to configure deploy manager
   `webapps` directory
 + 429180 Make requestlog filename parameterized
 + 429357 JDBCSessionManager.Session.removeAttribute don't set dirty flag if
   attribute already removed
 + 429409 osgi] jetty.websocket.servlet must import jetty.websocket.server
 + 429487 Runner code cleanups
 + 429616 Use UTF-8 encoding for XML
 + 429779 masked zero length websocket frame gives NullPointerException during
   streaming read
 + 430088 OnMessage*Callable decoding of streaming binary or text is not thread
   safe
 + 430242 added SharedBlockingCallback to support threadsafe blocking
 + 430273 Cancel async timeout breaks volatile link to avoid race with slow
   expire
 + 430341 add apache jsp and jstl optional modules
 + 430490 Added JETTY_SHELL 426738 Fixed JETTY_HOME comments
 + 430649 test form encoding
 + 430654 closing client connections can hang worker threads
 + 430808 OutputStreamContentProvider violates OutputStream contract
 + 430822 jetty-start / make soLingerTime configurable via property
 + 430823 jetty-start / make NeedClientAuth (ssl) configurable via property
 + 430824 jetty-start / use of jetty-logging.xml prevents configuration of
   ThreadPool in jetty.xml
 + 431103 Complete listener not called if request times out before processing
   exchange.
 + 431592 do not resolved forwarded-for address

jetty-9.1.3.v20140225 - 25 February 2014
 + 373952 Ensure MongoSessionManager un/binds session attributes on refresh
   only if necessary
 + 424899 Initialize GzipHandler mimeTypes
 + 426490 HttpServletResponse.setBufferSize(0) results in tight loop (100% cpu
   hog)
 + 427700 Outgoing extensions that create multiple frames should flush them in
   order and atomically.
 + 427738 fixed XSS in async-rest demo
 + 428157 Methods of anonymous inner classes can't be called via xml
 + 428232 Rework batch mode / buffering in websocket
 + 428238 Test HEAD request with async IO
 + 428266 HttpRequest mangles URI query string
 + 428383 limit white space between requests
 + 428418 JettyStopMojo prints some messages on System.err
 + 428435 Large streaming message fails in MessageWriter
 + 428660 Delay closing async HttpOutput until after UNREADY->READY
 + 428710 JDBCSession(Id)Manager use read committed isolation level
 + 428859 Do not auto initialise jsr356 websocket if no annotations or
   EndPoints discovered

jetty-9.1.2.v20140210 - 10 February 2014
 + 408167 Complex object as session attribute not necessarily persisted
 + 423421 remove org.slf4j and org.ow2.asm from jetty-all artifact
 + 424171 Old javax.activation jar interferes with email sending
 + 424562 JDBCSessionManager.setNodeIdInSessionId(true) does not work
 + 425275 
   org.eclipse.jetty.osgi.annotations.AnnotationConfiguration.BundleParserTask.getStatistic()
   returns null when debug is enabled.
 + 425638 Fixed monitor module/xml typos
 + 425696 start.jar --add-to-start={module} results in error
 + 425703 Review [Queued]HttpInput
 + 425837 Upgrade to jstl 1.2.2
 + 425930 JDBC Session Manager constantly reloading session if save intervall
   expired once
 + 425998 JDBCSessionIdManager fails to create maxinterval column
 + 426250 jetty-all should be deployed on release
 + 426358 NPE generating temp dir name if no resourceBase or war
 + 426481 fix < java 1.7.0_10 npn files
 + 426739 Response with Connection: keep-alive truncated
 + 426750 isReady() returns true at EOF
 + 426870 HTTP 1.0 Request with Connection: keep-alive and response content
   hangs.
 + 427068 ServletContext.getClassLoader should only check privileges if a
   SecurityManager exists
 + 427128 Cookies are not sent to the server
 + 427245 StackOverflowError when session cannot be de-idled from disk
 + 427254 Cookies are not sent to the client
 + 427512 ReadPendingException in case of HTTP Proxy tunnelling
 + 427570 externalize common http config to start.ini
 + 427572 Default number of acceptors too big
 + 427587 MessageInputStream must copy the payload
 + 427588 WebSocket Parser leaks ByteBuffers
 + 427690 Remove Mux Extension and related support
 + 427699 WebSocket upgrade response sends Sec-WebSocket-Protocol twice

jetty-9.1.1.v20140108 - 08 January 2014
 + 408912 JDBCSessionIdManager should allow configuration of schema
 + 410750 NPE Protection in Mongo save session
 + 417202 Start / command line arguments with ${variable} should be expanded
 + 418622 WebSocket / When rejecting old WebSocket protocols, log client
   details
 + 418769 Allow resourceBases in run-forked Mojo
 + 418888 Added strict mode to HttpGenerator
 + 419309 encode alias URIs from File.toURI
 + 419911 Empty chunk causes ArrayIndexOutOfBoundsException in
   InputStreamResponseListener.
 + 421189 WebSocket / AbstractExtension's WebSocketPolicy is not
   Session-specific
 + 421314 Websocket / Connect attempt with Chrome 32+ fails with "Some
   extension already uses the compress bit"
 + 421697 IteratingCallback improvements
 + 421775 CookiePatternRule only sets cookie if not set already
 + 421794 Iterator from InputStreamProvider is not implemented properly
 + 421795 ContentProvider should have a method to release resources
 + 422192 ClientContainer.getOpenSessions() always returns null
 + 422264 OutputStreamContentProvider does not work with Basic Authentication
 + 422308 Change all session/sessionid managers to use shared Scheduler
 + 422386 Comma-separated <param-value>s not trimmed in GzipFilter
 + 422388 Test for GzipFilter apply to resources with charset appended to the
   MIME type
 + 422398 moved jmx remote config to jmx-remote.mod
 + 422427 improved TestConnection
 + 422703 Support reentrant HttpChannel and HttpConnection
 + 422723 Dispatch failed callbacks to avoid blocking selector
 + 422734 messages per second in ConnectorStatistics
 + 422807 fragment large written byte arrays to protect from JVM OOM bug
 + 423005 reuse gzipfilter buffers
 + 423048 Receiving a PING while sending a message kills the connection
 + 423060 Allow ${jetty.base}/work
 + 423118 ServletUpgradeRequest.getUserPrincipal() does not work
 + 423185 Update permessage-deflate for finalized spec
 + 423255 MBeans of SessionIdManager can leak memory on redeploy
 + 423361 Ensure ServletContainerInitializers called before injecting Listeners
 + 423373 Correct namespace use for JEE7 Schemas
 + 423392 GzipFilter without wrapping or blocking
 + 423395 Ensure @WebListeners are injected
 + 423397 Jetty server does not run on Linux server startup because of  a bug
   in jetty.sh script.
 + 423476 WebSocket / JSR / @OnMessage(maxMessageSize=20000000) not properly
   supported
 + 423556 HttpSessionIdListener should be resource injectable
 + 423646 WebSocket / JSR / WebSocketContainer (Client) should have its
   LifeCycle stop on standalone use
 + 423692 use UrlEncoded.ENCODING for merging forwarded query strings
 + 423695 <HT> Horizontal-tab used as HTTP Header Field separator unsupported
 + 423724 WebSocket / Rename MessageAppender.appendMessage to .appendFrame
 + 423739 Start checks module files
 + 423804 WebSocket / JSR improper use of
   ServerEndpointConfig.Configurator.getNegotiatedSubprotocol()
 + 423875 Update jetty-distro build to use jetty-toolchain jetty-schemas 3.1.M0
 + 423915 WebSocket / Active connection from IOS that goes into airplane mode
   not disconnected on server side
 + 423926 Remove code duplication in class IdleTimeout
 + 423930 SPDY streams are leaked
 + 423948 Cleanup and consolidate testing utilities in WebSocket
 + 424014 PathContentProvider does not close its internal SeekableByteChannel
 + 424043 IteratingCallback Idle race
 + 424051 Using --list-config can result in NPE
 + 424168 Module [ext] should load libraries recursively from lib/ext/
 + 424180 extensible bad message content
 + 424183 Start does not find LIB (Classpath) when on non-English locale
 + 424284 Identify conflicts in logging when error "Multiple servlets map to
   {pathspec}" occurs
 + 424303 @ServletSecurity not applied on non load-on-startup servlets
 + 424307 obfuscate unicode
 + 424380 Augment class / Jar scanning timing log events
 + 424390 Allow enabling modules via regex
 + 424398 Servlet load-on-startup ordering is not obeyed
 + 424497 Allow concurrent async sends
 + 424498 made bytebufferendpoint threadsafe
 + 424588 org.eclipse.jetty.ant.AntWebInfConfiguration does not add
   WEB-INF/classes for annotation scanning
 + 424598 Module [npn] downloads wrong npn jar
 + 424651 org.eclipse.jetty.spdy.Flusher use of non-growable ArrayQueue yield
   java.lang.IllegalStateException: Full.
 + 424682 Session cannot be deserialized with form authentication
 + 424706 The setMaxIdleTimeout of javax.websocket.Session does not take any
   affect
 + 424734 WebSocket / Expose Locale information from ServletUpgradeRequest
 + 424735 WebSocket / Make ServletUpgradeRequest expose its HttpServletRequest
 + 424743 Verify abort behavior in case the total timeout expires before the
   connect timeout.
 + 424762 ShutdownHandler hardcodes "127.0.0.1" and cannot be used with IPv6
 + 424847 Deadlock in deflate-frame (webkit binary)
 + 424863 IllegalStateException "Unable to find decoder for type
   <javax.websocket.PongMessage>"
 + 425038 WebSocketClient leaks file handles when exceptions are thrown from
   open()
 + 425043 Track whether pools are used correctly
 + 425049 add json mime mapping to mime.properties

jetty-9.1.0.v20131115 - 15 November 2013
 + 397167 Remote Access documentation is wrong
 + 416477 QueuedThreadPool does not reuse interrupted threads
 + 420776 complete error pages after startAsync
 + 421362 When using the jetty.osgi.boot ContextHandler service feature the
   wrong ContextHandler can be undeployed

jetty-9.1.0.RC2 - 07 November 2013
 + 410656 WebSocketSession.suspend() hardcoded to return null
 + 417223 removed deprecated ThreadPool.dispatch
 + 418741 Threadlocal cookie buffer in response
 + 420359 fixed thread warnings
 + 420572 IOTest explicitly uses 127.0.0.1
 + 420692 set soTimeout to try to avoid hang
 + 420844 Connection:close on exceptional errors
 + 420930 Use Charset to specify character encoding
 + 421197 synchronize gzip output finish
 + 421198 onComplete never call onComplete in BufferingResponseListener in 9.1

jetty-9.0.7.v20131107 - 07 November 2013
 + 407716 fixed logs
 + 416597 Allow classes and jars on the webappcontext extraclasspath to be
   scanned for annotations by jetty-maven-plugin
 + 418636 Name anonymous filter and holders with classname-hashcode
 + 418732 Add whiteListByPath mode to IPAccessHandler
 + 418767 run-forked goal ingores test scope dependencies with
   useTestScope=true
 + 418792 Session getProtocolVersion always returns null
 + 418892 SSL session caching so unreliable it effectively does not work
 + 419309 Added symlink checker to test webapp
 + 419333 treat // as an alias in path
 + 419344 NPNServerConnection does not close the EndPoint if it reads -1
 + 419350 Do not borrow space from passed arrays
 + 419655 AnnotationParser throws NullPointerException when scanning files from
   jar:file urls
 + 419687 HttpClient's query parameters must be case sensitive
 + 419799 Async timeout dispatches to error page
 + 419814 Annotation properties maxMessageSize and inputBufferSize don't work
 + 419846 JDBCSessionManager doesn't determine dirty state correctly
 + 419901 Client always adds extra user-agent header
 + 419937 Request isSecure cleared on recycle
 + 419950 Provide constructor for StringContentProvider that takes Charset
 + 419964 InputStreamContentProvider does not close provided InputStream
 + 420033 AsyncContext.onTimeout exceptions passed to onError
 + 420039 BufferingResponseListener continues processing after aborting
   request.
 + 420048 DefaultServlet alias checks configured resourceBase
 + 420142 reimplemented graceful shutdown
 + 420362 Response/request listeners called too many times
 + 420374 Call super.close() in a finally block
 + 420530 AbstractLoginModule never fails a login
 + 420572 IOTest explicitly uses 127.0.0.1
 + 420776 complete error pages after startAsync
 + 420844 Connection:close on exceptional errors
 + 420930 Use Charset to specify character encoding
 + 421197 synchronize gzip output finish

jetty-8.1.14.v20131031 - 31 October 2013
 + 417772 fixed low resources idle timeout
 + 418636 Name anonymous filter and holders with classname-hashcode
 + 419432 Allow to override the SslContextFactory on a per-destination basis
 + 420048 DefaultServlet alias checks configured resourceBase
 + 420530 AbstractLoginModule never fails a login

jetty-7.6.14.v20131031 - 31 October 2013
 + 417772 fixed low resources idle timeout
 + 418636 Name anonymous filter and holders with classname-hashcode
 + 419432 Allow to override the SslContextFactory on a per-destination basis
 + 420048 DefaultServlet alias checks configured resourceBase
 + 420530 AbstractLoginModule never fails a login

jetty-9.1.0.RC1 - 31 October 2013
 + 294531 Unpacking webapp twice to the same directory name causes problems
   with updated jars in WEB-INF/lib
 + 397049 Cannot Provide Custom Credential to JDBCLoginService
 + 403591 improve the Blocking Q implementation
 + 407716 fixed logs
 + 410840 Change SSLSession.getPeerCertificateChain() to
   SSLSession.getPeerCertificates().
 + 415118 WebAppClassLoader.getResource(name) should strip .class from name
 + 415609 spdy replace SessionInvoker with IteratingCallback. Introduce Flusher
   class to separate queuing/flushing logic from StandardSession
 + 416300 Order ServletContainerInitializer callbacks
 + 416597 Allow classes and jars on the webappcontext extraclasspath to be
   scanned for annotations by jetty-maven-plugin
 + 417356 Add SOCKS support to jetty client
 + 417932 resources.mod should make ${jetty.base}/resources/ directory
 + 417933 logging.mod ini template should include commented log.class settings
 + 418212 org.eclipse.jetty.spdy.server.http.SSLExternalServerTest hangs
 + 418441 Use of OPTIONS= in Jetty 9.1 should display WARNING message
 + 418596 Faults in JARs during class scanning should report the jar that
   caused the problem
 + 418603 cannot specify a custom ServerEndpointConfig.Configurator
 + 418625 WebSocket / Jsr RemoteEndpoint.sendObject(java.nio.HeapByteBuffer)
   doesn't find encoder
 + 418632 WebSocket / Jsr annotated @OnMessage with InputStream fails to be
   called
 + 418636 Name anonymous filter and holders with classname-hashcode
 + 418732 Add whiteListByPath mode to IPAccessHandler
 + 418767 run-forked goal ingores test scope dependencies with
   useTestScope=true
 + 418792 Session getProtocolVersion always returns null
 + 418892 SSL session caching so unreliable it effectively does not work
 + 418922 Missing parameterization of etc/jetty-xinetd.xml
 + 418923 Missing parameterization of etc/jetty-proxy.xml
 + 419146 Parameterize etc/jetty-requestlog.xml values
 + 419309 Added symlink checker to test webapp
 + 419330 Allow access to setters on jetty-jspc-maven-plugin
 + 419333 treat // as an alias in path
 + 419344 NPNServerConnection does not close the EndPoint if it reads -1
 + 419350 Do not borrow space from passed arrays
 + 419655 AnnotationParser throws NullPointerException when scanning files from
   jar:file urls
 + 419687 HttpClient's query parameters must be case sensitive
 + 419799 Async timeout dispatches to error page
 + 419814 Annotation properties maxMessageSize and inputBufferSize don't work
 + 419846 JDBCSessionManager doesn't determine dirty state correctly
 + 419899 Do not wrap SSL Exception as EoFException
 + 419901 Client always adds extra user-agent header
 + 419904 Data corruption on proxy PUT requests
 + 419914 QueuedThreadPool uses nanoTime
 + 419937 Request isSecure cleared on recycle
 + 419950 Provide constructor for StringContentProvider that takes Charset
 + 419964 InputStreamContentProvider does not close provided InputStream
 + 420012 Improve ProxyServlet.Transparent configuration in case prefix="/"
 + 420033 AsyncContext.onTimeout exceptions passed to onError
 + 420034 Removed threads/timers from Date caching
 + 420039 BufferingResponseListener continues processing after aborting
   request.
 + 420048 DefaultServlet alias checks configured resourceBase
 + 420103 Split out jmx-remote module from existing jmx module
 + 420142 reimplemented graceful shutdown
 + 420362 Response/request listeners called too many times
 + 420364 Bad synchronization in HttpConversation
 + 420374 Call super.close() in a finally block
 + 420530 AbstractLoginModule never fails a login
 + 420687 XML errors in jetty-plus/src/test/resources/web-fragment-*.xml
 + 420776 complete error pages after startAsync

jetty-9.1.0.RC0 - 30 September 2013
 + 412469 make module for jetty-jaspi
 + 416453 Add comments to embedded SplitFileServer example
 + 416577 enhanced shutdown handler to send shutdown at startup
 + 416674 run all jetty-ant tests on random ports
 + 416940 avoid download of spring-beans.dtd
 + 417152 WebSocket / Do all setup in websocket specific
   ServletContainerInitializer
 + 417239 re-implemented Request.getContentRead()
 + 417284 Precompiled regex in HttpField
 + 417289 SPDY replace use of direct buffers with indirect buffers or make it
   configurable
 + 417340 Upgrade JDT compiler to one that supports source/target of Java 1.7
 + 417382 Upgrade to asm 4.1 and refactor annotation parsing
 + 417475 Do not null context Trie during dynamic deploy
 + 417490 WebSocket / @PathParam annotated parameters are null when the servlet
   mapping uses a wildcard
 + 417561 Refactor annotation related code: change log messages
 + 417574 Setting options with _JAVA_OPTIONS breaks run-forked with
   <waitForChild>true</waitForChild>
 + 417831 Remove jetty-logging.properties from distro/resources
 + 417938 Startup / Sort properties presented in --list-config alphabetically
 + 418014 Handle NTFS canonical exceptions during alias check
 + 418068 WebSocketClient has lazy or injected Executor
 + 418212 org.eclipse.jetty.spdy.server.http.SSLExternalServerTest hangs
 + 418227 Null cookie value test

jetty-9.0.6.v20130930 - 30 September 2013
 + 411069 better set compiler defaults to 1.7, including webdefault.xml for jsp
 + 411934 War overlay configuration assumes src/main/webapp exists
 + 413484 setAttribute in nosql session management better handles _dirty status
 + 413684 deprecated unsafe alias checkers
 + 413737 hide stacktrace in ReferrerPushStrategyTest
 + 414431 Avoid debug NPE race
 + 414898 Only upgrade v0 to v1 cookies on dquote , ; backslash space and tab
   in the value
 + 415192 <jsp-file> maps to JspPropertyGroupServlet instead of JspServlet
 + 415194 Deployer gives management of context to context collection
 + 415302 
 + 415330 Avoid multiple callbacks at EOF
 + 415401 Add initalizeDefaults call to SpringConfigurationProcessor
 + 415548 migrate ProxyHTTPToSPDYTest to use HttpClient to avoid intermittent
   NPE part 2
 + 415605 fix status code logging for async requests
 + 415999 Fix some of FindBugs warnings
 + 416015 Handle null Accept-Language and other headers
 + 416096 DefaultServlet leaves open file descriptors with file sizes greater
   than response buffer
 + 416102 Clean up of async sendContent process
 + 416103 Added AllowSymLinkAliasChecker.java
 + 416251 ProxyHTTPToSPDYConnection now sends a 502 to the client if it
   receives a rst frame from the upstream spdy server
 + 416266 HttpServletResponse.encodeURL() encodes on first request when only
   SessionTrackingMode.COOKIE is used
 + 416314 jetty async client wrong behaviour for HEAD Method + Redirect
 + 416321 handle failure during blocked committing write
 + 416453 Add comments to embedded SplitFileServer example
 + 416477 Improved consumeAll error handling
 + 416568 Simplified servlet exception logging
 + 416577 enhanced shutdown handler to send shutdown at startup
 + 416585 WebInfConfiguration examines webapp classloader first instead of its
   parent when looking for container jars
 + 416597 Allow classes and jars on the webappcontext extraclasspath to be
   scanned for annotations
 + 416663 Content-length set by resourcehandler
 + 416674 run all jetty-ant tests on random ports
 + 416679 Change warning to debug if no transaction manager present
 + 416787 StringIndexOutOfBounds with a pathMap of ""
 + 416940 avoid download of spring-beans.dtd
 + 416990 JMX names statically unique
 + 417110 Demo / html body end tag missing in authfail.html
 + 417225 added Container.addEventListener method
 + 417260 Protected targets matched as true URI path segments
 + 417289 SPDY replace use of direct buffers with indirect buffers or make it
   configurable
 + 417475 Do not null context Trie during dynamic deploy
 + 417574 Setting options with _JAVA_OPTIONS breaks run-forked with
   <waitForChild>true</waitForChild>
 + 417831 Remove jetty-logging.properties from distro/resources
 + 418014 Handle NTFS canonical exceptions during alias check
 + 418212 org.eclipse.jetty.spdy.server.http.SSLExternalServerTest hangs
 + 418227 Null cookie value test

jetty-9.1.0.M0 - 16 September 2013
 + 393473 Add support for JSR-356 (javax.websocket) draft
 + 395444 Websockets not working with Chrome (deflate problem)
 + 396562 Add an implementation of RequestLog that supports Slf4j
 + 398467 Servlet 3.1 Non Blocking IO
 + 402984 WebSocket Upgrade must honor case insensitive header fields in
   upgrade request
 + 403280 Update to javax.el 2.2.4
 + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on
   write and Timeout
 + 403510 HttpSession maxInactiveInterval is not serialized in HashSession
 + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector
   and async request log
 + 403817 Use of WebSocket Session.close() results in invalid status code
 + 405188 HTTP 1.0 with GET returns internal IP address
 + 405422 Implement servlet3.1 spec sections 4.4.3 and 8.1.4 for new
   HttpSessionIdListener class
 + 405432 Check implementation of section 13.4.1 @ServletSecurity for
   @HttpConstraint and HttpMethodConstraint clarifications
 + 405435 Implement servlet3.1 section 13.6.3 for 303 redirects for Form auth
 + 405437 Implement section 13.8.4 Uncovered HTTP methods
 + 405525 Throw IllegalArgumentException if filter or servlet name is null or
   empty string in ServletContext.addXXX() methods
 + 405526 Deployment must fail if more than 1 servlet maps to same url pattern
 + 405531 Implement Part.getSubmittedFileName()
 + 405533 Implement special role ** for security constraints
 + 405535 Implement Request.isUserInRole(role) check security-role-refs
   defaulting to security-role if no matching ref
 + 405944 Check annotation and resource injection is supported for
   AsyncListener
 + 406759 supressed stacktrace in ReferrerPushStrategyTest
 + 407708 HttpUpgradeHandler must support injection
 + 408782 Transparent Proxy - rewrite URL is ignoring query strings
 + 408904 Enhance CommandlineBuilder to not escape strings inside single quotes
 + 409403 fix IllegalStateException when SPDY is used and the response is
   written through BufferUtil.writeTo byte by byte
 + 409796 fix and cleanup ReferrerPushStrategy. There's more work to do here so
   it remains @Ignore for now
 + 409953 return buffer.slice() instead of buffer.asReadOnlyBuffer() in
   ResourceCache to avoid using inefficent path in BufferUtil.writeTo
 + 410083 Jetty clients submits incomplete URL to proxy
 + 410098 inject accept-encoding header for all http requests through SPDY as
   SPDY clients MUST support spdy. Also remove two new tests that have been to
   implementation agnostic and not needed anymore due to recent code changes
 + 410246 HttpClient with proxy does not tunnel HTTPS requests
 + 410341 suppress stacktraces that happen during test setup shutdown after
   successful test run
 + 410800 Make RewritePatternRule queryString aware
 + 411069 better set compiler defaults to 1.7, including webdefault.xml for jsp
 + 411934 War overlay configuration assumes src/main/webapp exists
 + 412205 SSL handshake failure leads to unresponsive UpgradeConnection
 + 412418 HttpTransportOverSPDY fix race condition while sending push streams
   that could cause push data not to be sent. Fixes intermittent test issues in
   ReferrerPushStrategyTest
 + 412729 SPDYClient needs a Promise-based connect() method
 + 412829 Allow any mappings from web-default.xml to be overridden by web.xml
 + 412830 Error Page match ServletException then root cause
 + 412840 remove Future in SPDYClient.connect() and return Session instead in
   blocking version
 + 412934 Ignore any re-definition of an init-param within a descriptor
 + 412935 setLocale is not an explicit set of character encoding
 + 412940 minor threadsafe fixes
 + 413018 ServletContext.addListener() should throw IllegalArgumentException if
   arg is not correct type of listener
 + 413020 Second call to HttpSession.invalidate() should throw exception
 + 413019 HttpSession.getCreateTime() should throw exception after session is
   invalidated
 + 413291 Avoid SPDY double dispatch
 + 413387 onResponseHeaders is not called multiple times when multiple
   redirects occur.
 + 413484 setAttribute in nosql session management better handles _dirty status
 + 413531 Introduce pluggable transports for HttpClient
 + 413684 deprecated unsafe alias checkers
 + 413737 hide stacktrace in ReferrerPushStrategyTest
 + 413901 isAsyncStarted remains true while original request is dispatched
 + 414167 WebSocket handshake upgrade from FireFox fails due to keep-alive
 + 414431 Avoid debug NPE race
 + 414635 Modular start.d and jetty.base property
 + 414640 HTTP header value encoding
 + 414725 Annotation Scanning should exclude webapp basedir from path
   validation checks
 + 414731 Request.getCookies() should return null if there are no cookies
 + 414740 Removed the parent peeking Loader
 + 414891 Errors thrown by ReadListener and WriteListener not handled
   correctly.
 + 414898 Only upgrade v0 to v1 cookies on dquote , ; backslash space and tab
   in the value
 + 414913 WebSocket / Performance - reduce ByteBuffer allocation/copying during
   generation/writing
 + 414923 CompactPathRule needs to also compact the uri
 + 415047 Create URIs lazily in HttpClient
 + 415062 SelectorManager wakeup optimisation
 + 415131 Avoid autoboxing on debug
 + 415192 <jsp-file> maps to JspPropertyGroupServlet instead of JspServlet
 + 415194 Deployer gives management of context to context collection
 + 415302 
 + 415314 Jetty should not commit response on output if <
   Response.setBufferSize() bytes are written
 + 415330 Avoid multiple callbacks at EOF
 + 415401 WebAppProvider: override XmlConfiguration.initializeDefaults
 + 415548 migrate ProxyHTTPToSPDYTest to use HttpClient to avoid intermittent
   NPE part 2
 + 415605 fix status code logging for async requests
 + 415641 Remove remaining calls to deprecated HttpTranspoert.send
 + 415656 SPDY - add IdleTimeout per Stream functionality
 + 415744 Reduce Future usage in websocket
 + 415745 Include followed by forward using a PrintWriter incurs unnecessary
   delay
 + 415780 fix StreamAlreadyCommittedException in spdy build
 + 415825 fix stop support in modular start setup
 + 415826 modules initialised with --add-to-start and --add-to-startd
 + 415827 jetty-start / update --help text for new command line options
 + 415830 jetty-start / add more TestUseCases for home + base + modules
   configurations
 + 415831 rename ini keyword from MODULES= to --module=
 + 415832 jetty-start / fix ClassNotFound exception when starting from empty
   base directory
 + 415839 jetty-start / warning about need for --exec given when not needed by
   default configuration
 + 415899 jetty-start / add --lib=<cp> capability from Jetty 7/8
 + 415913 support bootlib and download in modules
 + 415999 Fix some of FindBugs warnings
 + 416015 Handle null Accept-Language and other headers
 + 416026 improve error handlig in SPDY parsers
 + 416096 DefaultServlet leaves open file descriptors with file sizes greater
   than response buffer
 + 416102 Clean up of async sendContent process
 + 416103 Added AllowSymLinkAliasChecker.java
 + 416143 mod file format uses [type]
 + 416242 respect persistence headers in ProxyHTTPSPDYConnection
 + 416251 ProxyHTTPToSPDYConnection now sends a 502 to the client if it
   receives a rst frame from the upstream spdy server
 + 416266 HttpServletResponse.encodeURL() encodes on first request when only
   SessionTrackingMode.COOKIE is used
 + 416314 jetty async client wrong behaviour for HEAD Method + Redirect
 + 416321 handle failure during blocked committing write
 + 416477 Improved consumeAll error handling
 + 416568 Simplified servlet exception logging
 + 416585 WebInfConfiguration examines webapp classloader first instead of its
   parent when looking for container jars
 + 416597 Allow classes and jars on the webappcontext extraclasspath to be
   scanned for annotations
 + 416663 Content-length set by resourcehandler
 + 416674 run all jetty-ant tests on random ports
 + 416679 Change warning to debug if no transaction manager present
 + 416680 remove uncovered constraint warning
 + 416681 Remove unnecessary security constraints in test-jetty-webapp
 + 416763 WebSocket / Jsr Session.getPathParameters() is empty
 + 416764 WebSocket / Jsr Session.getRequestURI() is missing scheme + host +
   port + query parameters
 + 416787 StringIndexOutOfBounds with a pathMap of ""
 + 416812 Don't start WebSocketClient for every context
 + 416990 JMX names statically unique
 + 417022 Request attribute access to Server,HttpChannel & HttpConnection
 + 417023 Add Default404Servlet if no default servlet set
 + 417108 demo-base uses HTTPS
 + 417109 Demo / Jaas test fails to find etc/login.conf
 + 417110 Demo / html body end tag missing in authfail.html
 + 417111 Demo / login with admin/admin fails
 + 417133 WebSocket / deflate-frame should accumulate decompress byte buffers
   properly
 + 417134 WebSocket / Jsr
   ServerEndpointConfig.Configurator.getNegotiatedExtensions() is never used
 + 417225 added Container.addEventListener method
 + 417260 Protected targets matched as true URI path segments

jetty-8.1.13.v20130916 - 16 September 2013
 + 412629 PropertyFileLoginModule doesn't cache user configuration file even
   for refreshInterval=0
 + 413484 setAttribute in nosql session management better handles _dirty status
 + 413684 deprecated unsafe alias checkers
 + 414235 RequestLogHandler configured on a context fails to handle forwarded
   requests
 + 414393 StringIndexOutofBoundsException with > 8k multipart content without
   CR or LF
 + 414431 Avoid debug NPE race
 + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking
   for hidden dirnames
 + 414652 WebSocket's sendMessage() may hang on congested connections
 + 415192 <jsp-file> maps to JspPropertyGroupServlet instead of JspServlet
 + 415401 Add XmlConfiguration.initializeDefaults that allows to set default
   values for any XmlConfiguration that may be overridden in the config file
 + 416266 HttpServletResponse.encodeURL() encodes on first request when only
   SessionTrackingMode.COOKIE is used
 + 416585 WebInfConfiguration examines webapp classloader first instead of its
   parent when looking for container jars
 + 416787 StringIndexOutOfBounds with a pathMap of ""
 + 416990 JMX names statically unique

jetty-7.6.13.v20130916 - 16 September 2013
 + 412629 PropertyFileLoginModule doesn't cache user configuration file even
   for refreshInterval=0
 + 413484 setAttribute in nosql session management better handles _dirty status
 + 413684 deprecated unsafe alias checkers
 + 414235 RequestLogHandler configured on a context fails to handle forwarded
   requests
 + 414393 StringIndexOutofBoundsException with > 8k multipart content without
   CR or LF
 + 414431 Avoid debug NPE race
 + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking
   for hidden dirnames
 + 414652 WebSocket's sendMessage() may hang on congested connections
 + 415192 <jsp-file> maps to JspPropertyGroupServlet instead of JspServlet
 + 415401 Add XmlConfiguration.initializeDefaults that allows to set default
   values for any XmlConfiguration that may be overridden in the config file
 + 416585 WebInfConfiguration examines webapp classloader first instead of its
   parent when looking for container jars
 + 416990 JMX names statically unique

jetty-9.0.5.v20130815 - 15 August 2013
 + 414898 Only upgrade v0 to v1 cookies on dquote , ; backslash space and tab
   in the value
 + 404468 Ported jetty-http-spi to Jetty-9
 + 405424 add X-Powered-By and Server header to SPDY
 + 405535 implement Request.isUserInRole(role) check security-role-refs
   defaulting to security-role if no matching ref
 + 408235 SPDYtoHTTP proxy fix: remove hop headers from upstream server
 + 409028 Jetty HttpClient does not work with proxy CONNECT method
 + 409282 fix intermittently failing MaxConcurrentStreamTest
 + 409845 add test that makes sure that DataFrameGenerator correctly prepends
   the header information
 + 410498 ignore type of exception in
   GoAwayTest.testDataNotProcessedAfterGoAway
 + 410668 HTTP client should support the PATCH method
 + 410800 Make RewritePatternRule queryString aware
 + 410805 StandardSession: remove all frameBytes for a given stream from queue
   if the stream is reset
 + 411216 RequestLogHandler handles async completion
 + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued
   parameters 411459  MultiPartFilter.Wrapper getParameter should use charset
   encoding of part
 + 411538 Use Replacement character for bad parameter % encodings
 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network
   bytes
 + 411755 MultiPartInputStreamParser fails on base64 encoded content
 + 411844 ArrayIndexOutOfBoundsException on wild URL
 + 411909 GzipFilter flushbuffer() results in erroneous finish() call
 + 412234 fix bug where NetworkTrafficSelectChannelEndpoint counted bytes wrong
   on incomplete writes
 + 412318 HttpChannel fix multiple calls to _transport.completed() if handle()
   is called multiple times while the channel is COMPLETED
 + 412418 HttpTransportOverSPDY fix race condition while sending push streams
   that could cause push data not to be sent. Fixes intermittent test issues in
   ReferrerPushStrategyTest
 + 412442 Avoid connection timeout after FIN-FIN close
 + 412466 Improved search for unset JETTY_HOME
 + 412608 EOF Chunk not sent on inputstream static content
 + 412629 PropertyFileLoginModule doesn't cache user configuration file even
   for refreshInterval=0
 + 412637 ShutdownMonitorThread already started
 + 412712 HttpClient does not send the terminal chunk after partial writes
 + 412713 add dumpOnStart configuration to jetty-maven-plugin
 + 412750 HttpClient close expired connections fix
 + 412814 HttpClient calling CompleteListener.onComplete() twice
 + 412846 jetty Http Client Connection through Proxy is failing with Timeout
 + 412938 Request.setCharacterEncoding now throws UnsupportedEncodingException
   instead of UnsupportedCharsetException
 + 413034 Multiple webapps redeploy returns NamingException with AppDynamics
   javaagent
 + 413066 accept lower case method: head
 + 413108 HttpClient hardcodes dispatchIO=false when using SSL
 + 413113 Inconsistent Request.getURI() when adding parameters via
   Request.param().
 + 413154 ContextHandlerCollection defers virtual host handling to
   ContextHandler
 + 413155 HttpTransportOverSPDY remove constructor argument for version and get
   version from stream.getSession instead
 + 413371 Default JSON.Converters for List and Set
 + 413372 JSON Enum uses name rather than toString()
 + 413393 better logging of bad URLs in Resources
 + 413486 SessionCookieConfig setters should throw IllegalStateException if
   called after context started
 + 413568 Made AJP worker name generic
 + 413684 Trailing slash shows JSP source
 + 413901 isAsyncStarted remains true while original request is dispatched
 + 414085 Add jetty-continuations to plugin dependencies
 + 414101 Do not escape special characters in cookies
 + 414235 RequestLogHandler configured on a context fails to handle forwarded
   requests
 + 414393 StringIndexOutofBoundsException with > 8k multipart content without
   CR or LF
 + 414449 Added HttpParser strict mode for case sensitivity
 + 414507 Ensure AnnotationParser ignores parent dir hierarchy when checking
   for hidden dirnames
 + 414625 final static version fields
 + 414640 HTTP header value encoding
 + 414652 WebSocket's sendMessage() may hang on congested connections
 + 414727 Ensure asynchronously flushed resources are closed
 + 414763 Added org.eclipse.jetty.util.log.stderr.ESCAPE option
 + 414833 HttpSessionListener.destroy must be invoked in reverse order
 + 414840 Request.login() throws NPE if username is null
 + 414951 QueuedThreadPool fix constructor that missed to pass the idleTimeout
 + 414972 HttpClient may read bytes with pre-tunnelled connection

jetty-8.1.12.v20130726 - 26 July 2013
 + 396706 CGI support parameters
 + 397193 MongoSessionManager refresh updates last access time
 + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7
 + 408529 Etags set in 304 response
 + 408600 set correct jetty.url in all pom files
 + 408642 setContentType from addHeader
 + 408662 In pax-web servlet services requests even if init() has not finished
   running
 + 408806 getParameter returns null on Multipart request if called before
   request.getPart()/getParts()
 + 408909 GzipFilter setting of headers when reset and/or not compressed
 + 409028 Jetty HttpClient does not work with proxy CONNECT method
 + 409133 Empty <welcome-file> causes StackOverflowError
 + 409436 NPE on context restart using dynamic servlet registration
 + 409449 Ensure servlets, filters and listeners added via dynamic
   registration, annotations or descriptors are cleaned on context restarts
 + 409556 FileInputStream not closed in DirectNIOBuffer
 + 410405 Avoid NPE for requestDispatcher(../)
 + 410630 MongoSessionManager conflicting session update op
 + 410750 NoSQLSessions: implement session context data persistence across
   server restarts
 + 410893 async support defaults to false for spec created servlets and filters
 + 411135 HttpClient may send proxied https requests to the proxy instead of
   the target server.
 + 411216 RequestLogHandler handles async completion
 + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued
   parameters 411459  MultiPartFilter.Wrapper getParameter should use charset
   encoding of part
 + 411755 MultiPartInputStreamParser fails on base64 encoded content
 + 411909 GzipFilter flushbuffer() results in erroneous finish() call
 + 412712 HttpClient does not send the terminal chunk after partial writes
 + 412750 HttpClient close expired connections fix
 + 413371 Default JSON.Converters for List and Set
 + 413372 JSON Enum uses name rather than toString()
 + 413684 Trailing slash shows JSP source
 + 413812 Make RateTracker serializable

jetty-7.6.12.v20130726 - 26 July 2013
 + 396706 CGI support parameters
 + 397193 MongoSessionManager refresh updates last access time
 + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7
 + 408529 Etags set in 304 response
 + 408600 set correct jetty.url in all pom files
 + 408642 setContentType from addHeader
 + 408662 In pax-web servlet services requests even if init() has not finished
   running
 + 408909 GzipFilter setting of headers when reset and/or not compressed
 + 409028 Jetty HttpClient does not work with proxy CONNECT method
 + 409133 Empty <welcome-file> causes StackOverflowError
 + 409556 FileInputStream not closed in DirectNIOBuffer
 + 410630 MongoSessionManager conflicting session update op
 + 410750 NoSQLSessions: implement session context data persistence across
   server restarts
 + 411135 HttpClient may send proxied https requests to the proxy instead of
   the target server.
 + 411216 RequestLogHandler handles async completion
 + 411458 MultiPartFilter getParameterMap doesn't preserve multivalued
   parameters 411459  MultiPartFilter.Wrapper getParameter should use charset
   encoding of part
 + 411755 MultiPartInputStreamParser fails on base64 encoded content
 + 411909 GzipFilter flushbuffer() results in erroneous finish() call
 + 412712 HttpClient does not send the terminal chunk after partial writes
 + 412750 HttpClient close expired connections fix
 + 413371 Default JSON.Converters for List and Set
 + 413372 JSON Enum uses name rather than toString()
 + 413684 Trailing slash shows JSP source
 + 413812 Make RateTracker serializable

jetty-9.0.4.v20130625 - 25 June 2013
 + 396706 CGI support parameters
 + 397051 Make JDBCLoginService data members protected to facilitate
   subclassing
 + 397193 MongoSessionManager refresh updates last access time
 + 398467 Servlet 3.1 Non Blocking IO
 + 400503 WebSocket - squelch legitimate Exceptions during testing to avoid
   false positives
 + 401027 javadoc JMX annotations
 + 404508 enable overlay deployer
 + 405188 HTTP 1.0 with GET returns internal IP address
 + 405313 Websocket client SSL hostname verification is broken, always defaults
   to raw IP as String
 + 406759 supressed stacktrace in ReferrerPushStrategyTest
 + 406923 Accept CRLF or LF but not CR as line termination
 + 407246 Test harness checked results in callbacks ignored
 + 407325 Test Failure:
   org.eclipse.jetty.servlets.EventSourceServletTest.testEncoding
 + 407326 Test Failure:
   org.eclipse.jetty.client.HttpClientStreamTest.testInputStreamResponseListenerFailedBeforeResponse[0].
 + 407342 ReloadedSessionMissingClassTest uses class compiled with jdk7
 + 407386 Cookies not copied in ServletWebSocketRequest
 + 407469 Method parameters for @OnWebSocketError should support Throwable
 + 407470 Javadoc for @OnWebSocketFrame incorrectly references WebSocketFrame
   object
 + 407491 Better handle empty Accept-Language
 + 407614 added excludedMimeTypes to gzipFilter
 + 407812 jetty-maven-plugin can not handle whitespaces in equivalent of
   WEB-INF/classes paths
 + 407931 Add toggle for failing on servlet availability
 + 407976 JDBCSessionIdManager potentially leaves server in bad state after
   startup
 + 408077 HashSessionManager leaves file handles open after being stopped
 + 408117 isAsyncStarted is false on redispatch
 + 408118 NullPointerException when parsing request cookies
 + 408167 JDBCSessionManager don't mark session as dirty if same attribute
   value set
 + 408281 Inconsistent start/stop handling in ContainerLifeCycle
 + 408446 Multipart parsing issue with boundry and charset in ContentType
   header
 + 408529 Etags set in 304 response
 + 408600 set correct jetty.url in all pom files
 + 408642 setContentType from addHeader
 + 408662 In pax-web servlet services requests even if init() has not finished
   running
 + 408709 refactor test-webapp's chat application. Now there's only a single
   request for user login and initial chat message.
 + 408720 NPE in AsyncContext.getRequest()
 + 408723 Jetty Maven plugin reload ignores web.xml listeners
 + 408768 JSTL jars not scanned by jetty-ant
 + 408771 Problem with ShutdownMonitor for jetty-ant
 + 408782 Transparent Proxy - rewrite URL is ignoring query strings
 + 408806 getParameter returns null on Multipart request if called before
   request.getPart()/getParts()
 + 408904 Enhance CommandlineBuilder to not escape strings inside single quotes
 + 408909 GzipFilter setting of headers when reset and/or not compressed
 + 408910 META-INF/jetty-webapp-context.xml file should be able to refer to
   bundle-relative locations
 + 408923 Need to be able to configure the ThreadPool for the default jetty
   server in osgi
 + 408945 XML Args ignored without DTD
 + 409012 added reference to example rewrite rules
 + 409133 Empty <welcome-file> causes StackOverflowError
 + 409228 Set jetty.home property so config files work even if deployed inside
   a bundle
 + 409403 fix IllegalStateException when SPDY is used and the response is
   written through BufferUtil.writeTo byte by byte
 + 409436 NPE on context restart using dynamic servlet registration
 + 409441 jetty.xml threadpool arg injection
 + 409449 Ensure servlets, filters and listeners added via dynamic
   registration, annotations or descriptors are cleaned on context restarts
 + 409545 Change HttpChannel contract
 + 409556 Resource files not closed
 + 409598 spdy: Fix NPE when a broken client tried to create duplicate stream
   IDs
 + 409684 Ids and properties not set for execution of jetty xml config files
   with mvn plugin
 + 409796 fix intermittent test issue in
   ReferrerPushStrategy.testResourceOrder. Happened when the client got closed
   before the server finished sending all data frames. Client waits now until
   all data is received.
 + 409801 Jetty should allow webdefault to be specified using a relative
   location when running in OSGi
 + 409842 Suspended request completed by a request thread does not set read
   interest.
 + 409953 return buffer.slice() instead of buffer.asReadOnlyBuffer() in
   ResourceCache to avoid using inefficent path in BufferUtil.writeTo
 + 409978 Websocket shouldn't create HttpSession if not present
 + 410083 Jetty clients submits incomplete URL to proxy
 + 410098 inject accept-encoding header for all http requests through SPDY as
   SPDY clients MUST support spdy. Also remove two new tests that have been to
   implementation agnostic and not needed anymore due to recent code changes
 + 410175 WebSocketSession#isSecure() doesn't return true for SSL session on
   the server side
 + 410246 HttpClient with proxy does not tunnel HTTPS requests
 + 410337 throw EofException instead of EOFException in HttpOutput.write() if
   HttpOutpyt is closed
 + 410341 suppress stacktraces that happen during test setup shutdown after
   successful test run
 + 410370 WebSocketCreator.createWebSocket() should use servlet specific
   parameters
 + 410372 Make SSL client certificate information available to server
   websockets
 + 410386 WebSocket Session.getUpgradeRequest().getRequestURI() returns bad URI
   on server side
 + 410405 Avoid NPE for requestDispatcher(../)
 + 410469 UpgradeRequest is sent twice when using SSL, one fails warning about
   WritePendingException
 + 410522 jetty start broken for command line options
 + 410537 Exceptions during @OnWebSocketConnect not reported to
   @OnWebSocketError
 + 410559 Removed FillInterest race
 + 410630 MongoSessionManager conflicting session update op
 + 410693 ServletContextHandler.setHandler does not relink handlers - check for
   null
 + 410750 NoSQLSessions: implement session context data persistence across
   server restarts
 + 410799 errors while creating push streams in HttpTransportOverSPDY are now
   logged to debug instead of warn
 + 410893 async support defaults to false for spec created servlets and filters
 + 410911 Continuation isExpired handling
 + 410995 Avoid reverse DNS lookups when creating SSLEngines
 + 411061 fix cookie handling in spdy. If two different HTTP headers with the
   same name are set, they should be translated to a single multiheader value
   according to:
   http://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3#TOC-2.6.10-Name-Value-Header-Block.
   That applies for Set-Cookie headers for example. Before this changed
   duplicate header names have overwritten the previous one
 + 411135 HttpClient may send proxied https requests to the proxy instead of
   the target server.
 + 411340 add comment why executeOnFillable defaults to true
 + 411545 SslConnection.DecryptedEndpoint.fill() sometimes misses a few network
   bytes

jetty-8.1.11.v20130520 - 20 May 2013
 + 402844 STOP.PORT & STOP.KEY behaviour has changed
 + 403281 jetty.sh waits for started or failure before returning
 + 403513 jetty:run goal cannot be executed twice during the maven build
 + 403570 Asynchronous Request Logging
 + 404010 fix cast exception in mongodb session manager
 + 404128 Add Vary headers rather than set them
 + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if
   listFiles() returns null
 + 404325 data constraint redirection does send default port
 + 404517 Close connection if request received after half close
 + 404789 Support IPv6 addresses in DoSFilter white list
 + 404958 Fixed Resource.newSystemResource striped / handling
 + 405281 allow filemappedbuffers to not be used
 + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest
 + 406437 Digest Auth supports out of order nc
 + 406618 Jetty startup in OSGi Equinox fails when using option
   jetty.home.bundle=org.eclipse.jetty.osgi.boot
 + 406923 CR line termination
 + 407136 @PreDestroy called after Servlet.destroy()
 + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager
 + 407931 Add toggle for failing on servlet availability
 + 407976 JDBCSessionIdManager potentially leaves server in bad state after
   startup
 + 408077 HashSessionManager leaves file handles open after being stopped
 + 408446 Multipart parsing issue with boundry and charset in ContentType
   header

jetty-7.6.11.v20130520 - 20 May 2013
 + 402844 STOP.PORT & STOP.KEY behaviour has changed
 + 403281 jetty.sh waits for started or failure before returning
 + 403513 jetty:run goal cannot be executed twice during the maven build
 + 403570 Asynchronous Request Logging
 + 404010 fix cast exception in mongodb session manager
 + 404128 Add Vary headers rather than set them
 + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if
   listFiles() returns null
 + 404325 data constraint redirection does send default port
 + 404517 Close connection if request received after half close
 + 404789 Support IPv6 addresses in DoSFilter white list
 + 404958 Fixed Resource.newSystemResource striped / handling
 + 405281 allow filemappedbuffers to not be used
 + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest
 + 406437 Digest Auth supports out of order nc
 + 406923 CR line termination
 + 407136 @PreDestroy called after Servlet.destroy()
 + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager
 + 407976 JDBCSessionIdManager potentially leaves server in bad state after
   startup
 + 408077 HashSessionManager leaves file handles open after being stopped
 + 408446 Multipart parsing issue with boundry and charset in ContentType
   header

jetty-9.0.3.v20130506 - 06 May 2013
 + 404010 fix cast exception in mongodb session manager
 + 404911 WebSocketCloseTest fails spuriously
 + 405281 allow filemappedbuffers to not be used
 + 405327 Modular Start.ini
 + 405530 Wrap AsyncContext to throw ISE after complete
 + 405537 NPE in rendering JSP using SPDY and wrapped ServletRequest
 + 405570 spdy push: resource ordering and sequential push
 + 405631 Plugin gives error when its started twice
 + 405925 Redeploy with jetty-maven-plugin fails
 + 406015 Query parameters and POST queries. Fixed proxy case where the path is
   rewritten to be absolute.
 + 406202 re-enabled connector statistics
 + 406214 fix constructor for PushSynInfo ignores timeout, remove timeout for
   creating push streams in HttpTransportOverSPDY
 + 406272 Security constraints with multiple http-method-omissions can be
   incorrectly applied
 + 406390 406617 removed tiny race from handling of suspend and complete
 + 406437 Digest Auth supports out of order nc
 + 406449 Session's disconnect not detected
 + 406617 Spin in Request.recycle
 + 406618 Jetty startup in OSGi Equinox fails when using option
   jetty.home.bundle=org.eclipse.jetty.osgi.boot
 + 406753 jetty-runner contains invalid signature files
 + 406768 Improved handling of static content resources
 + 406861 IPv6 redirects fail
 + 406923 Accept CRLF or LF but not CR as line termination
 + 406962 Improve attribute names in Request
 + 407075 Do not dispatch from complete
 + 407135 Unauthorized response causes retry loop
 + 407136 @PreDestroy called after Servlet.destroy()
 + 407173 java.lang.IllegalStateException: null when using JDBCSessionManager
 + 407214 Reduce build logging of OSGi modules

jetty-9.0.2.v20130417 - 17 April 2013
 + 364921 FIN WAIT sockets
 + 402885 reuse Deflaters in GzipFilter
 + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector
   and async request log
 + 404511 fixed poor methods in ArrayTernaryTrie
 + 405119 Tidy up comments and code formatting for osgi
 + 405352 Servlet init-param always overridden by WebServlet annotation
 + 405364 spdy imeplement MAX_CONCURRENT_STREAMS
 + 405449 spdy improve handling of duplicate stream Ids
 + 405540 ServletContextListeners call in reverse in doStop
 + 405551 InputStreamResponseListener.await returns null when request fails
 + 405679 example other server for documentation

jetty-9.0.1.v20130408 - 08 April 2013
 + 384552 add comment to jetty-https.xml describing keymanager password
 + 385488 non existing resources in collection are just warnings
 + 392129 fixed merged of handling of timeouts after startAsync
 + 393971 Improve setParentLoaderPriorty javadoc
 + 393972 Improve WebAppContext classloading javadoc
 + 395620 do not managed inherited life cycle listeners
 + 396562 Add an implementation of RequestLog that supports Slf4j
 + 399967 Destroyables destroyed on undeploy and shutdown hook
 + 400142 ConcurrentModificationException in JDBC SessionManger
 + 400144 When loading a session fails the JDBCSessionManger produces duplicate
   session IDs
 + 400689 Add support for Proxy authentication
 + 401150 close input stream used from cached resource
 + 401806 spdy push properly pass through request and response headers for
   pushed resources
 + 402397 InputStreamResponseListener early close inputStream cause hold lock
 + 402485 reseed secure random
 + 402626 Do not required endpoint host checking by default in server and
   configure in client
 + 402666 Improve handling of TLS exceptions due to raw socket close
 + 402694 setuid as LifeCycle listener
 + 402706 HttpSession.setMaxInactiveInterval(int) does not change JDBCSession
   expiry
 + 402726 WebAppContext references old WebSocket packages in system and server
   classes
 + 402735 jetty.sh to support status which is == check
 + 402757 WebSocket client module can't be used with WebSocket server module in
   the same WAR.
 + 402833 Test harness for global error page and hide exception message from
   reason string
 + 402844 STOP.PORT & STOP.KEY behaviour has changed
 + 402982 Premature initialization of Servlets
 + 402984 WebSocket Upgrade must honor case insensitive header fields in
   upgrade request
 + 403122 Session replication fails with ClassNotFoundException when session
   attribute is Java dynamic proxy
 + 403280 Update to javax.el 2.2.4
 + 403281 jetty.sh waits for started or failure before returning
 + 403360 Named connectors
 + 403370 move frameBytes.fail() call in StandardSession.flush() outside the
   synchronized block to avoid deadlock
 + 403373 WebSocket change timeout log level from warn -> info
 + 403380 Introduce WebSocketTimeoutException to differentiate between EOF on
   write and Timeout
 + 403451 Review synchronization in SslConnection
 + 403510 HttpSession maxInactiveInterval is not serialized in HashSession
 + 403513 jetty:run goal cannot be executed twice during the maven build
 + 403570 Asynchronous Request Logging
 + 403591 do not use the ConcurrentArrayBlockingQueue for thread pool, selector
   and async request log
 + 403817 Use of WebSocket Session.close() results in invalid status code
 + 404029 port jetty-monitor to jetty-9 and activate it
 + 404036 JDBCSessionIdManager.doStart() method should not call
   cleanExpiredSessions() because Listeners can't be notified
 + 404067 If cannot connect to db fail startup of JDBCSessionIdManager
 + 404128 Add Vary headers rather than set them
 + 404176 Jetty's AnnotationConfiguration class does not scan non-jar resources
   on the container classpath
 + 404204 Exception from inputstream cause hang or timeout
 + 404283 org.eclipse.jetty.util.Scanner.scanFile() dies with an NPE if
   listFiles() returns null
 + 404323 Improved parameterization of https and SPDY
 + 404325 data constraint redirection does send default port
 + 404326 set status when Request.setHandled(true) is called
 + 404511 Replaced all StringMap usage with Tries
 + 404517 Close connection if request received after half close
 + 404610 Reintroduce ability to disallow TLS renegotiation
 + 404757 SPDY can only be built with the latest JDK version
 + 404789 Support IPv6 addresses in DoSFilter white list
 + 404881 Allow regexs for SslContextFactory.setIncludeCipherSuites() and
   .setExcludeCipherSuites()
 + 404889 SelectorManager accepts attachments with sockets
 + 404906 servlets with load-on-startup = 0 are not fired up on jetty 9 startup
 + 404958 Fixed Resource.newSystemResource striped / handling
 + 405044 Query parameters lost for non GET or POST

jetty-8.1.10.v20130312 - 12 March 2013
 + 376273 Early EOF because of SSL Protocol Error on
   https://api-3t.paypal.com/nvp.
 + 381521 allow compress methods to be configured
 + 392129 fixed handling of timeouts after startAsync
 + 394064 ensure that JarFile instances are closed on JarFileResource.release()
 + 398649 ServletContextListener.contextDestroyed() is not called on
   ContextHandler unregistration
 + 399703 made encoding error handling consistent
 + 399799 do not hold lock while calling invalidation listeners
 + 399967 Shutdown hook calls destroy
 + 400040 NullPointerException in HttpGenerator.prepareBuffers
 + 400142 ConcurrentModificationException in JDBC SessionManger
 + 400144 When loading a session fails the JDBCSessionManger produces duplicate
   session IDs
 + 400312 ServletContextListener.contextInitialized() is not called when added
   in ServletContainerInitializer.onStartup
 + 400457 Thread context classloader hierarchy not searched when finding
   webapp's java:comp/env
 + 400859 limit max size of writes from cached content
 + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib
 + 401317 Make Safari 5.x websocket support minVersion level error more clear
 + 401382 Prevent parseAvailable from parsing next chunk when previous has not
   been consumed. Handle no content-type in chunked request.
 + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser
 + 401485 zip file closed exception
 + 401531 StringIndexOutOfBoundsException for "/*" <url-pattern> of
   <jsp-property-group> fix for multiple mappings to *.jsp
 + 401908 Enhance DosFilter to allow dynamic configuration of attributes
 + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty
   server is stopped
 + 402485 reseed secure random
 + 402735 jetty.sh to support status which is == check
 + 402833 Test harness for global error page and hide exception message from
   reason string

jetty-7.6.10.v20130312 - 12 March 2013
 + 376273 Early EOF because of SSL Protocol Error on
   https://api-3t.paypal.com/nvp.
 + 381521 allow compress methods to be configured
 + 394064 ensure that JarFile instances are closed on JarFileResource.release()
 + 398649 ServletContextListener.contextDestroyed() is not called on
   ContextHandler unregistration
 + 399703 made encoding error handling consistent
 + 399799 do not hold lock while calling invalidation listeners
 + 399967 Shutdown hook calls destroy
 + 400040 NullPointerException in HttpGenerator.prepareBuffers
 + 400142 ConcurrentModificationException in JDBC SessionManger
 + 400144 When loading a session fails the JDBCSessionManger produces duplicate
   session IDs
 + 400457 Thread context classloader hierarchy not searched when finding
   webapp's java:comp/env
 + 400859 limit max size of writes from cached content
 + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib
 + 401317 Make Safari 5.x websocket support minVersion level error more clear
 + 401382 Prevent parseAvailable from parsing next chunk when previous has not
   been consumed. Handle no content-type in chunked request.
 + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser
 + 401531 StringIndexOutOfBoundsException for "/*" <url-pattern> of
   <jsp-property-group> fix for multiple mappings to *.jsp
 + 401908 Enhance DosFilter to allow dynamic configuration of attributes
 + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty
   server is stopped
 + 402485 reseed secure random
 + 402735 jetty.sh to support status which is == check
 + 402833 Test harness for global error page and hide exception message from
   reason string

jetty-9.0.0.v20130308 - 08 March 2013
 + 399070 add updated version of npn-boot jar to start.ini
 + 399799 do not hold lock while calling invalidation listeners
 + 399967 Destroyables destroyed on undeploy and shutdown hook
 + 400312 ServletContextListener.contextInitialized() is not called when added
   in ServletContainerInitializer.onStartup
 + 401495 removed unused getOutputStream
 + 401531 StringIndexOutOfBoundsException for "/*" <url-pattern> of
   <jsp-property-group> fix for multiple mappings to *.jsp
 + 401641 Fixed MBean setter for String[]
 + 401642 Less verbose INFOs
 + 401643 Improved Authentication exception messages and provided quiet servlet
   exception
 + 401644 Dump does not login user already logged in
 + 401651 Abort request if maxRequestsQueuedPerDestination is reached
 + 401777 InputStreamResponseListener CJK byte (>=128) cause EOF
 + 401904 fixed getRemoteAddr to return IP instead of hostname
 + 401908 Enhance DosFilter to allow dynamic configuration of attributes
 + 401966 Ensure OSGI WebApp as Service (WebAppContext) can be deployed only
   through ServiceWebAppProvider
 + 402008 Websocket blocking write hangs when remote client dies (or is killed)
   without going thru Close handshake
 + 402048 org.eclipse.jetty.server.ShutdownMonitor doesn't stop after the jetty
   server is stopped
 + 402075 Massive old gen growth when hit by lots of non persistent
   connections.
 + 402090 httpsender PendingState cause uncertain data send to server
 + 402106 fixed URI resize in HttpParser
 + 402148 Update Javadoc for WebSocketServlet for new API
 + 402154 WebSocket / Session.setIdleTimeout(ms) should support in-place idle
   timeout changes
 + 402185 updated javascript mime-type
 + 402277 spdy proxy: fix race condition in nested push streams initiated by
   upstream server. Fix several other small proxy issues
 + 402316 HttpReceiver and null pointer exception
 + 402341 Host with default port causes redirects loop
 + 402726 WebAppContext references old WebSocket packages in system and server
   classes
 + 402757 WebSocket client module can't be used with WebSocket server module in
   the same WAR

jetty-9.0.0.RC2 - 24 February 2013
 + Fix etc/jetty.xml TimerScheduler typo that is preventing normal startup
 + Fix etc/jetty-https.xml ExcludeCipherSuites typo that prevents SSL startup
 + Fix websocket memory use

jetty-9.0.0.RC1 - 22 February 2013
 + 227244 Remove import of backport-util-concurrent Arrays class
 + 362854 Continuation implementations may deadlock
 + 376273 Early EOF because of SSL Protocol Error on
   https://api-3t.paypal.com/nvp.
 + 381521 allow compress methods to be configured
 + 388103 Add API for tracking down upload progress
 + 394064 ensure that JarFile instances are closed on JarFileResource.release()
 + 398649 ServletContextListener.contextDestroyed() is not called on
   ContextHandler unregistration
 + 399463 add start.ini documentation for OPTIONS. Remove reference to
   start_config
 + 399520 Websocket Server Connection needs session idle timeouts
 + 399535 Websocket-client connect should have configurable connect timeout
 + 400014 Http async client DNS performance
 + 400040 NullPointerException in HttpGenerator.prepareBuffers
 + 400184 SslContextFactory change. Disable hostname verification if trustAll
   is set
 + 400255 Using WebSocket.maxMessageSize results in IllegalArgumentException
 + 400434 Add support for an OutputStream ContentProvider
 + 400457 Thread context classloader hierarchy not searched when finding
   webapp's java:comp/env
 + 400512 ClientUpgradeRequet.addExtension() should fail if extension is not
   installed
 + 400555 HttpProxyEngine: Add http version header in response
 + 400631 Calling flush() on HttpServletResponse.getOutputStream() after last
   byte of body causes EofException.
 + 400734 NPE for redirects with relative location
 + 400738 ResourceHandler doesn't support range requests
 + 400848 Redirect fails with non-encoded location URIs
 + 400849 Conversation hangs if non-first request fails when queued
 + 400859 limit max size of writes from cached content
 + 400864 Added LowResourcesMonitor
 + 401177 Make org.eclipse.jetty.websocket.api.WebSocketAdapter threadsafe
 + 401183 Handle push streams in new method StreamFrameListener.onPush()
   instead of SessionFrameListener.syn()
 + 401211 Remove requirement for jetty-websocket.jar in WEB-INF/lib
 + 401317 Make Safari 5.x websocket support minVersion level error more clear
 + 401382 Prevent parseAvailable from parsing next chunk when previous has not
   been consumed. Handle no content-type in chunked request.
 + 401414 Hostname verification fails
 + 401427 WebSocket messages sent from onConnect fail to be read by jetty
   websocket-client
 + 401474 Performance problem in org.eclipse.jetty.annotation.AnnotationParser
 + 401485 zip file closed exception

jetty-9.0.0.RC0 - 01 February 2013
 + 362226 HttpConnection "wait" call causes thread resource exhaustion
 + 370384 jetty-aggregate not used in jetty-distribution
 + 381351 defaults for keymanager and trustmanager come from their factories
   and not hardcoded
 + 381521 Only set Vary header when content could be compressed
 + 381689 Allow jetty-runner to specify listen host along with listen port
 + 382237 support non java JSON classes
 + 385306 added getURI method
 + 391248 fixing localhost checking in statistics servlet
 + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet
 + 391345 fix missing br tag in statistics servlet
 + 393933 remove deprecated classes/methods and consolidate some static methods
   to SslContextFactory
 + 393968 fix typo in javadoc
 + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp
 + 395232 UpgradeRequest object passed to createWebSocket() has null Session
 + 395444 Disabling Websocket Compress Extensions (not working with Chrome /
   deflate problem)
 + 396428 Test for WebSocket masking on client fragments per RFC 6455 Sec 5.1
 + 396574 add JETTY_HOME as a location for pid to be found
 + 396606 make spdy proxy capable of receiving SPDY and talk HTTP to the
   upstream server
 + 397168 backed of test timing
 + 397769 TimerScheduler does not relinquish cancelled tasks
 + 398872 SslConnection should not be notified of idle timeouts. First
   solution. Merge branch 'ssl_idle_timeout_ignored'.
 + 399132 check parent dir of session store against file to be removed
 + 399173 UpgradeRequest.getParameterMap() should never return null
 + 399242 Reduce/eliminate false sharing in BlockingArrayQueue
 + 399319 Request.getURI() may return negative ports
 + 399324 HttpClient does not handle correctly UnresolvedAddressException
 + 399343 OnWebSocketConnect should use api.Session parameter instead
 + 399344 Add missing @OnWebSocketError annotation
 + 399397 websocket-client needs better upgrade failure checks
 + 399421 Add websocket.api.Session.disconnect() for harsh low level connection
   disconnect
 + 399515 Websocket-client connect issues should report to websocket onError
   handlers
 + 399516 Websocket UpgradeException should contain HTTP Request/Response
   information
 + 399566 Running org.eclipse.jetty.server.session.MaxInactiveMigrationTest
   produces stack trace
 + 399568 OSGi tests can't find websocket classes
 + 399576 Server dumpStdErr throws exception if server is stopping
 + 399669 Remove WebSocketConnection in favor of websocket.api.Session
 + 399689 Websocket RFC6455 extension handshake fails if server doesn't have
   extension
 + 399703 made encoding error handling consistent
 + 399721 Change <Ref id= ...> to <Ref refid= ...>

jetty-8.1.9.v20130131 - 31 January 2013
 + 362226 HttpConnection "wait" call causes thread resource exhaustion
 + 367638 throw exception for excess form keys
 + 381521 Only set Vary header when content could be compressed
 + 382237 support non java JSON classes
 + 391248 fixing localhost checking in statistics servlet
 + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet
 + 391345 fix missing br tag in statistics servlet
 + 391623 Add option to --stop to wait for target jetty to stop
 + 392417 Prevent Cookie parsing interpreting unicode chars
 + 392492 expect headers only examined for requests>=HTTP/1.1
 + 393075 1xx 204 and 304 ignore all headers suggesting content
 + 393158 java.lang.IllegalStateException when sending an empty InputStream
 + 393220 remove dead code from ServletHandler and log ServletExceptions in
   warn instead of debug
 + 393947 additional tests
 + 393968 fix typo in javadoc
 + 394294 A web-bundle started before jetty-osgi should be deployed as a webapp
   when jetty-osgi starts
 + 394514 Preserve URI parameters in sendRedirect
 + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp
 + 394719 remove regex from classpath matching
 + 394811 Make JAASLoginService log login failures to DEBUG instead of WARN
   Same for some other exceptions.
 + 394829 Session can not be restored after SessionManager.setIdleSavePeriod
   has saved the session
 + 394839 Allow multipart mime with no boundary
 + 394870 Make enablement of remote access to test webapp configurable in
   override-web.xml
 + 395215 Multipart mime with just LF and no CRLF
 + 395380 add ValidUrlRule to jetty-rewrite
 + 395394 allow logging from boot classloader
 + 396253 FilterRegistration wrong order
 + 396459 Log specific message for empty request body for multipart mime
   requests
 + 396500 HttpClient Exchange takes forever to complete when less content sent
   than Content-Length
 + 396574 add JETTY_HOME as a location for pid to be found
 + 396886 MultiPartFilter strips bad escaping on filename="..."
 + 397110 Accept %uXXXX encodings in URIs
 + 397111 Tolerate empty or excessive whitespace preceeding MultiParts
 + 397112 Requests with byte-range throws NPE if requested file has no mimetype
   (eg no file extension)
 + 397130 maxFormContentSize set in jetty.xml is ignored
 + 397190 improve ValidUrlRule to iterate on codepoints
 + 397321 Wrong condition in default start.config for annotations
 + 397535 Support pluggable alias checking to support symbolic links
 + 398337 UTF-16 percent encoding in UTF-16 form content
 + 399132 check parent dir of session store against file to be removed
 + JETTY-1533 handle URL with no path

jetty-7.6.9.v20130131 - 31 January 2013
 + 362226 HttpConnection "wait" call causes thread resource exhaustion
 + 367638 throw exception for excess form keys
 + 381521 Only set Vary header when content could be compressed
 + 382237 support non java JSON classes
 + 391248 fixing localhost checking in statistics servlet
 + 391249 fix for invalid XML node dispatchedTimeMean in statistics servlet
 + 391345 fix missing br tag in statistics servlet
 + 391623 Add option to --stop to wait for target jetty to stop
 + 392417 Prevent Cookie parsing interpreting unicode chars
 + 392492 expect headers only examined for requests>=HTTP/1.1
 + 393075 1xx 204 and 304 ignore all headers suggesting content
 + 393220 remove dead code from ServletHandler and log ServletExceptions in
   warn instead of debug
 + 393947 additional tests
 + 393968 fix typo in javadoc
 + 394514 Preserve URI parameters in sendRedirect
 + 394541 remove continuation jar from distro, add as dep to test-jetty-webapp
 + 394719 remove regex from classpath matching
 + 394811 Make JAASLoginService log login failures to DEBUG instead of WARN
   Same for some other exceptions.
 + 394829 Session can not be restored after SessionManager.setIdleSavePeriod
   has saved the session
 + 394839 Allow multipart mime with no boundary
 + 395215 Multipart mime with just LF and no CRLF
 + 395380 add ValidUrlRule to jetty-rewrite
 + 395394 allow logging from boot classloader
 + 396459 Log specific message for empty request body for multipart mime
   requests
 + 396500 HttpClient Exchange takes forever to complete when less content sent
   than Content-Length
 + 396574 add JETTY_HOME as a location for pid to be found
 + 396886 MultiPartFilter strips bad escaping on filename="..."
 + 397110 Accept %uXXXX encodings in URIs
 + 397111 Tolerate empty or excessive whitespace preceeding MultiParts
 + 397112 Requests with byte-range throws NPE if requested file has no mimetype
   (eg no file extension)
 + 397130 maxFormContentSize set in jetty.xml is ignored
 + 397190 improve ValidUrlRule to iterate on codepoints
 + 397321 Wrong condition in default start.config for annotations
 + 397535 Support pluggable alias checking to support symbolic links
 + 398337 UTF-16 percent encoding in UTF-16 form content
 + 399132 check parent dir of session store against file to be removed
 + JETTY-1533 handle URL with no path
 + 394215 Scheduled tasks throwing exceptions kill java.util.Timer thread
 + 394232 add jetty-ant into jetty9
 + 394357 Make JarResource constructors protected
 + 394370 Add unit tests for HttpTransportOverSPDY.send()
 + 394383 add logging of the SSLEngine
 + 394545 Add jetty-jaas dependency to jetty-maven-plugin
 + 394671 Fix setting loglevel on commandline, organize import, fix javadoc
 + JETTY-846 Support maven-war-plugin configuration for jetty-maven-plugin; fix
   NPE

jetty-9.0.0.M5 - 19 January 2013
 + 367638 throw exception for excess form keys
 + 381521 Only set Vary header when content could be compressed
 + 391623 Making --stop with STOP.WAIT perform graceful shutdown
 + 393158 java.lang.IllegalStateException when sending an empty InputStream
 + 393220 remove dead code from ServletHandler and log ServletExceptions in
   warn instead of debug
 + 393733 WebSocketClient interface should support multiple connections
 + 395885 ResourceCache should honor useFileMappedBuffer if set
 + 396253 FilterRegistration wrong order
 + 396459 Log specific message for empty request body for multipart mime
   requests
 + 396500 HttpClient Exchange takes forever to complete when less content sent
   than Content-Length
 + 396886 MultiPartFilter strips bad escaping on filename="..."
 + 397110 Accept %uXXXX encodings in URIs
 + 397111 Tolerate empty or excessive whitespace preceeding MultiParts
 + 397112 Requests with byte-range throws NPE if requested file has no mimetype
   (eg no file extension)
 + 397114 run-forked with waitForChild=false can lock up
 + 397130 maxFormContentSize set in jetty.xml is ignored
 + 397190 improve ValidUrlRule to iterate on codepoints
 + 397321 Wrong condition in default start.config for annotations
 + 397535 Support pluggable alias checking to support symbolic links
 + 397769 TimerScheduler does not relinquish cancelled tasks
 + 398105 Clean up WebSocketPolicy
 + 398285 ProxyServlet mixes cookies from different clients
 + 398337 UTF-16 percent encoding in UTF-16 form content
 + 398582 Move lib/jta jar into lib/jndi
 + JETTY-1533 handle URL with no path

jetty-9.0.0.M4 - 21 December 2012
 + 392417 Prevent Cookie parsing interpreting unicode chars
 + 393220 remove dead code from ServletHandler and log ServletExceptions in
   warn instead of debug
 + 393770 Error in ContextHandler.setEventListeners(EventListener[])
 + 394210 spdy api rename stream.syn() to stream.push()
 + 394211 spdy: Expose RemoteServerAddress and LocalServerAddress in
   StandardSession
 + 394294 Start web-bundles started before jetty
 + 394370 Add integration test for client resetting SPDY push SYN's
 + 394514 Preserve URI parameters in sendRedirect
 + 394552 HEAD requests don't work for jetty-client
 + 394719 remove regex from classpath matching
 + 394829 Session can not be restored after SessionManager.setIdleSavePeriod
   has saved the session
 + 394839 Allow multipart mime with no boundary
 + 394854 optimised promise implementation
 + 394870 Make enablement of remote access to test webapp configurable in
   override-web.xml
 + 395168 fix unavailable attributes when return type has annotation on super
   class
 + 395215 Multipart mime with just LF and no CRLF: add test for legacy filter
 + 395220 New InputStream extension to allow a mix of EOL styles between
   headers and content
 + 395312 log.warn if a SPDY stream gets committed twice
 + 395313 HttpTransportOverSPDY.send() does not rethrow exceptions, but call
   Callback.failed() only
 + 395314 Add missing flush() call after StandardSession.complete() has been
   called. Some test cleanup.
 + 395344 Move JSR-356 (Java WebSocket API) work off to Jetty 9.1.x
 + 395380 add ValidUrlRule to jetty-rewrite
 + 395394 allow logging from boot classloader
 + 395574 port jetty-runner and StatisticsServlet to jetty-9
 + 395605 class cast exception in XMLConfiguration fixed
 + 395649 add jetty-setuid back into jetty 9 and distribution
 + 395794 slightly modified fix for empty file extenstion to mime type mapping
   Added a default, so it will also work with unknown file extensions
 + 396036 SPDY send controlFrames even if Stream is reset to avoid breaking the
   compression context
 + 396193 spdy remove timeout parameters from api and move them to the Info*
   classes
 + 396459 Log specific message for empty request body for multipart mime
   requests
 + 396460 Make ServerConnector configurable with jetty-maven-plugin
 + 396472 org.eclipse.jetty.websocket needs to be removed from serverclasses as
   it should only be a systemclass
 + 396473 JettyWebXMlConfiguration does not reset serverclasses
 + 396474 add websocket server classes to jetty-maven-plugin classpath
 + 396475 Remove unneeded websocket-server dependency from test-jetty-webapp
 + 396518 Websocket AB Tests should test for which side disconnected and
   closed.wasClean
 + 396687 missing jetty-io dependency in jetty-servlets
 + JETTY-796 jetty ant plugin improvements

jetty-9.0.0.M3 - 20 November 2012
 + 391623 Add option to --stop to wait for target jetty to stop
 + 392237 Port test-integration to jetty-9
 + 392492 expect headers only examined for requests>=HTTP/1.1
 + 392850 ContextLoaderListener not called in 9.0.0.M1 and M2
 + 393075 1xx, 204, 304 responses ignore headers that suggest content
 + 393832 start connectors last
 + 393947 additional tests
 + 394143 add jetty-all aggregate via release profile
 + 394144 add jetty-jaspi

jetty-9.0.0.M2 - 06 November 2012
 + 371170 MongoSessionManager LastAccessTimeTest fails
 + 391877 org.eclipse.jetty.webapp.FragmentDescriptor incorrectly reporting
   duplicate others for after ordering
 + 392237 Split jaas from jetty-plus into jetty-jaas and port the
   test-jaas-webapp from codehaus
 + 392239 Allow no error-code or exception for error-pages
 + 392304 fixed intermittent client SSL failure. Correctly compact in flip2fill
 + 392525 Add option to --stop-wait to specify timeout
 + 392641 JDBC Sessions not scavenged if expired during downtime
 + 392812 MongoSessionIDManager never purges old sessions
 + 392959 Review HttpClient.getConversation(long)
 + 393014 Mongodb purgevalid using query for purgeinvalid
 + 393015 Mongodb purge not rescheduled
 + 393075 Jetty WebSocket client cannot connect to Tomcat WebSocket Server
 + 393218 add xsd=application/xml mime mapping to defaults
 + 393291 Confusing log entry about (non) existing webAppSourceDirectory
 + 393303 use jetty-web.xml to explicitly add the jetty packages that need
   visability.   This commit also sucked in some changes made to help with the
   documentation process (improving deployer configuration management
 + 393363 Use Locale.ENGLISH for all toUpperCase and toLowerCase calls
 + 393368 min websocket version
 + 393383 delay onClose call until closeOut is done
 + 393494 HashSessionManager can't delete unrestorable sessions on Windows
 + JETTY-1547 Jetty does not honor web.xml
   web-app/jsp-config/jsp-property-group/default-content-type
 + JETTY-1549 jetty-maven-plugin fails to reload the LoginService properly
 + JETTY-1550 virtual WEB-INF not created if project has overlays

jetty-8.1.8.v20121106 - 06 November 2012
 + 371170 MongoSessionManager LastAccessTimeTest fails
 + 388675 Non utf8 encoded query strings not decoded to parameter map using
   queryEncoding
 + 388706 Avoid unnecessary indirection through Charset.name
 + 389390 AnnotationConfiguration is ignored if the metadata-complete attribute
   is present in an override descriptor regardless of the value
 + 389452 if web-fragment metadata-complete==true still scan its related jar if
   there there is a ServletContainerInitializer, ensure webapp restarts work
 + 389686 Fix reference to org.eclipse.jetty.util.log.stderr.LONG system
   property in javadoc for StdErrLog
 + 389956 Bad __context set in WebAppContext.start sequence with respect to ENC
   setup
 + 389965 OPTIONS should allow spaces in comma separated list
 + 390108 Servlet 3.0 API for programmatic login doesn't appear to work
 + 390161 Apply DeferredAuthentication fix to jaspi
 + 390163 Implement ServletRegistration.Dynamic.setServletSecurity
 + 390503 http-method-omission element not being processed
 + 390560 The method AnnotationParser.getAnnotationHandlers(String) always
   returns a empty collection.
 + 391080 Multipart temp files can be left on disk from Request.getPart and
   getParts
 + 391082 No exception if multipart input stream incomplete
 + 391188 Files written with Request.getPart().write(filename) should not be
   auto-deleted
 + 391483 fix bad javadoc example in shutdown handler
 + 391622 Be lenient on RFC6265 restriction on duplicate cookie names in same
   response
 + 391623 Add option to --stop to wait for target jetty to stop
 + 391877 org.eclipse.jetty.webapp.FragmentDescriptor incorrectly reporting
   duplicate others for after ordering
 + 392239 Allow no error-code or exception for error-pages
 + 392525 Add option to --stop-wait to specify timeout
 + 392641 JDBC Sessions not scavenged if expired during downtime
 + 392812 MongoSessionIDManager never purges old sessions
 + 393014 Mongodb purgevalid using query for purgeinvalid
 + 393015 Mongodb purge not rescheduled
 + 393075 Jetty WebSocket client cannot connect to Tomcat WebSocket Server
 + 393218 add xsd=application/xml mime mapping to defaults
 + 393363 Use Locale.ENGLISH for all toUpperCase and toLowerCase calls
 + 393368 min websocket version
 + 393383 delay onClose call until closeOut is done
 + 393494 HashSessionManager can't delete unrestorable sessions on Windows
 + JETTY-1547 Jetty does not honor web.xml
   web-app/jsp-config/jsp-property-group/default-content-type

jetty-7.6.8.v20121106 - 06 November 2012
 + 371170 MongoSessionManager LastAccessTimeTest fails
 + 388675 Non utf8 encoded query strings not decoded to parameter map using
   queryEncoding
 + 389686 Fix reference to org.eclipse.jetty.util.log.stderr.LONG system
   property in javadoc for StdErrLog
 + 389956 Bad __context set in WebAppContext.start sequence with respect to ENC
   setup
 + 389965 OPTIONS should allow spaces in comma separated list
 + 390161 Apply DeferredAuthentication fix to jaspi
 + 390560 The method AnnotationParser.getAnnotationHandlers(String) always
   returns a empty collection.
 + 391483 fix bad javadoc example in shutdown handler
 + 391622 Be lenient on RFC6265 restriction on duplicate cookie names in same
   response
 + 391623 Add option to --stop to wait for target jetty to stop
 + 392239 Allow no error-code or exception for error-pages
 + 392525 Add option to --stop-wait to specify timeout
 + 392641 JDBC Sessions not scavenged if expired during downtime
 + 392812 MongoSessionIDManager never purges old sessions
 + 393014 Mongodb purgevalid using query for purgeinvalid
 + 393015 Mongodb purge not rescheduled
 + 393075 Jetty WebSocket client cannot connect to Tomcat WebSocket Server
 + 393218 add xsd=application/xml mime mapping to defaults
 + 393363 Use Locale.ENGLISH for all toUpperCase and toLowerCase calls
 + 393368 min websocket version
 + 393383 delay onClose call until closeOut is done
 + 393494 HashSessionManager can't delete unrestorable sessions on Windows

jetty-9.0.0.M1 - 15 October 2012
 + 369349 directory with spaces --dry-run fix
 + 385049 fix issue with pipelined connections when switching protocols
 + 387896 populate session in SessionAuthentication as a valueBound in addition
   to activation so it is populate when needed
 + 387919 throw EOFException on early eof from client on http requests
 + 387943 Catch CNFE when no jstl jars are installed
 + 387953 jstl does not work with jetty-7 in osgi
 + 388072 GZipFilter incorrectly gzips when Accept-Encoding: gzip; q=0
 + 388073 null session id from cookie causes NPE fixed
 + 388079 AbstractHttpConnection. Flush the buffer before shutting output down
   on error condition
 + 388102 Jetty HttpClient memory leaks when sending larger files
 + 388393 WebAppProvider doesn't work alongside OSGi deployer
 + 388502 handle earlyEOF with 500
 + 388652 Do not flush on handle return if request is suspended
 + 388675 Non utf8 encoded query strings not decoded to parameter map using
   queryEncoding
 + 388706 Avoid unnecessary indirection through Charset.name
 + 388895 Update dependencies for jetty-jndi
 + 389390 AnnotationConfiguration is ignored if the metadata-complete attribute
   is present in an override descriptor regardless of the value
 + 389452 if web-fragment metadata-complete==true still scan its related jar if
   there there is a ServletContainerInitializer, ensure webapp restarts work
 + 389686 Fix reference to org.eclipse.jetty.util.log.stderr.LONG system
   property in javadoc for StdErrLog
 + 389956 Bad __context set in WebAppContext.start sequence with respect to ENC
   setup
 + 389965 OPTIONS should allow spaces in comma separated list
 + 390108 Servlet 3.0 API for programmatic login doesn't appear to work
 + 390161 Apply DeferredAuthentication fix to jaspi
 + 390163 Implement ServletRegistration.Dynamic.setServletSecurity
 + 390256 Remove Jetty6 Support
 + 390263 Sec-WebSocket-Extensions from Chrome and Safari badly handled
 + 390503 http-method-omission element not being processed
 + 390560 The method AnnotationParser.getAnnotationHandlers(String) always
   returns a empty collection.
 + 391080 Multipart temp files can be left on disk from Request.getPart and
   getParts
 + 391082 No exception if multipart input stream incomplete
 + 391140 Implement x-webkit-deflate-frame extension as-used by Chrome/Safari
 + 391188 Files written with Request.getPart().write(filename) should not be
   auto-deleted
 + 391483 fix bad javadoc example in shutdown handler
 + 391588 WebSocket Client does not set masking on close frames
 + 391590 WebSocket client needs ability to set requested extensions
 + 391591 WebSocket client should support x-webkit-deflate-frame
 + 391622 Be lenient on RFC6265 restriction on duplicate cookie names in same
   response
 + 391623 Add option to --stop to wait for target jetty to stop
 + JETTY-1515 Include cookies on 304 responses from DefaultServlet
 + JETTY-1532 HTTP headers decoded with platform's default encoding
 + JETTY-1541 fixed different behaviour for single byte writes
 + JETTY-1547 Jetty does not honor web.xml
   web-app/jsp-config/jsp-property-group/default-content-type

jetty-9.0.0.M0 - 21 September 2012
 + 380924 xmlconfiguration <Configure and <New supports named constructors
   including dynamic ordering of parameters
 + 380928 Implement new websocket close code
 + 385448 migrate jetty jmx usage to be annotation based
 + 387928 retire jetty-ajp
 + 389639 set plugin version for jetty-jspc-maven-plugin

jetty-8.1.7.v20120910 - 10 September 2012
 + 388895 Update dependencies for jetty-jndi
 + fix busy logging statement re: sessions

jetty-7.6.7.v20120910 - 10 September 2012
 + 388895 Update dependencies for jetty-jndi
 + fix busy logging statement re: sessions

jetty-8.1.6.v20120903 - 03 September 2012
 + 347130 Empty getResourcePaths due to ZipFileClosedException
 + 367591 Support Env variables in XmlConfiguration
 + 377055 Prevent webapp classloader leaks
 + 379207 backported fixes from jetty-9 to make hierarchy work
 + 379423 Jetty URL Decoding fails for certain international characters
 + 383304 Reset PrintWriter on response recycle
 + 384847 better name
 + 385049 fix issue with pipelined connections when switching protocols
 + 385651 Message 'Address already in use' not specific enough
 + 385925 make SslContextFactory.setProtocols and
   SslContextFactory.setCipherSuites preserve the order of the given parameters
 + 386010 JspRuntimeContext rewraps System.err
 + 386591 add UnixCrypt note to about.html
 + 386714 used deferred auth for form login and error pages
 + 387896 populate session in SessionAuthentication as a valueBound in addition
   to activation so it is populate when needed
 + 387943 Catch CNFE when no jstl jars are installed
 + 387953 jstl does not work with jetty-7 in osgi
 + 388072 GZipFilter incorrectly gzips when Accept-Encoding: gzip; q=0
 + 388073 null session id from cookie causes NPE fixed
 + 388102 Jetty HttpClient memory leaks when sending larger files
 + 388393 WebAppProvider doesn't work alongside OSGi deployer
 + 388502 handle earlyEOF with 500
 + 388652 Do not flush on handle return if request is suspended
 + JETTY-1501 Setting custom error response message changes page title
 + JETTY-1515 Include cookies on 304 responses from DefaultServlet
 + JETTY-1527 handle requests with URIs like http://host  (ie no / )
 + JETTY-1529 Ensure new session that has just been authenticated does not get
   renewed
 + JETTY-1532 HTTP headers decoded with platform's default encoding
 + JETTY-1541 fixed different behaviour for single byte writes

jetty-7.6.6.v20120903 - 03 September 2012
 + 347130 Empty getResourcePaths due to ZipFileClosedException
 + 367591 Support Env variables in XmlConfiguration
 + 377055 Prevent webapp classloader leaks
 + 379207 backported fixes from jetty-9 to make hierarchy work
 + 379423 Jetty URL Decoding fails for certain international characters
 + 383304 Reset PrintWriter on response recycle
 + 384847 better name
 + 385049 fix issue with pipelined connections when switching protocols
 + 385651 Message 'Address already in use' not specific enough
 + 386010 JspRuntimeContext rewraps System.err
 + 386591 add UnixCrypt note to about.html
 + 386714 used deferred auth for form login and error pages
 + 387896 populate session in SessionAuthentication as a valueBound in addition
   to activation so it is populate when needed
 + 387943 Catch CNFE when no jstl jars are installed
 + 387953 jstl does not work with jetty-7 in osgi
 + 388072 GZipFilter incorrectly gzips when Accept-Encoding: gzip; q=0
 + 388073 null session id from cookie causes NPE fixed
 + 388102 Jetty HttpClient memory leaks when sending larger files
 + 388393 WebAppProvider doesn't work alongside OSGi deployer
 + 388502 handle earlyEOF with 500
 + 388652 Do not flush on handle return if request is suspended
 + JETTY-1501 Setting custom error response message changes page title
 + JETTY-1515 Include cookies on 304 responses from DefaultServlet
 + JETTY-1527 handle requests with URIs like http://host  (ie no / )
 + JETTY-1529 Ensure new session that has just been authenticated does not get
   renewed
 + JETTY-1532 HTTP headers decoded with platform's default encoding
 + JETTY-1541 fixed different behaviour for single byte writes
 + 385925 make SslContextFactory.setProtocols and
   SslContextFactory.setCipherSuites preserve the order of the given parameters

jetty-7.6.5.v20120716 - 16 July 2012
 + 376717 Balancer Servlet with round robin support, contribution, added
   missing license
 + 379250 Server is added to shutdown hook twice
 + 380866 maxIdleTime set to 0 after session migration
 + 381399 Unable to stop a jetty instance that has not finished starting
 + 381401 Print log warning when stop attempt made with incorrect STOP.KEY
 + 381402 Make ContextHandler take set of protected directories
 + 381521 set Vary:Accept-Encoding header for content that might be compressed
 + 381639 CrossOriginFilter does not support Access-Control-Expose-Headers
 + 381712 Support all declared servlets that implement
   org.apache.jasper.servlet.JspServlet
 + 381825 leave URI params in forwarded requestURI
 + 381876 Monitor should wait for child to finish before exiting
 + 382343 Jetty XML support for Map is broken
 + 383251 500 for SocketExceptions
 + 383881 WebSocketHandler sets request as handled
 + 384254 revert change to writable when not dispatched
 + 384847 CrossOriginFilter is not working
 + 384896 JDBCSessionManager fails to load existing sessions on oracle when
   contextPath is /
 + 384980 Jetty client unable to recover from Time outs when connection count
   per address hits max.
 + JETTY-1525 Show handle status in response debug message
 + JETTY-1530 refine search control on ldap login module

jetty-8.1.5.v20120716 - 16 June 2012
 + 376717 Balancer Servlet with round robin support, contribution, added
   missing license
 + 379250 Server is added to shutdown hook twice
 + 380866 maxIdleTime set to 0 after session migration
 + 381399 Unable to stop a jetty instance that has not finished starting
 + 381401 Print log warning when stop attempt made with incorrect STOP.KEY
 + 381402 Make ContextHandler take set of protected directories
 + 381521 set Vary:Accept-Encoding header for content that might be compressed
 + 381639 CrossOriginFilter does not support Access-Control-Expose-Headers
 + 381712 Support all declared servlets that implement
   org.apache.jasper.servlet.JspServlet
 + 381825 leave URI params in forwarded requestURI
 + 381876 Monitor should wait for child to finish before exiting
 + 382343 Jetty XML support for Map is broken
 + 383251 500 for SocketExceptions
 + 383881 WebSocketHandler sets request as handled
 + 384254 revert change to writable when not dispatched
 + 384280 Implement preliminary ServletRegistrations
 + 384847 CrossOriginFilter is not working
 + 384896 JDBCSessionManager fails to load existing sessions on oracle when
   contextPath is /
 + 384980 Jetty client unable to recover from Time outs when connection count
   per address hits max.
 + 385138 add getter for session path and max cookie age that seemed to
   disappear in a merge long ago
 + JETTY-1523 It is imposible to map servlet to "/" using
   WebApplicationInitializer
 + JETTY-1525 Show handle status in response debug message
 + JETTY-1530 refine search control on ldap login module

jetty-8.1.4.v20120524 - 24 May 2012
 + 367608 ignore the aysncrequestreadtest as it is known to fail and is waiting
   for a fix
 + 371853 Support bundleentry: protocol for webapp embedded as directory in
   osgi bundle
 + 373620 Add ch.qos.logback.access.jetty to the Import-Package for
   jetty-osgi-boot-logback bundle
 + 376152 apply context resources recursively
 + 376801 Make JAAS login modules useable without jetty infrastructure
 + 377323 Request#getParts() throws ServletException when it should be throwing
   IllegalStateException
 + 377391 Manifest updates to jetty-osgi-boot-logback
 + 377492 NPE if jsp taglibs bundle not deployed
 + 377550 set charset when content type is set
 + 377587 ConnectHandler write will block on partial write
 + 377610 New session not timed out if an old session is invalidated in scope
   of same request
 + 377709 Support for RequestParameterCallback missing
 + 378242 Re-extract war on restart if incomplete extraction
 + 378273 Remove default Bundle-Localization header
 + 378487 Null out contextPath on Request.recycle
 + 379015 Use factored jetty xml config files for defaults
 + 379046 avoid closing idle connections from selector thread
 + 379089 DefaultServlet ignores its resourceBase and uses context's
   ResourceCollection when listing diretories
 + 379194 ProxyServlet enhancement to enable easy creation of alternative
   HttpClient implementations
 + 379909 FormAuthenticator Rembers only the URL of first Request before
   authentication
 + 380034 last modified times taken from JarEntry for JarFile resources
 + 380212 Clear buffer if parsing fails due to full buffer
 + 380222 JettyPolicyRuntimeTest failure

jetty-7.6.4.v20120524 - 24 May 2012
 + 367608 ignore the aysncrequestreadtest as it is known to fail and is waiting
   for a fix
 + 371853 Support bundleentry: protocol for webapp embedded as directory in
   osgi bundle
 + 373620 Add ch.qos.logback.access.jetty to the Import-Package for
   jetty-osgi-boot-logback bundle
 + 376152 apply context resources recursively
 + 376801 Make JAAS login modules useable without jetty infrastructure
 + 377391 Manifest updates to jetty-osgi-boot-logback
 + 377492 NPE when deploying a Web Application Bundle with unresolved
   Require-TldBundle
 + 377550 set charset when content type is set
 + 377587 ConnectHandler write will block on partial write
 + 377610 New session not timed out if an old session is invalidated in scope
   of same request
 + 377709 Support for RequestParameterCallback missing
 + 378242 Re-extract war on restart if incomplete extraction
 + 378273 Remove default Bundle-Localization header
 + 378487 Null out contextPath on Request.recycle
 + 379015 Use factored jetty xml config files for defaults
 + 379046 avoid closing idle connections from selector thread
 + 379089 DefaultServlet ignores its resourceBase and uses context's
   ResourceCollection when listing diretories
 + 379194 ProxyServlet enhancement to enable easy creation of alternative
   HttpClient implementations
 + 379909 FormAuthenticator Rembers only the URL of first Request before
   authentication
 + 380034 last modified times taken from JarEntry for JarFile resources
 + 380212 Clear buffer if parsing fails due to full buffer
 + 380222 JettyPolicyRuntimeTest failure

jetty-8.1.3.v20120416 - 16 April 2012
 + 349110 MultiPartFilter records the content-type in request params
 + 367172 Remove detection for slf4j NOPLogger
 + 372678 Embedded Examples need updates for new LoginService requirement
 + 373269 Make ServletHandler.notFound() method impl do nothing - override to
   send back 404.
 + 373421 address potential race condition related to the nonce queue removing
   the same nonce twice
 + 373952 bind called too frequently on refresh
 + 374018 correctly handle requestperminuted underflow
 + 374152 jetty-all-server MANIFEST contains wrong import:
   javax.servlet.annotation;version="[2.6,3)"
 + 374252 SslConnection.onClose() does not forward to nested connection
 + 374258 SPDY leaks SSLEngines. Made the test more reliable
 + 374367 NPE in QueuedThreadPool.dump() with early java6 jvms
 + 374475 Response.sendRedirect does not encode UTF-8 characters properly
 + 374881 Set copyWebInf to false by default
 + 374891 enhancement to how ProxyServlet determines the proxy target
 + 375009 Filter initialization error will throw MultiException
 + 375083 Flow control should take in account window size changes from
   concurrent SETTINGS
 + 375096 If starting a server instance fails in osgi it is cleaned up
 + 375490 NPE with --help on command line
 + 375509 Stalled stream stalls other streams or session control frames. Now
   using a "death pill" instead of a boolean in order to avoid race conditions
   where DataInfos were read from the queue (but the boolean not updated yet),
   and viceversa.
 + 375594 fixed SSL tests so they are not order dependent
 + 375709 Ensure resolveTempDirectory failure does not deadlock; improve error
   message
 + 375906 Part.getHeader method not case insensitive
 + 375970 HttpServletRequest.getRemoteAddr() returns null when HTTP is over
   SPDY.
 + 376201 HalfClosed state not handled properly. Addendum to restore previous
   behavior, where a closed stream was also half closed.
 + 376324 <max-file-size> is not respected in <multipart-config>
 + JETTY-1495 Ensure dynamic servlet addition does not cause servlets to be
   inited.
 + JETTY-1500 form parameters from multipart request not available via
   request.getParameter
 + JETTY-1504 HttpServletResponseWrapper ignored when using asyncContext?

jetty-7.6.3.v20120416 - 16 April 2012
 + 367172 Remove detection for slf4j NOPLogger
 + 373269 Make ServletHandler.notFound() method impl do nothing - override to
   send back 404.
 + 373421 address potential race condition related to the nonce queue removing
   the same nonce twice
 + 373952 bind called too frequently on refresh
 + 374018 correctly handle requestperminuted underflow
 + 374252 SslConnection.onClose() does not forward to nested connection
 + 374258 SPDY leaks SSLEngines. Made the test more reliable
 + 374367 NPE in QueuedThreadPool.dump() with early java6 jvms
 + 374475 Response.sendRedirect does not encode UTF-8 characters properly
 + 374881 Set copyWebInf to false by default
 + 374891 enhancement to how ProxyServlet determines the proxy target
 + 375009 Filter initialization error will throw MultiException
 + 375083 Flow control should take in account window size changes from
   concurrent SETTINGS
 + 375096 If starting a server instance fails in osgi it is cleaned up
 + 375490 NPE with --help on command line
 + 375509 Stalled stream stalls other streams or session control frames. Now
   using a "death pill" instead of a boolean in order to avoid race conditions
   where DataInfos were read from the queue (but the boolean not updated yet),
   and viceversa.
 + 375594 fixed SSL tests so they are not order dependent
 + 375709 Ensure resolveTempDirectory failure does not deadlock; improve error
   message
 + 375970 HttpServletRequest.getRemoteAddr() returns null when HTTP is over
   SPDY.
 + 376201 HalfClosed state not handled properly. Addendum to restore previous
   behavior, where a closed stream was also half closed.
 + JETTY-1504 HttpServletResponseWrapper ignored when using asyncContext?

jetty-8.1.2.v20120308 - 08 March 2012
 + 370387 SafariWebsocketDraft0Test failure during build
 + 371168 Update ClientCrossContextSessionTest
 + 372093 handle quotes in Require-Bundle manifest string
 + 372457 Big response + slow clients + pipelined requests cause Jetty spinning
   and eventually closing connections. Added a TODO for a method renaming that
   will happen in the next major release (to avoid break implementers).
 + 372487 JDBCSessionManager does not work with Oracle
 + 372806 Command line should accept relative paths for xml config files
 + 373037 jetty.server.Response.setContentLength(int) should not close a Writer
   when length=0
 + 373162 add improved implementation for getParameterMap(), needs a test
   though and the existing setup doesn't seem like it would easily support the
   needed test so need to do that still
 + 373306 Set default user agent extraction pattern for UserAgentFilter
 + 373567 cert validation issue with ocsp and crldp always being enabled when
   validating turned on fixed
 + 373603 NullPointer in WebServletAnnotation
 + JETTY-1409 GzipFilter will double-compress application/x-gzip content
 + JETTY-1489 WebAppProvider attempts to deploy .svn folder
 + JETTY-1494

jetty-7.6.2.v20120308 - 08 March 2012
 + 370387 SafariWebsocketDraft0Test failure during build
 + 371168 Update ClientCrossContextSessionTest
 + 372093 handle quotes in Require-Bundle manifest string
 + 372457 Big response + slow clients + pipelined requests cause Jetty spinning
   and eventually closing connections. Added a TODO for a method renaming that
   will happen in the next major release (to avoid break implementers).
 + 372487 JDBCSessionManager does not work with Oracle
 + 372806 Command line should accept relative paths for xml config files
 + 373037 jetty.server.Response.setContentLength(int) should not close a Writer
   when length=0
 + 373162 add improved implementation for getParameterMap(), needs a test
   though and the existing setup doesn't seem like it would easily support the
   needed test so need to do that still
 + 373306 Set default user agent extraction pattern for UserAgentFilter
 + 373567 cert validation issue with ocsp and crldp always being enabled when
   validating turned on fixed
 + JETTY-1409 GzipFilter will double-compress application/x-gzip content
 + JETTY-1489 WebAppProvider attempts to deploy .svn folder
 + JETTY-1494

jetty-8.1.1.v20120215 - 15 February 2012
 + 369121 simplified test
 + 370120 jvm arguments added via start.ini and --exec are missing spaces
 + 370137 SslContextFactory does not respect order for
   [included|excluded]Protocols() and [included|excluded]CipherSuites().
 + 370368 resolve stack overflow in mongo db session manager
 + 370386 Remove META-INF from jetty distro
 + 371040 nosqlsession needs to call correct super contructor for new sessions
 + 371041 valid was not being set to new mongo db sessions, and the call to
   mongodb api was wrong in isIdInUse
 + 371162 NPE protection for nested security handlers
 + JETTY-1484 Add option for HashSessionManager to delete session files if it
   can't restore them

jetty-7.6.1.v20120215 - 15 February 2012
 + 369121 simplified test
 + 370120 jvm arguments added via start.ini and --exec are missing spaces
 + 370137 SslContextFactory does not respect order for
   [included|excluded]Protocols() and [included|excluded]CipherSuites().
 + 370368 resolve stack overflow in mongo db session manager
 + 370386 Remove META-INF from jetty distro
 + 371040 nosqlsession needs to call correct super contructor for new sessions
 + 371041 valid was not being set to new mongo db sessions, and the call to
   mongodb api was wrong in isIdInUse
 + 371162 NPE protection for nested security handlers
 + JETTY-1484 Add option for HashSessionManager to delete session files if it
   can't restore them

jetty-8.1.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-7.6.0.v20120127 - 27 January 2012
 + 368773 allow authentication to be set by non securityHandler handlers
 + 368992 avoid update key while flushing during a write
 + 369216 turned off the shared resource cache
 + 369349 replace quotes with a space escape method

jetty-8.1.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments
 + 368948 POM for jetty-jndi references unknown version for javax.activation
 + 368992 NPE in HttpGenerator.prepareBuffers() test case
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-7.6.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments
 + 368948 POM for jetty-jndi references unknown version for javax.activation
 + 368992 avoid non-blocking flush when writing to avoid setting !_writable
   without _writeblocked
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-7.6.0.RC5 - 20 January 2012
 + 359329 Prevent reinvocation of LoginModule.login with jaspi for already
   authed user
 + 368632 Remove superfluous removal of org.apache.catalina.jsp_file
 + 368633 fixed configure.dtd resource mappings
 + 368635 moved lifecycle state reporting from toString to dump
 + 368773 process data constraints without realm
 + 368787 always set token view to new header buffers in httpparser
 + 368821 improved test harness
 + 368920 JettyAwareLogger always formats the arguments
 + 368948 POM for jetty-jndi references unknown version for javax.activation
 + 368992 avoid non-blocking flush when writing to avoid setting !_writable
   without _writeblocked
 + JETTY-1475 made output state fields volatile to provide memory barrier for
   non dispatched thread IO

jetty-8.1.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367548 jetty-osgi-boot must not import the nested package twice
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + 367716 simplified idleTimeout logic
 + 368035 WebSocketClientFactory does not invoke super.doStop()
 + 368060 do not encode sendRedirect URLs
 + 368112 NPE on <jsp-config><taglib> element parsing web.xml
 + 368113 Support servlet mapping to ""
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool. 368240
   - Improve AggregateLifeCycle handling of shared lifecycles
 + 368215 Remove debug from jaspi
 + 368240 Better handling of locally created ThreadPool. Forgot to null out
   field.
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties
 + JETTY-1467 close half closed when idle

jetty-7.6.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum
 + 367716 simplified maxIdleTime logic
 + 368035 WebSocketClientFactory does not invoke super.doStop()
 + 368060 do not encode sendRedirect URLs
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool
 + 368215 Remove debug from jaspi
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties

jetty-7.6.0.RC4 - 13 January 2012
 + 365048 jetty Http client does not send proxy authentication when requesting
   a Https-resource through a web-proxy.
 + 366774 removed XSS vulnerbility
 + 367099 Upgrade jetty-websocket for RFC 6455 - Addendum
 + 367716 simplified idleTimeout logic
 + 368035 WebSocketClientFactory does not invoke super.doStop()
 + 368060 do not encode sendRedirect URLs
 + 368114 Protect against non-Strings in System properties for Log
 + 368189 WebSocketClientFactory should not manage external thread pool
 + 368215 Remove debug from jaspi
 + 368240 Improve AggregateLifeCycle handling of shared lifecycles
 + 368291 Change warning to info for NoSuchFieldException on
   BeanELResolver.properties

jetty-7.6.0.RC3 - 05 January 2012
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-7.6.0.RC3 - 05 January 2012
 + 367433 added tests to investigate
 + 367435 improved D00 test harness
 + 367485 HttpExchange canceled before response do not release connection
 + 367502 WebSocket connections should be closed when application context is
   stopped.
 + 367591 corrected configuration.xml version to 7.6
 + 367635 Added support for start.d directory
 + 367638 limit number of form parameters to avoid DOS
 + JETTY-1467 close half closed when idle

jetty-8.1.0.RC2 - 22 December 2011
 + 359329 jetty-jaspi must exports its packages. jetty-plus must import
   javax.security
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST
 + 367219 WebSocketClient.open() fails when URI uses default ports
 + 367383 jsp-config element must be returned for
   ServletContext.getJspConfigDescriptor
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-7.6.0.RC2 - 22 December 2011
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive for ssl
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST
 + 367219 WebSocketClient.open() fails when URI uses default ports
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-7.6.0.RC2 - 22 December 2011
 + 364638 HttpParser closes if data received while seeking EOF. Tests fixed to
   cope
 + 364921 Made test less time sensitive for ssl
 + 364936 use Resource for opening URL streams
 + 365267 NullPointerException in bad Address
 + 365375 ResourceHandler should be a HandlerWrapper
 + 365750 Support WebSocket over SSL, aka wss://
 + 365932 Produce jetty-websocket aggregate jar for android use
 + 365947 Set headers for Auth failure and retry in http-spi
 + 366316 Superfluous printStackTrace on 404
 + 366342 Dont persist DosFilter trackers in http session
 + 366730 pass the time idle to onIdleExpire
 + 367048 test harness for guard on suspended requests
 + 367175 SSL 100% CPU spin in case of blocked write and RST
 + 367219 WebSocketClient.open() fails when URI uses default ports
 + JETTY-1460 suppress PrintWriter exceptions
 + JETTY-1463 websocket D0 parser should return progress even if no fill done
 + JETTY-1465 NPE in ContextHandler.toString

jetty-8.1.0.RC1 - 06 December 2011
 + 360245 The version of the javax.servlet packages to import is 2.6 instead of
   3.0
 + 365370 ServletHandler can fall through to nested handler

jetty-7.6.0.RC1 - 04 December 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets
 + 365370 ServletHandler can fall through to nested handler

jetty-8.1.0.RC0 - 30 November 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357209 JSP tag listeners not called
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded
 + 361135 Allow session cookies to NEVER be marked as secure, even on HTTPS
   requests.
 + 362249 update shell scripts to jetty8
 + 363878 Add ecj compiler to jetty-8 for jsp
 + 364283 can't parse the servlet multipart-config for the web.xml
 + 364430 Support web.xml enabled state for servlets

jetty-7.6.0.RC0 - 29 November 2011
 + 349110 fixed bypass chunk handling
 + 360546 handle set count exceeding max integer
 + 362111 StdErrLog.isDebugEnabled() returns true too often
 + 362113 Improve Test Coverage of org.eclipse.jetty.util.log classes
 + 362407 setTrustStore(Resource) -> setTrustStoreResource(R)
 + 362447 add setMaxNonceAge() to DigestAuthenticator
 + 362468 NPE at line org.eclipse.jetty.io.BufferUtil.putHexInt
 + 362614 NPE in accepting connection
 + 362626 IllegalStateException thrown when SslContextFactory preconfigured
   with SSLContext
 + 362696 expand virtual host configuration options to ContextHandler and add
   associated test case for new behavior
 + 362742 improved UTF8 exception reason
 + 363124 improved websocket close handling
 + 363381 Throw IllegalStateException if Request uri is null on getServerName
 + 363408 GzipFilter should not attempt to compress HTTP status 204
 + 363488 ShutdownHandler use stopper thread
 + 363718 Setting java.rmi.server.hostname in jetty-jmx.xml
 + 363757 partial fix
 + 363785 StdErrLog must use system-dependent EOL
 + 363943 ignore null attribute values
 + 363993 EOFException parsing HEAD response in HttpTester
 + 364638 SCEP does idle timestamp checking. New setCheckForIdle method
   controls onIdleExpired callback. 364921 a second onIdleExpired callback will
   result in close rather than a shutdown output.
 + 364657 Support HTTP only cookies from standard API
 + JETTY-1442 add _hostHeader setter for ProxyRule
 + Refactored NIO layer for better half close handling

jetty-8.0.4.v20111024 - 24 October 2011
 + 358263 JDBCSessionIdManager add setDatasource(DataSource) method
 + 358649 Replace existing StdErrLog system properties for DEBUG/IGNORED with
   LEVEL instead.
 + 360836 Accept parameters with bad UTF-8. Use replacement character
 + 360912 CrossOriginFilter does not send Access-Control-Allow-Origin on
   responses. 355103 Make allowCredentials default to true in
   CrossOriginFilter.
 + 360938 Connections closed after a while
 + 361135 secure cookies for sessions
 + 361319 Log initialization does not catch correct exceptions on all jvms
 + 361325 359292 Allow KeyStore to be set
 + 361456 release timer task on connection failed
 + 361655 ExecutorThreadPool.isLowOnThreads() returns wrong value
 + JETTY-1444 start threadpool before selector manager

jetty-7.5.4.v20111024 - 24 October 2011
 + 358263 JDBCSessionIdManager add setDatasource(DataSource) method
 + 358649 Replace existing StdErrLog system properties for DEBUG/IGNORED with
   LEVEL instead.
 + 360836 Accept parameters with bad UTF-8. Use replacement character
 + 360912 CrossOriginFilter does not send Access-Control-Allow-Origin on
   responses. 355103 Make allowCredentials default to true in
   CrossOriginFilter.
 + 360938 Connections closed after a while
 + 361319 Log initialization does not catch correct exceptions on all jvms
 + 361325 359292 Allow KeyStore to be set
 + 361456 release timer task on connection failed
 + 361655 ExecutorThreadPool.isLowOnThreads() returns wrong value
 + JETTY-1444 start threadpool before selector manager

jetty-8.0.3.v20111011 - 11 October 2011
 + 348978 migrate jetty-http-spi
 + 358649 StdErrLog system properties for package/class logging LEVEL

jetty-7.5.3.v20111011 - 11 October 2011
 + 348978 migrate jetty-http-spi
 + 358649 StdErrLog system properties for package/class logging LEVEL

jetty-8.0.2.v20111006 - 06 October 2011
 + 336443 add missing comma in DigestAuthenticator string
 + 342161 ScannerTest fails intermittently on Mac OS X
 + 346419 testing HttpClient FDs
 + 353267 Request._parameters initialization bug
 + 353509 jetty-client unit tests are running too long
 + 353627 Basic Auth checks that Basic method has been send
 + 356144 Allow SelectorManager thread priority to be set
 + 356274 Start SSL socket factory in call to open()
 + 357163 jetty 8 ought to proxy jetty8 javadocs
 + 357178 websockets draft 14 support
 + 357188 Send content buffer directly
 + 357209 JSP tag listeners not called
 + 357216 Logging via Log4J does not expand braces in format strings
 + 357240 more half close refinements
 + 357338 remove debug
 + 357672 resolve issue with serializing pojos with mongodb session manager
   thanks to john simone for the discovery and fix
 + 357959 Include javadoc in distribution
 + 358027 NullPointerException in ResourceHandler with jetty-stylesheet.css
 + 358035 idle time only active if > 0
 + 358147 Add catch for UnknownHostException to fix leaky file descriptor in
   client
 + 358164 Dispatch from servlet to handler
 + 358263 add method for osgi users to register a driver as Class.forName does
   not work for them
 + 358649 StdErrLog system properties for package/class logging LEVEL
 + 358674 Still allows sslv3 for now
 + 358687 Updated jsp does not scan for system tlds Fixed pattern
 + 358784 JSP broken on Java 1.5
 + 358925 bit more javadoc on usage
 + 358959 File descriptor leak with UnresolvedAddressException
 + 359309 adjust previous test for servletPath to include pathInfo
 + 359673 updated websocket version handling
 + 359675 Principal != String, fix for issue in property file login manager
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded
 + 360066 jsps referenced in web.xml <jsp-file> elements do not compile
 + JETTY-1130 Access Sessions from HashSessionIdManager
 + JETTY-1277 Fixed sendRedirect encoding of relative locations
 + JETTY-1322 idle sweeper checks for closed endp
 + JETTY-1377 extra logging for busy selector
 + JETTY-1378 new sys property for the latest jsp-impl to force the use of the
   JDTCompiler when running in OSGi.
 + JETTY-1414 applied to PropertyUserStore
 + JETTY-1415 Start/Stop Server and Client only once in test, code format
 + JETTY-1420 Set Host header for new request in RedirectListener
 + JETTY-1421 Implement RedirectListener.onException,onConnectionFailed
 + JETTY-1423 force connection to be closed returned
 + JETTY-1430 local JNDI contexts don't carry environment
 + JETTY-1434 Add a jsp that exercises jstl
 + JETTY-1439 space in directory installation path causes classloader problem

jetty-7.5.2.v20111006 - 06 October 2011
 + 336443 check nonce count is increasing
 + 342161 ScannerTest fails intermittently on Mac OS X
 + 346419 testing HttpClient FDs
 + 353267 Request._parameters initialization bug
 + 353509 jetty-client unit tests are running too long
 + 353627 Basic Auth checks that Basic method has been send
 + 356144 Allow SelectorManager thread priority to be set
 + 356274 Start SSL socket factory in call to open()
 + 357178 websockets draft 14 support
 + 357188 Send content buffer directly
 + 357209 JSP tag listeners not called
 + 357216 Logging via Log4J does not expand braces in format strings
 + 357240 more half close refinements
 + 357338 remove debug
 + 357672 resolve issue with serializing pojos with mongodb session manager
   thanks to john simone for the discovery and fix
 + 357959 Include javadoc in distribution
 + 358027 NullPointerException in ResourceHandler with jetty-stylesheet.css
 + 358035 idle time only active if > 0
 + 358147 Add catch for UnknownHostException to fix leaky file descriptor in
   client
 + 358164 Dispatch from servlet to handler
 + 358263 add method for osgi users to register a driver as Class.forName does
   not work for them
 + 358649 StdErrLog system properties for package/class logging LEVEL
 + 358674 Still allows sslv3 for now
 + 358687 Updated jsp does not scan for system tlds Fixed pattern
 + 358784 JSP broken on Java 1.5
 + 358925 bit more javadoc on usage
 + 358959 File descriptor leak with UnresolvedAddressException
 + 359309 adjust previous test for servletPath to include pathInfo
 + 359673 updated websocket version handling
 + 359675 Principal != String, fix for issue in property file login manager
 + 360051 SocketConnectionTest.testServerClosedConnection is excluded
 + 360066 jsps referenced in web.xml <jsp-file> elements do not compile
 + JETTY-1130 Access Sessions from HashSessionIdManager
 + JETTY-1277 Fixed sendRedirect encoding of relative locations
 + JETTY-1322 idle sweeper checks for closed endp
 + JETTY-1377 extra logging for busy selector
 + JETTY-1378 new sys property for the latest jsp-impl to force the use of the
   JDTCompiler when running in OSGi.
 + JETTY-1414 applied to PropertyUserStore
 + JETTY-1415 Start/Stop Server and Client only once in test, code format
 + JETTY-1420 Set Host header for new request in RedirectListener
 + JETTY-1421 Implement RedirectListener.onException,onConnectionFailed
 + JETTY-1423 force connection to be closed returned
 + JETTY-1430 local JNDI contexts don't carry environment
 + JETTY-1434 Add a jsp that exercises jstl
 + JETTY-1439 space in directory installation path causes classloader problem

jetty-8.0.1.v20110908 - 08 September 2011
 + 350634 Added Resource.newResource(File)
 + 356190 fix monodb tests  for changed test api
 + 356428 removed timed waits from test
 + 356693 reduce visibility to webapp of websocket implementations
 + 356695 jetty server jars are provided for websockets
 + 356726 Instead of the sessionDestroyed called sessionCreated after
   invalidate session
 + 356751 Add null protection to ServletContextHandler.doStop
 + 356823 correctly decode close codes.  Send not utf-8 close code
 + 357058 Acceptor thread blocking

jetty-7.5.1.v20110908 - 08 September 2011
 + 350634 Added Resource.newResource(File)
 + 356190 fix monodb tests  for changed test api
 + 356428 removed timed waits from test
 + 356693 reduce visibility to webapp of websocket implementations
 + 356695 jetty server jars are provided for websockets
 + 356726 Instead of the sessionDestroyed called sessionCreated after
   invalidate session
 + 356751 Add null protection to ServletContextHandler.doStop
 + 356823 correctly decode close codes.  Send not utf-8 close code
 + 357058 Acceptor thread blocking

jetty-8.0.0.v20110901 - 01 September 2011
 + 352565 cookie httponly flag ignored
 + 353073 better warnings
 + 353285 ServletSecurity annotation ignored
 + 356421 Upgraded websocket to draft 13 support

jetty-7.5.0.v20110901 - 01 September 2011
 + 353073 better warnings
 + 356421 Upgraded websocket to draft 13 support

jetty-7.5.0.RC2 - 30 August 2011
 + 293739 Hide stacks in named log testing. Various other minor log cleanups in
   output.
 + 352188 TestClient correctly processes --host option in jetty-websocket
 + 352222 Moved JmxMonitor functionality from Codehaus
 + 353014 TimeoutExchangeTest run time reduced
 + 353073 deprecated non factory method for websocket clients
 + 353192 Better warning for classes of wrong type
 + 353623 Added new methods to HttpExchange
 + 353624 HttpURI accepts java.net.URI object in constructor
 + 354080 ServletContextHandler allows to replace any subordinate handler when
   restarted
 + 355478 set public to HashedSession, looks like honest mistake and not by
   design to be this way
 + 355854 remove automatic conversion in favor of issuing a warning for
   jetty-web.xml that can't be processed
 + 356128 Moved integration tests from jetty-monitor to test-integration module
 + 356137 Upgrade to jsp implementation version 2.1.3-b10
 + 356144 added SelectorManager.setSelectorPriorityDelta(int)
 + JETTY-1410 handle 1xx in similar fashion to 401s and 302s

jetty-7.5.0.RC1 - 19 August 2011
 + 276670 SLF4J loggers show correct location information
 + 335001 Eliminate expected exceptions from log when running in JBoss
 + 355103 Make allowCredentials default to true in CrossOriginFilter
 + 355162 Allow creating an empty resource collection
 + JETTY-1410 HTTP client handles CONTINUE 100 response correctly
 + JETTY-1414 HashLoginService doesn't refresh realm if specified config
   filename is not an absolute platform specific value

jetty-8.0.0.RC0 - 16 August 2011
 + 352565 cookie httponly flag ignored
 + 353285 ServletSecurity annotation ignored
 + Enable annotations by default
 + Merge from jetty-7.4.3

jetty-7.5.0.RC0 - 15 August 2011
 + 298502 Handle 200 Connect responses with no content-length
 + 347484 / - > ${/} in some paths in grant codebases
 + 349005 add javadoc detailing the convenience hack of removing leading /'s
 + 351516 Refactored sessions to better support nosql session managers
 + 351576 Do not use deprecated method File.toURL()
 + 352046 Need try/catch around features set in XmlParser
 + 352133 Generally resolve java 1.5isms
 + 352176 xml parsing on startElement should be more flexible on using qName or
   localName
 + 352421 HttpURI paths beginning with '.'
 + 352684 Implemented spinning thread analyzer
 + 352786 GzipFilter fails to pass parameters to GzipResponseWrapper
 + 352999 ExpireTest running too long
 + 353073 WebSocketClient
 + 353095 maven-jetty-plugin: PermGen leak due to javax.el.BeanELResolver
 + 353165 addJars can follow symbolic link jar files
 + 353210 Bundle-Version in o.e.j.o.boot.logback fix
 + 353465 JAASLoginService ignores callbackHandlerClass
 + 353563 HttpDestinationQueueTest too slow
 + 353862 Improve performance of QuotedStringTokenizer.quote()
 + 354014 Content-Length is passed to wrapped response in GZipFilter
 + 354204 Charset encodings property file not used
 + 354397 RewriteRegexRule handles special characters in regex group
 + 354466 Typo in example config of jetty-plus.xml

jetty-7.4.5.v20110725 - 25 July 2011
 + 347484 / - > ${/} in some paths in grant codebases
 + 352133 resolve some 1.5isms
 + 352421 HttpURI paths beginning with '.'
 + 352786 GzipFilter fails to pass parameters to GzipResponseWrapper

jetty-7.4.4.v20110707 - 07 July 2011
 + 308851 Converted all jetty-client module tests to JUnit 4
 + 345268 JDBCSessionManager does not work with maxInactiveInterval = -1
 + 350397 SelectChannelConnector does not shutdown gracefully
 + 350634 Reverted FileResource constructor changes
 + 351039 Forward dispatch should retain locale
 + 351199 HttpServletResponse.encodeURL() wrongly encodes an url without path
   when cookies are disabled
 + JETTY-1153 Default charset/encoding of HTTP POST requests
 + JETTY-1380 Jetty Rewrite example does not work in Hightide

jetty-7.4.3.v20110701 - 01 July 2011
 + 295832 ProxyServlet more extensible and configurable
 + 302566 GZIP handler for embedded Jetty servers
 + 308851 Converted HttpExchangeTest and related tests to JUnit 4
 + 324704 JDBC Session Manager reloading session
 + 332200 Eliminate expected exceptions from log while using
   org.eclipse.jetty.jmx bundle
 + 347468 o.e.j.deploy.binding.GlobalWebappConfigBindingTest fails on Windows
   platform
 + 347617 Dynamically install/update/remove OSGi bundles discovered in the
   contexts folder
 + 347717 start.jar destroys dependent child of --exec
 + 347889 OSGi should follow directive visibility:=reexport for
   META-INF/web-fragments and resources
 + 347898 Close channel on JVM exceptions
 + 348652 jetty.sh starts two unix processes
 + 348935 Close A tag in directory listing
 + 349344 Passing empty query string to UrlEncoded#decodeTo(String, MultiMap
   String) does not yield an empty map
 + 349738 set buffer sizes for http client in proxy servlet
 + 349870 proxy servlet protect continuation against fast failing exchanges
 + 349896 SCEP supports zero idleTimeout
 + 349897 draft -09 websockets
 + 349997 MBeanContainer uses weak references
 + 350533 Add "Origin" to the list of allowed headers in CrossOriginFilter
 + 350634 Cleanup FileResource construction
 + 350642 Don't close SCEP during NIOBuffer manipulation
 + JETTY-1342 Recreate selector in change task
 + JETTY-1385 NPE in jetty client's
   HTttpExchange.setRequestContentSource(InputStream)
 + JETTY-1390 RewriteHandler handles encoded URIs

jetty-8.0.0.M3 - 27 May 2011
 + 324505 Implement API login
 + 335500 request.getParts() throws a NullPointerException
 + 343472 isUserInRole does not prevent subsequent login call
 + 346180 jsp-2.2 support
 + Updated to jetty-7.4.2.v20110526

jetty-7.4.2.v20110526 - 26 May 2011
 + 334443 Improve the ability to specify extra class paths using the Jetty
   Maven Plugin
 + 336220 tmp directory is not set if you reload a webapp with
   jetty-maven-plugin
 + 338364 Fixed expires header for set cookies
 + 345615 Enable SSL Session caching
 + 345729 binding for managing server and system classes globally
 + 345763 Source file is updated during the build
 + 345873 Update jetty-ssl.xml to new style
 + 345900 Handle IPv6 with default port
 + 346014 Fixed full HttpGenerator
 + 346124 ServletContext resources paths not resolved correctly when using UNC
   shares
 + 346179 o.e.j.util.ScannerTest fails on MacOS X platform
 + 346181 o.e.j.server.StressTest stalls on MacOS X platform
 + 346614 HttpConnection.handle() spins in case of SSL truncation attacks
 + 346764 OrderedGroupBinding deployment binding
 + 346998 AbstractLifeCycle.isRunning() returns false if state changes from
   STARTING to STARTED during call
 + 347137 Allow SSL renegotiations by default in HttpClient
 + 374174 Consistent mbean names
 + JETTY-1146 Encode jsessionid in sendRedirect
 + JETTY-1342 Recreate selector if wakeup throws JVM bug

jetty-7.4.1.v20110513 - 13 May 2011
 + 288563 remove unsupported and deprecated --secure option
 + 332907 Add context property to ObjectName of JMX MBeans
 + 336056 Ability to override the computation of the ContextHandler to deploy
   the DefaultServlet on the HttpService
 + 340040 Support for a total timeout
 + 343083 Set nested dispatch type and connection
 + 343172 Check package implementor for version
 + 343277 add support for a context white list
 + 343352 make sure that jetty.osgi.boot is activated when a WAB is registered
 + 343482 refactored overlay deployer layout to use WAR layout
 + 343567 HttpClient does not limit the destination's exchange queue
 + 343680 Handle OSGi bundle jars not ending in ".war"
 + 343707 'REQUEST' is printed on console for each incoming HTTP request
 + 343923 flush timeouts applied to outer loop
 + 343936 Session idle calls unbind and remove listeners
 + 344059 Websockets draft-07
 + 344067 Add support for OSGi fragment bundles to add static resources to
   web-bundles
 + 344513 Attempting to set ConfigurationClasses in jetty-web.xml causes NPE
 + 344529 Ability to customize the error handling of the OSGi HttpService
 + 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir
 + 345290 Weak references from SessionIdManager. HashSessionManager cleanup
 + 345543 Always close endpoint on SSLException
 + 345656 Disambiguate SslContextFactory#validateCerts property
 + 345679 Allow setting an initialized KeyStore as keystore/truststore of
   SslContextFactory
 + 345704 jetty-nested works with forwarded SSL in cloudfoundry
 + JETTY-954 WebAppContext eats any start exceptions instead of stopping the
   server load
 + JETTY-1314 Handle bad URI encodings
 + JETTY-1324 Tested not using CESU-8 instead of UTF-8
 + JETTY-1326 Invoker names not hashCode based
 + JETTY-1343 IllegalArgumentException for bad % encodings
 + JETTY-1347 Updated ServletHander javadoc

jetty-7.4.0.v20110414 - 14 April 2011
 + 342504 Scanner Listener
 + 342700 refine websocket API for anticipated changes
 + JETTY-1362 Set root cause of UnavailableException
 + Various test harness cleanups to avoid random failures

jetty-7.4.0.RC0 - 07 April 2011
 + 324110 Added test harnesses for merging of QueryStrings
 + 337685 Update websocket API in preparation for draft -07
 + 338627 HashSessionManager.getIdleSavePeriod returns milliseconds instead of
   seconds
 + 338807 Ignore content length in 1xx, 204, 304 responses
 + 338819 Externally control Deployment Manager application lifecycle
 + 339084 Fixed NPE with servlet 3.0 async listener
 + 339150 Validate client certificate when it is used for authentication
 + 339187 In the OSGi manifest of the jetty-all-server aggregate, mark
   javax.annotation as optional
 + 339543 Add configuration options for Certificate Revocation checking
 + 340265 Improve handling of io shutdown in SSL
 + 340621 Added SizedThreadPool interface
 + 340636 HashSessionManager lazy loads all sessions
 + 340838 Update ConnectHandler to perform half closes properly
 + 340878 Integrations should be able to load their own keystores
 + 340920 Dynamically assign RMI registry port for integration testing
 + 340949 Scanner delays file notifications until files are stable
 + 341006 Move inner enums out into separate file
 + 341105 Stack trace is printed for an ignored exception
 + 341145 WebAppContext MBean attribute serverClasses returns empty value
 + 341171 Locking in HttpDestination blocks all requests to the same address
 + 341206 Stop order is wrong in HandlerWrapper
 + 341255 org.eclipse.http usage in AJP/SessionId linkage
 + 341386 Remote close not detected by HttpClient
 + 341394 Remove 'Unavailable' JMX attributes of WebAppContext MBean
 + 341439 Blocking HttpClient does not use soTimeout for timeouts
 + 341561 Exception when adding o.e.j.s.DoSFilter as managed attribute
 + 341692 Fixed deadlock if stopped while starting
 + 341694 Disable AJP buffer resizing
 + 341726 JSONPojoConverter handles characters
 + 341736 Split jetty-nested out of war module
 + 341850 Protect QTP dump from bad stacks
 + 341992 Overlayed context deployer
 + JETTY-1245 Pooled Buffers implementation
 + JETTY-1354 Added jetty-nested
 + Added extra session removal test
 + Ensure generated fragment names are unique

jetty-7.3.1.v20110307 - 07 March 2011
 + 316382 Support a more strict SSL option with certificates
 + 333481 Handle UCS-4 codepoints in decode and encode
 + 335329 Moved blocking timeout handling to outside try catch
 + 336668 policy supports cert validation
 + 336691 Possible wrong length returned by ChannelEndPoint.flush() in case of
   RandomAccessFileBuffer
 + 336781 If xml parser is not validating, turn off external dtd resolution
 + 336793 Tee data filled and flushed from endpoint
 + 337258 Scanner start and end cycle notification
 + 337268 Allow specifying alias of a certificate to be used by SSL connector
 + 337270 Shared Timer for session management
 + 337271 Flush SSL endpoint when dispatch thread held forever
 + 337678 Readded optional async connection mode for HttpClient
 + 337685 Work in progress on draft 6 websockets
 + 337746 Fixed Session deIdle recursion
 + 337784 Improve HashSessionManager for session migrations
 + 337878 Extra tests of security constraints
 + 337896 HttpExchange.timeout does not override HttpClient.timeout
 + 337898 set client HttpConnection max idle time from exchange timeout
 + 338035 Default acceptors 0.25*CPUs and improved selector/acceptor thread
   names.
 + 338068 Leaking ConstraintMappings on redeploy
 + 338092 ProxyServlet leaks memory
 + 338607 Removed managed attributes when context is stopped
 + 338819 Externally control Deployment Manager application lifecycle
 + JETTY-1304 Allow quoted boundaries in Multipart filter
 + JETTY-1317 More elegent handling of bad URIs in requests
 + JETTY-1331 Allow alternate XML configuration processors (eg spring)
 + JETTY-1333 HttpClient _timeout and _soTimeout is messed up
 + JETTY-1335 HttpClient's SelectConnector clean-up
 + JETTY-1337 Workname cannot contain '.'
 + JETTY-1338 Trust default SecureRandom seed

jetty-7.3.0.v20110203 - 03 February 2011
 + 296978 standardizing various Testing Util Classes to jetty-test-helper
 + 319178 test failure fix in jetty-util on windows
 + 320457 add SPNEGO support
 + 324505 Implement API login
 + 328872 Multi Jetty xml files not loading if directory is referenced in
   jetty.conf
 + 329746 client option to set just truststore and use strict ssl context
 + 331803 Update XML configuration files to use proper arguments for startup
   command in examples
 + 332179 Fixed formatting of negative dates
 + 332432 Scanner.java now always scanning the canonical form of File
 + 332517 Improved DefaultServlet debug
 + 332703 Cleanup context scope JNDI at stop
 + 332796 Annotations inheritance does not work with jetty7
 + 332799 100% CPU on redeploy session invalidation
 + 332937 Added Destroyable Dumpable interfaces and reworked dependent
   lifecycles, specially of JNDI
 + 333247 fix api compat issue in ConstraintSecurityHandler
 + 333415 wired up HttpInput.available and added test harnesses
 + 333481 Handle UTF-32 codepoints in decode and encode
 + 333608 tlds defined in web.xml are not picked up
 + 333679 Refactored jetty-jmx. Moved mbeans to modules
 + 333717 HttpExchange able to return local address used
 + 333771 System properties are not available inside XML configuration file by
   using the 'property' tag
 + 333875 Monitor public constructor
 + 333892 Improved JVM bug detection
 + 334062 It should be possible to embed in the jetty.home.bundle the ssl
   keystore files
 + 334229 javax-security needs to import the package javax.security.cert in its
   OSGi manifest
 + 334311 fix buffer reuse issue in CachedExchange
 + 335329 Stop SSL spin during handshake and renogotiate
 + 335361 Fixed 'jetty.sh check' to show current PID when JETTY_PID env
   variable is set
 + 335641 Cleaned up dispatch handling to avoid key.interestOps==0 when
   undispatched
 + 335681 Improve ChannelEndPoint.close() to avoid spinning
 + 335836 Race when updating SelectChannelEndPoint._dispatched
 + JETTY-1259 NullPointerException in JDBCSessionIdManager when invalidating
   session (further update)

jetty-7.2.2.v20101205 - 05 December 2010
 + 328789 Clean up tmp files from test harnesses
 + 330188 Reject web-fragment.xml with same <name> as another already loaded
   one
 + 330208 Support new wording on servlet-mapping and filter-mapping merging
   from servlet3.0a
 + 330210 Improve performance of writing large bytes arrays
 + 330229 Jetty tries to parse META-INF/*.tld when jsp-api is not on classpath
   causing DTD entity resoluton to fail
 + 330265 start.jar --stop kills --exec subprocess
 + 330417 Atomic PUT in PutFilter
 + 330419 Reloading webapp duplicates StandardDescriptorProcessor
 + 330686 OSGi: Make org.eclipse.jetty.jsp-2.1 a fragment of
   org.apache.jasper.glassfish
 + 330732 Removed System.err debugging
 + 330764 Command line properties passed to start.jar --exec
 + 331230 Fixed low thread warnings when acceptors>threadpool
 + 331461 Fixed idle timeout for unflushed HTTP/1.0
 + 331567 IPAccessHandlerTest failed on MacOS fix
 + 331703 Fixed failing OSGI test TestJettyOSGiBootWithJsp.java on MacOSX
 + JETTY-1297 Improved matching of vhosts so that a vhost match has priority
 + JETTY-1307 Check that JarFileResource directories end with /
 + JETTY-1308 327109 (re)fixed AJP handling of empty packets

jetty-8.0.0.M2 - 16 November 2010
 + 320073 Reconsile configuration mechanism
 + 321068 JSF2 fails to initialize
 + 324493 Registration init parameter handling null check, setInitParameters
   additive
 + 324505 Request.login method must throw ServletException if it cant login
 + 324872 allow disabling listener restriction from using *Registration
   interfaces
 + 327416 Change meaning of @HandlesTypes in line with latest interpretation by
   JSR315
 + 327489 Change meaning of @MultipartConfig to match servlet spec 3.0
   maintenance release 3.0a
 + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii
 + 330188 Reject web-fragment.xml with same <name> as another already loaded
   one
 + 330208 Support new wording on servlet-mapping and filter-mapping merging
   from servlet3.0a
 + 330292 request.getParts() returns only one part when the name is the same
 + Update to jetty-7.2.1.v20101111

jetty-7.2.1.v20101111 - 11 November 2010
 + 324679 Fixed dedection of write before static content
 + 328008 Handle update to Servlet Spec 3 Section 8.2.3.h.ii
 + 328199 Ensure blocking connectors always close socket
 + 328205 Improved SelectManager stopping
 + 328306 Serialization of FormAuthentication
 + 328332 Response.getContentType works with setHeader
 + 328523 Fixed overloaded setters in AppProvider
 + 328778 Improved javadoc for secure session cookies
 + 328782 allow per connection max idle time to be set
 + 328885 web overrides do not override
 + 328988 Idle saving of session values
 + 329180 Spin check for Selector to stop
 + 329410 Enforce XmlConfiguration properties as Map<String,String>
 + 329602 only clear ServletContext attributes on doStop
 + 329642 Concurrent modification exception in Deployment Manager
 + 329643 Improved deployment of resource collections
 + JETTY-748 Prevent race close of socket by old acceptor threads
 + JETTY-1291 Extract query parameters even if POST content consumed
 + JETTY-1295 Contexts mixed up when hot-deploying on virtual hosts
 + JETTY-1297 Make ServletContext.getContext(String) virtual host aware

jetty-6.1.26 - 10 November 2010
 + JETTY-748 Prevent race close of socket by old acceptor threads
 + JETTY-1239 HTAccessHandler [allow from 127.0.0.1] does not work
 + JETTY-1291 Extract query parameters even if POST content consumed
 + JETTY-1293 Avoid usage of String.split
 + JETTY-1296 Always clear changes list in selectManager

jetty-6.1.26.RC0 - 20 October 2010
 + 325468 Clean work webapp dir before unpack
 + 327109 Fixed AJP handling of empty packets
 + 327562 Implement all X-Forwarded headers in ProxyServlet
 + JETTY-547 Improved usage of shutdownOutput before close
 + JETTY-912 add per exchange timeout
 + JETTY-1051 offer jetty.skip flag for maven plugin
 + JETTY-1096 exclude maven and plexus classes from jetty plugin
 + JETTY-1248 Infinite loop creating temp MultiPart files
 + JETTY-1264 Idle timer deadlock
 + JETTY-1271 Handle unavailable request
 + JETTY-1278 J2se6 SPI filter handling fix
 + JETTY-1283 Allow JSONPojoConvertorFactory to set fromJSON
 + JETTY-1287 rewrite handler thread safe issue resolved
 + JETTY-1288 info when atypical classloader set to WebAppContext
 + JETTY-1289 MRU cache for filter chains
 + JETTY-1292 close input streams after keystore.load()

jetty-7.2.0.v20101020 - 20 October 2010
 + 289540 added javadoc into distribution
 + 297154 add source distribution artifact
 + 323985 Xmlconfiguration pulls start.jar config properties
 + 324369 Improved handling of multiple versions of
   draft-ietf-hybi-thewebsocketprotocol
 + 326734 Configure Digest maxNonceAge with Security handler init param
 + 327109 Fixed AJP handling of empty packets
 + 327183 Allow better configurability of HttpClient for TLS/SSL
 + 327469 removed needless java6 dependencies
 + 327562 Implement all X-Forwarded headers in ProxyServlet
 + 327601 Multipart Filter handles quoted tokens
 + 327725 Nested ResourceCaches
 + 328199 Ensure blocking connectors always close socket
 + 328205 Improved SelectManager stopping
 + 328273 Added serializable to default user identity
 + JETTY-1288 Info statement when atypical classloader set on WebAppContext
 + JETTY-1289 LRU cache for filter chains

jetty-7.2.0.RC0 - 01 October 2010
 + 314087 Simplified SelectorManager
 + 319334 Concurrent, sharable ResourceCache
 + 319370 WebAppClassLoader.Context
 + 319444 Two nulls are appended to log statements from ContextHanler$Context
 + 320073 Reconsile configuration mechanism
 + 320112 Websocket in aggregate jars
 + 320264 Removed duplicate mime.property entries
 + 320457 Added rfc2045 support to B64Code
 + 321232 BasicAuthenticator ignores bad Authorization header
 + 321307 HashSessionManager calls passivation listeners
 + 321730 SelectChannelEndPoint prints to System.err
 + 321735 HttpClient onException called for buffer overflow
 + 322448 Added jetty-dir.css for directory listings
 + 322575 NPE in HotSwapHandler if old handler null
 + 322683 RewriteHandler thread safety
 + 323196 org.mortbay properties to org.eclipse
 + 323435 MovedContextHandler permanent redirection
 + 323464 IPv6 localhost with no Host header
 + 324110 Merge async dispatch parameters
 + 324158 Durable download or Orbit jars
 + 324260 Jetty-6 continuations handle complete calls
 + 324359 illegal actions on AsyncContext should not change its state
 + 324360 validate input on getResource since loop logic obscures subclass
   input validation.
 + 324369 Implement draft-ietf-hybi-thewebsocketprotocol-01
 + 324377 Allow dispatch of ServletRequest and ServletResponse
 + 324379 Change content type after getWriter
 + 324501 Fire RequestListener.requestDestroyed in last-to-first order
 + 324601 Check session expiry on access
 + 324679 Allow filter to write before static content
 + 324811 NPE in Server.dump
 + 324812 restore WebAppContext constructor used by geronimo integration
 + 325072 include to DefaultServlet of missing file throws
   FileNotFoundException
 + 325105 websocket ondisconnect fixed
 + 325128 websocket send during onConnect
 + 325468 Clean work webapp dir before unpack
 + 326612 Handle X-Forwarded-Proto header
 + JETTY-912 added per exchange timeout api
 + JETTY-1063 Plugin problems with spaces in classpath resource references
 + JETTY-1245 Do not use direct buffers with NIO SSL
 + JETTY-1249 Apply max idle time to all connectors
 + JETTY-1250 Parallel start of HandlerCollection
 + JETTY-1256 annotation and jta jars from Orbit
 + JETTY-1259 NullPointerException in JDBCSessionIdManager when invalidating
   session
 + JETTY-1261 errant listener usage in StandardDescriptorProcessor
 + JETTY-1263 JDBCSessionIdManager table creation fails on Oracle
 + JETTY-1265 Reason field option in client response
 + JETTY-1266 Destroy sessions before filters/servlets
 + JETTY-1268 Form Auth saves POST data
 + JETTY-1269 Improve log multithreadedness
 + JETTY-1270 Websocket closed endp protection
 + JETTY-1271 handled unavailable exception
 + JETTY-1279 Make jetty-plus.xml enable plus features for all webapps by
   default
 + JETTY-1281 Create new session after authentication
 + JETTY-1283 JSONPojoConvertorFactory can turn off fromJSON
 + Added ignore to Logger interface
 + Fix jetty-plus.xml for new configuration names
 + Improved debug dump

jetty-6.1.25 - 26 July 2010
 + 320264 Removed duplicate mime.property entries
 + JETTY-1212 Long content lengths
 + JETTY-1214 Avoid ISE when scavenging invalid session
 + JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and
   resourceBase is not set
 + JETTY-1226 javax.activation needs to be listed in the system classes
 + JETTY-1237 Remember local/remote details of endpoint
 + JETTY-1251 protected against closed selector
 + COMETD-112 if two threads create the same channel, then create events may
   occur after subscribe events
 + Jetty-6 is now in maintenance mode.

jetty-7.1.6.v20100715 - 15 July 2010
 + 319519 Warn about duplicate configuration files
 + 319655 Reset HEAD status
 + JETTY-1247 synchronize recylcing of SSL NIO buffers
 + JETTY-1248 fix parsing of bad multiparts
 + JETTY-1249 Apply max idle time to all connectors
 + JETTY-1251 Replace then close selector for JVM bugs

jetty-8.0.0.M1 - 12 July 2010
 + 306350 Ensure jars excluded by ordering are not scanned for annotations
 + JETTY-1224 Change jetty-8 merge rules for fragment descriptors and
   annotations
 + Ensure <absolute-ordering> in web.xml overrides relative <ordering> in
   fragments
 + Ensure empty <absolute-ordering> implies exclusion of all fragments
 + Ensure servlet-api jar class inheritance hierarchy is scanned

jetty-7.1.5.v20100705 - 05 July 2010
 + 288194 Add blacklist/whitelist to ProxyServlet and ProxyHandler
 + 296570 EOFException for HttpExchange when HttpClient.stop called
 + 311550 The WebAppProvider should allow setTempDirectory
 + 316449 Websocket disconnect fix
 + 316584 Exception on startup if temp path has spaces and extractWAR=false
 + 316597 Removed null check and fixed name in Resource#hrefEncodeURI
 + 316909 CNFE: org.xml.sax.SAXException on org.eclipse.jetty.osgi.boot start
   with jsp fragment
 + 316970 jetty.sh fails to find JETTY_HOME in standard directories
 + 316973 jetty.sh claims java installation is invalid
 + 316976 removed quotes of JAVA_OPTIONS in jetty.sh
 + 317007 Unable to run Jetty OSGi when
   -Dosgi.compatibility.bootdelegation=false
 + 317019 Date HTTP header not sent for HTTP/1.0 requests
 + 317231 Ability to configure jetty with a fragment bundle that contains
   etc/jetty.xml
 + 317759 Allow roles and constraints to be added after init
 + 317906 OPTIONS correctly handles TRACE
 + 318308 Correct quoting of unicode control characters
 + 318470 unboxing NPE protection in HttpConnection
 + 318551 Optional uncheck Printwriter
 + 319060 Support web-bundles that are not expanded (bundle is zipped)
 + JETTY-1237 Save local/remote address to be available after close
 + Update ecj to 3.6 Helios release drop

jetty-7.1.4.v20100610 - 10 June 2010
 + 292326 Stop continuations if server is stopped
 + 292814 Make QoSFilter and DoSFilter JMX manageable
 + 293222 Improve request log to handle/show asynchronous latency
 + 294212 Can not customize session cookie path
 + 295715 AbstractSessionManager decoupled from Context
 + 298551 SslSocketConnector does not need keystore stream
 + 301608 Deregister shutdown hooks
 + 302350 org.eclipse.jetty.server.NCSARequestLog is missing JavaDoc
 + 303661 jetty.sh failes if JETTY_HOME is not writeable
 + 304100 Better document JMX setup in jetty-jmx.xml
 + 305300 AsyncContext.start dispatches runnable
 + 314299 Create test harness for JDBCLoginService
 + 314581 Implement the Sec-Websocket handshake
 + 315190 CrossOriginFilter avoid headers not understood by WebSocket
 + 315687 included init script fails to test for JETTY_HOME as empty
 + 315715 Improved Cookie version handling. Server.setMaxCookieVersion
 + 315744 Fixed STOP.PORT and STOP.KEY in start.jar
 + 315748 Removed --fromDaemon from start.jar (replaced with --daemon)
 + 315925 Improved context xml configuration handling
 + 315995 Incorrect package name in system classes list
 + 316119 Fixed idleTimeout for SocketEndPoint
 + 316254 Implement @DeclareRoles
 + 316334 Breaking change on org.eclipse.jetty.client.HttpExchange
 + 316399 Debug output in MultiPartFilter
 + 316413 Restarting webapp for packed war fails
 + 316557 OSGi HttpService failure due to undeployed context handlers
 + JETTY-547 Delay close after shutdown until request read
 + JETTY-1231 Support context request log handler

jetty-7.1.3.v20100526 - 26 May 2010
 + 296567 HttpClient RedirectListener handles new HttpDestination
 + 297598 JDBCLoginService uses hardcoded credential class
 + 305898 Websocket handles query string in URI
 + 307457 Exchanges are left unhandled when connection is lost
 + 313205 Unable to run test-jdbc-sessions tests
 + 314009 jetty.xml configuration file on command line
 + 314177 JSTL support is broken
 + 314459 support maven3 for builds

jetty-7.1.2.v20100523 - 23 May 2010
 + 308866 Update test suite to JUnit4 - Module jetty-util
 + 312948 Recycle SSL crypto buffers
 + 313196 randomly allocate ports for session test
 + 313278 Implement octet ranges in IPAccessHandler
 + 313336 secure websockets
 + 314009 updated README.txt
 + Update links to jetty website and wiki on test webapp

jetty-7.1.1.v20100517 - 17 May 2010
 + 302344 Make the list of available contexts if root context is not configured
   optional
 + 304803 Remove TypeUtil Integer and Long caches
 + 306226 HttpClient should allow changing the keystore and truststore type
 + 308850 Update test suite to JUnit4 - Module jetty-annotations
 + 308853 Update test suite to JUnit4 - Module jetty-deploy
 + 308854 Update test suite to JUnit4 - Module jetty-http
 + 308855 Update test suite to JUnit4 - Module jetty-io
 + 308856 Update test suite to JUnit4 - Module jetty-jmx
 + 308857 Update test suite to JUnit4 - Module jetty-jndi
 + 308858 Update test suite to JUnit4 - Module jetty-plus
 + 308859 Update test suite to JUnit4 - Module jetty-policy
 + 308860 Update test suite to JUnit4 - Module jetty-rewrite
 + 308862 Update test suite to JUnit4 - Module jetty-server
 + 308863 Update test suite to JUnit4 - Module jetty-servlet
 + 308867 Update test suite to JUnit4 - Module jetty-webapp
 + 310918 Fixed write blocking for client HttpConnection
 + 312526 Protect shutdown thread initialization during shutdown

jetty-7.1.0 - 05 May 2010
 + 306353 fixed cross context dispatch to root context
 + 311154 Added deprecated StringBuffer API for backwards compatibility
 + 311554 Protect shutdown thread from Server#doStop
 + 312243 Optimized timeout handling

jetty-7.1.0.RC1 - 05 May 2010
 + 286889 Allow System and Server classes to be set on Server instance and when
   applied to all webapps
 + 291448 SessionManager has isCheckingRemoteSessionIdEncoding
 + 296650 JETTY-1198 reset idle timeout on request body chunks
 + 297104 HTTP CONNECT does not work correct with SSL destinations
 + 306782 Close connection when expected 100 continues is not sent
 + 308848 Update test suite to JUnit4 - Module jetty-ajp
 + 308861 Update test suite to JUnit4 - Module jetty-security
 + 308864 Update test suite to JUnit4 - Module jetty-servlets
 + 308865 Update test suite to JUnit4 - Module jetty-start
 + 308868 Update test suite to JUnit4 - Module jetty-websocket
 + 308869 Update test suite to JUnit4 - Module jetty-xml
 + 309153 Hide extracted WEB-INF/lib when running a non-extracted war
 + 309369 Added WebSocketLoadTest
 + 309686 Fixed response buffers usage
 + 310094 Improved start.jar options handling and configs
 + 310382 NPE protection when WAR is not a file
 + 310562 SslSocketConnector fails to start if excludeCipherSuites is set
 + 310634 Get the localport when opening a server socket
 + 310703 Update test suite to JUnit4 - Module tests/test-integration
 + 310918 Synchronize content exchange
 + 311154 Use Appendable in preference to StringBuilder/StringBuffer in APIs
 + 311362 Optional org.eclipse.jetty.util.log.stderr.SOURCE
 + JETTY-1030 Improve jetty.sh script
 + JETTY-1142 Replace Set-Cookies with same name

jetty-7.1.0.RC0 - 27 April 2010
 + 294563 Websocket client connection
 + 297104 Improve handling of CONNECT method
 + 306349 ProxyServlet does not work unless deployed at /
 + 307294 Add AbstractLifeCycle.AbstractLifeCycleListener implementation
 + 307847 Fixed combining mime type parameters
 + 307898 Handle large/async websocket messages
 + 308009 ObjectMBean incorrectly casts getTargetException() to Exception
 + 308420 convert jetty-plus.xml to use DeploymentManager
 + 308925 Protect the test webapp from remote access
 + 309466 Removed synchronization from StdErrLog
 + 309765 Added JSP module
 + 310051 _configurationClasses now defaults to null in WebAppContext
 + 310094 Improved start.jar usage and config files
 + 310431 Default ErrorHandler as server Bean
 + 310467 Allow SocketConnector to create generic Connection objects
 + 310603 Make Logger interface consistent
 + 310605 Make a clean room implementation of the JSP logger bridge
 + JETTY-903 Stop both caches
 + JETTY-1200 SSL NIO Endpoint wraps non NIO buffers
 + JETTY-1202 Use platform default algorithm for SecureRandom
 + JETTY-1212 handle long content lengths
 + JETTY-1214 avoid ISE when scavenging invalid session
 + Add AnnotationConfiguration to jetty-plus.xml
 + Add NPE protection to ContainerInitializerConfiguration
 + Fix jetty-plus.xml reference to addLifeCycle
 + Merged 7.0.2.v20100331
 + Temporarily remove jetty-osgi module to clarify jsp version compatibility

jetty-6.1.24 - 21 April 2010
 + 308925 Protect the test webapp from remote access
 + JETTY-903 Stop both caches
 + JETTY-1198 reset idle timeout on request body chunks
 + JETTY-1200 SSL NIO Endpoint wraps non NIO buffers
 + JETTY-1211 SetUID loadlibrary name and debug
 + COMETD-100 ClientImpl logs "null" as clientId
 + COMETD-107 Reloading the application with reload extension does not fire
   /meta/connect handlers until long poll timeout expires
 + COMETD-99 ClientImpl logs exceptions in listeners with "debug" level
 + Upgraded to cometd 1.1.1 client

jetty-6.1.23 - 02 April 2010
 + 292800 ContextDeployer - recursive setting is undone by FilenameFilter
 + 296569 removeLifeCycleListener() has no effect
 + 300178 HttpClients opens too many connections that are immediately closed
 + 304658 Inconsistent Expires date format in Set-Cookie headers with maxAge=0
 + 304698 org.eclipse.jetty.http.HttpFields$DateGenerator.formatCookieDate()
   uses wrong (?) date format
 + 306331 Session manager is kept after call to doScope
 + 306840 suppress content-length in requests without content
 + JETTY-875 Allow setting of advice field in response to Handshake
 + JETTY-983 Range handling cleanup
 + JETTY-1133 Handle multiple URL ; parameters
 + JETTY-1134 BayeuxClient: Connect msg should be sent as array
 + JETTY-1149 transient should be volatile in AbstractLifeCycle
 + JETTY-1153 System property for UrlEncoded charset
 + JETTY-1155 HttpConnection.close notifies HttpExchange
 + JETTY-1156 SSL blocking close with JVM Bug busy key fix
 + JETTY-1157 Don't hold array passed in write(byte[])
 + JETTY-1158 NPE in StdErrLog when Throwable is null
 + JETTY-1161 An Extension that measures round-trip delay for cometd messages
 + JETTY-1162 Add support for async/sync message delivery to BayeuxClient
 + JETTY-1163 AJP13 forces 8859-1 encoding
 + JETTY-1168 Don't hold sessionIdManager lock when invalidating sessions
 + JETTY-1170 NPE on client when server-side extension returns null
 + JETTY-1174 Close rather than finish Gzipstreams to avoid JVM leak
 + JETTY-1175 NPE in TimesyncExtension
 + JETTY-1176 NPE in StatisticsExtension if client is null
 + JETTY-1177 Allow error handler to set cacheControl
 + JETTY-1178 Make continuation servlet to log the incoming JSON in case of
   parsing errors
 + JETTY-1180 Extension methods are wrongly called
 + JETTY-1182 COMETD-76 do not lock client while sending messages
 + JETTY-1183 AcknowledgedMessagesClientExtension does not handle correctly
   message resend when client long polls again
 + JETTY-1186 Better document JMX setup in jetty-jmx.xml
 + JETTY-1188 Null old jobs in QueuedThreadPool
 + JETTY-1191 Limit size of ChannelId cache
 + JETTY-1192 Fixed Digested POST and HttpExchange onRetry
 + JETTY-1193 Exception details are lost in AbstractCometdServlet.getMessages
 + JETTY-1195 Coalesce buffers in ChannelEndPoint.flush()
 + JETTY-1196 Enable TCP_NODELAY by default in client connectors
 + JETTY-1197 SetUID module test fails when using Java 1.6 to build
 + JETTY-1199 FindBugs cleanups
 + JETTY-1202 Use platfrom default algorithm for SecureRandom
 + JETTY-1205 Memory leak in browser-to-client mapping
 + JETTY-1207 NPE protection in FormAuthenticator
 + COMETD-28 Improved concurrency usage in Bayeux and channel handling
 + COMETD-46 reset ContentExchange content on resend
 + COMETD-58 Extension.rcv() return null causes NPE in
   AbstractBayeux.PublishHandler.publish
 + COMETD-59 AcknowledgeExtension does not handle null channel in Message
 + COMETD-62 Delay add listeners until after client construction
 + JSON parses NaN as null
 + Remove references to old content in HttpClient client tests for www.sun.com
 + Updated JSP to 2.1.v20091210

jetty-7.0.2.v20100331 - 31 March 2010
 + 297552 Don't call Continuation timeouts from acceptor tick
 + 298236 Additional unit tests for jetty-client
 + 306782 httpbis interpretation of 100 continues. Body never skipped
 + 306783 NPE in StdErrLog when Throwable is null
 + 306840 Suppress content-length in requests with no content
 + 306880 Support for UPGRADE in HttpClient
 + 306884 Suspend with timeout <=0 never expires
 + 307589 updated servlet 3.0 continuations for final API
 + Allow Configuration array to be set on Server instance for all web apps
 + Ensure webapps with no WEB-INF don't scan WEB-INF/lib
 + Take excess logging statements out of startup

jetty-7.0.2.RC0 - 09 March 2010
 + 290765 Reset input for HttpExchange retry
 + 292799 WebAppDeployer - start a started context?
 + 292800 ContextDeployer - recursive setting is undone by FilenameFilter
 + 294799 when configuring a webapp, don't look for WEB-INF/jetty6-web.xml
 + 296569 removeLifeCycleListener() has no effect
 + 296765 JMX Connector Server and ShutdownThread
 + 297421 Hide server/system classes from WebAppClassLoader.getResources
 + 297783 Handle HEAD reponses in HttpClient
 + 298144 Unit test for jetty-client connecting to a server that uses Basic
   Auth
 + 298145 Reorganized test harness to separate the HTTP PUT and HTTP GET test
   URLs
 + 298234 Unit test for jetty-client handling different HTTP error codes
 + 298667 DeploymentManager uses ContextProvider and WebAppProvider
 + 299455 Enum support in JSONPojoConvertor
 + 300178 HttpClients opens too many connections that are immediately closed
 + 300733 Jars from lib/ext are not visible for my web application
 + 300933 AbstractConnector uses concurrent objects for stats
 + 301089 Improve statistics available in StatisticsHandler and
   AbstractConnector
 + 302018 Improve statistics available in AbstractSessionHandler
 + 302198 Rename HttpClient authorization classes to Authentication
 + 302244 invalid configuration boolean conversion in FormAuthenticator
 + 302246 redirect loop using form authenticator
 + 302556 CrossOriginFilter does not work correctly when
   Access-Control-Request-Headers header is not present
 + 302669 WebInfConfiguration.unpack() unpacks WEB-INF/* from a
   ResourceCollection, breaking JSP reloading with ResourceCollections
 + 303526 Added include cyphers
 + 304307 Handle ;jsessionid in FROM Auth
 + 304532 Skip some tests on IBM JVMs until resolved
 + 304658 Inconsistent Expires date format in Set-Cookie headers with maxAge=0
 + 304698 org.eclipse.jetty.http.HttpFields$DateGenerator.formatCookieDate()
   uses wrong (?) date format
 + 304781 Reset HttpExchange timeout on slow request content
 + 304801 SSL connections FULL fix
 + 305997 Coalesce buffers in ChannelEndPoint.flush()
 + 306028 Enable TCP_NODELAY by default in client connectors
 + 306330 Flush filter chain cache after Invoker servlet
 + 306331 Session manager is kept after call to doScope
 + JETTY-776 Make new session-tests module to concentrate all reusable session
   clustering test code
 + JETTY-910 Allow request listeners to access session
 + JETTY-983 Range handling cleanup
 + JETTY-1133 Handle multiple URL ; parameters
 + JETTY-1151 JETTY-1098 allow UTF-8 with 0 carry bits
 + JETTY-1153 System property for UrlEncoded charset
 + JETTY-1155 HttpConnection.close notifies HttpExchange
 + JETTY-1156 SSL blocking close with JVM Bug busy key fix
 + JETTY-1157 Don't hold array passed in write(byte[])
 + JETTY-1163 AJP13 forces 8859-1 encoding
 + JETTY-1174 Close rather than finish Gzipstreams to avoid JVM leak
 + JETTY-1177 Allow error handler to set cacheControl
 + JETTY-1179 Persistant session tables created on MySQL use wrong datatype
 + JETTY-1184 shrink thread pool even with frequent small jobs
 + JETTY-1192 Fixed Digested POST
 + JETTY-1199 FindBugs cleanups
 + Added IPAccessHandler
 + COMETD-46 reset ContentExchange response content on resend
 + JSON parses NaN as null
 + Updated Servlet3Continuation to final 3.0.20100224

jetty-8.0.0.M0 - 28 February 2010
 + Merged 7.0.1.v20091116
 + Updated servlet 3.0 spec 20100224
 + Updated to cometd 1.0.1

jetty-7.0.1.v20091125 - 25 November 2009
 + 274251 DefaultServlet supports exact match mode
 + 288401 HttpExchange.cancel() Method Unimplemented
 + 289027 deobfuscate HttpClient SSL passwords
 + 289265 Test harness for async input
 + 289959 Improved ContextDeployer configuration
 + 289960 start.jar assumes command line args are configs
 + 291019 Fix default DEBUG option; "-D.DEBUG=true" now works
 + 291340 Race condition in onException() notifications
 + 291543 make bin/*.sh scripts executable in distribution
 + 291589 Update jetty-rewrite demo
 + 292546 Proactively enforce HttpClient idle timeout
 + 292642 Fix errors in embedded Jetty examples
 + 292825 Continuations ISE rather than ignore bad transitions
 + 293222 Improved StatisticsHandler for async
 + 293506 Unable to use jconsole with Jetty when running with security manager
 + 293557 Add "jad" mime mapping
 + 294154 Patched jetty-osgi
 + 294224 HttpClient timeout setting has no effect when connecting to host
 + 294345 Support for HTTP/301 + HTTP/302 response codes
 + 294563 Initial websocket implementation
 + 295421 Cannot reset() a newly created HttpExchange: IllegalStateException 0
   => 0
 + 295562 CrossOriginFilter does not work with default values in Chrome and
   Safari
 + JETTY-937 More JVM bug work arounds. Insert pause if all else fails
 + JETTY-983 Send content-length with multipart ranges
 + JETTY-1114 unsynchronised WebAppClassloader.getResource(String)
 + JETTY-1121 Merge Multipart query parameters
 + JETTY-1122 Handle multi-byte utf that causes buffer overflow
 + JETTY-1125 TransparentProxy incorrectly configured for test webapp
 + JETTY-1129 Filter control characters out of StdErrLog
 + JETTY-1135 Handle connection closed before accepted during JVM bug work
   around
 + JETTY-1144 fixed multi-byte character overflow
 + JETTY-1148 Reset partially read request reader
 + COMETD-34 Support Baeyux MBean
 + CQ-3581 jetty OSGi contribution
 + Prevent SSL renegotiate for SSL vulnerability (CVE-2009-3555)
 + Fixed client abort asocciation
 + Fixed XSS issue in CookieDump demo servlet.
 + Improved start.jar usage text for properties
 + Moved centralized logging and verifier back to sandbox
 + Promoted Jetty Centralized Logging from Sandbox
 + Promoted Jetty WebApp Verifier from Sandbox
 + Refactored continuation test harnessess

jetty-7.0.0.v20091005 - 05 October 2009
 + 291340 Race condition in onException() notifications

jetty-6.1.21 - 22 September 2009
 + 282543 HttpClient SSL buffer size fix
 + 288055 fix jetty-client for failed listener state machine
 + 288153 reset exchange when resending
 + 288182 PUT request fails during retry
 + JETTY-719 Document state machine of jetty http client
 + JETTY-933 State == HEADER in client
 + JETTY-936 Improved servlet matching and optimized
 + JETTY-1038 ChannelId.isParentOf returns the wrong result
 + JETTY-1061 Catch exceptions from cometd listeners
 + JETTY-1072 maven plugin handles context path not as documented
 + JETTY-1080 modified previous fix for windows
 + JETTY-1084 HEAD command not setting content-type in response under certain
   circumstances
 + JETTY-1090 resolve inifinte loop condition for webdav listener
 + JETTY-1092 MultiPartFilter can be pushed into infinite loop
 + JETTY-1093 Request.toString throws exception when size exceeds 4k
 + JETTY-1098 Default form encoding is UTF8
 + JETTY-1099 Improve cookie handling in BayeuxClient
 + JETTY-1100 extend setuid feature to allow setting max open file descriptors
 + JETTY-1102 Wrong usage of deliver() in private chat messages
 + JETTY-1108 SSL EOF detection
 + JETTY-1109 Improper handling of cookies in Terracotta tests
 + JETTY-1112 Response fails if header exceeds buffer size
 + JETTY-1113 IllegalStateException when adding servlet filters
   programmatically
 + JETTY-1114 Unsynchronize webapp classloader getResource
 + Fix DefaultServletTest for windows
 + Include tmp directory sweeper in build
 + Streamline jetty-jboss build, update sar to QueuedThreadPool
 + Update Jetty implementation of com.sun.net.httpserver.*

jetty-7.0.0.RC6 - 21 September 2009
 + 280723 Add non blocking statistics handler
 + 282543 HttpClient SSL buffer size fix
 + 283357 org.eclipse.jetty.server.HttpConnectionTest exceptions
 + 288055 jetty-client fails to resolve failed resolution attempts correctly
 + 288153 jetty-client resend doesn't reset exchange
 + 288182 PUT request fails during retry
 + 288466 LocalConnector is not thread safe
 + 288514 AbstractConnector does not handle InterruptedExceptions on shutdown
 + 288772 Failure to connect does not set status to EXCEPTED
 + 289146 formalize reload policy functionality
 + 289156 jetty-client: no longer throw runtime exception for bad authn details
 + 289221 HttpExchange does not timeout when using blocking connector
 + 289285 org.eclipse.jetty.continuation 7.0.0.RC5 imports the
   org.mortbay.util.ajax package
 + 289686 HttpExchange.setStatus() has too coarse synchronization
 + 289958 StatisticsServlet incorrectly adds StatisticsHandler
 + 289960 start.jar assumes command line args are configs
 + 290081 Eager consume LF after CR
 + 290761 HttpExchange isDone handles intercepted events
 + JETTY-719 Document state machine of jetty http client
 + JETTY-780 CNFE during startup of webapp with spring-context >= 2.5.1
 + JETTY-936 274251 Improved servlet matching and optimized'
 + JETTY-1080 modify previous fix to work on windows
 + JETTY-1084 HEAD command not setting content-type in response under certain
   circumstances
 + JETTY-1086 Use UncheckedPrintWriter & cleaned up HttpStatus.Code usage
 + JETTY-1090 resolve potential infinite loop with webdav listener
 + JETTY-1092 MultiPartFilter can be pushed into infinite loop
 + JETTY-1093 Request.toString throws exception when size exceeds 4k
 + JETTY-1098 Default form encoding is UTF8
 + JETTY-1101 Updated servlet3 continuation constructor
 + JETTY-1105 Custom error pages aren't working
 + JETTY-1108 SSL EOF detection
 + JETTY-1112 Response fails if header exceeds buffer size
 + JETTY-1113 IllegalStateException when adding servlet filters
   programmatically
 + Copy VERSION.txt to distro
 + Fixed XSS issue in CookieDump demo servlet.
 + Remove printlns from jetty-plus
 + Tweak DefaultServletTest under windows

jetty-6.1.20 - 27 August 2009
 + 283513 Check endp.isOpen when blocking read
 + 283818 fixed merge of forward parameters
 + 285006 Fixed NPE in AbstractConnector during shutdown
 + 286535 ContentExchange status code
 + 286911 Clean out cache when recycling HTTP fields
 + JETTY-838 Don't log and throw
 + JETTY-874 Better error on full header
 + JETTY-960 Support ldaps
 + JETTY-1046 maven-jetty-jspc-plugin keepSources takes affect only in
   packageRoot
 + JETTY-1057 XSS error page
 + JETTY-1065 Add RedirectRegexRule to provide match/replace/group redirect
   support
 + JETTY-1066 Send 400 error for request URI parse exceptions
 + JETTY-1068 Avoid busy flush of async SSL
 + JETTY-1069 Adjust Bayeux Java client backoff algorithm
 + JETTY-1070 Java Bayeux Client not sending /meta/disconnect on stop
 + JETTY-1074 JMX thread manipulation
 + JETTY-1077 HashSSORealm shares Principals between UserRealms
 + JETTY-1078 Automatic JSON Pojo Conversion
 + JETTY-1079 ResourceCollection.toString() can throw IllegalStateException
 + JETTY-1080 Ignore files that would be extracted outside the destination
   directory when unpacking WARs
 + JETTY-1081 Handle null content type in GzipFilter
 + JETTY-1084 Disable GzipFilter for HEAD requests
 + JETTY-1085 Allow url sessionID if cookie invalid
 + JETTY-1086 Added UncheckedPrintWriter to avoid ignored EOFs
 + JETTY-1087 Chunked SSL non blocking input
 + JETTY-1098 Upgrade jsp to SJSAS-9_1_1-B60F-07_Jan_2009
 + Added DebugHandler
 + Added getSubscriptions to cometd client
 + Clarified cometd interval timeout and allow per client intervals
 + COMETD-7 max latency config for lazy messages
 + Made unSubscribeAll public on cometd client
 + Removed clearing of queue in unSubscribeAll for cometd client
 + Update Main.main method to call setWar
 + Update test-jndi and test-annotation examples for atomikos 3.5.5

jetty-7.0.0.RC5 - 27 August 2009
 + 286911 Clean out cache when recycling HTTP fields
 + 287496 Use start.ini always and added --exec
 + 287632 FilterContinuations for blocking jetty6
 + JETTY-838 Don't log and throw
 + JETTY-874 Better header full warnings
 + JETTY-960 Support for ldaps
 + JETTY-1081 Handle null content type in GzipFilter
 + JETTY-1084 Disable GzipFilter for HEAD requests
 + JETTY-1085 Allow url sessionID if cookie invalid
 + JETTY-1086 Added UncheckedPrintWriter to avoid ignored EOFs
 + JETTY-1087 Chunked SSL non blocking input

jetty-7.0.0.RC4 - 18 August 2009
 + 279820 Fixed HotSwapHandler
 + 285891 SessionAuthentication is serializable
 + 286185 Implement ability for JSON implementation to automatically register
   convertors
 + 286535 ContentExchange status code
 + JETTY-1057 XSS error page
 + JETTY-1079 ResourceCollection.toString
 + JETTY-1080 Ignore files that would be extracted outside the destination
   directory when unpacking WARs
 + Added discoverable start options

jetty-7.0.0.RC3 - 07 August 2009
 + 277403 remove system properties
 + 282447 concurrent destinations in HttpClient
 + 283172 fix Windows build, broken on directory creation with the
   DefaultServlet
 + 283375 additional error-checking on SSL connector passwords to prevent NPE
 + 283513 Check endp.isOpen when blocking read
 + 285697 extract parameters if dispatch has query
 + JETTY-1074 JMX thread manipulation
 + Improved deferred authentication handling

jetty-6.1.19 - 01 July 2009
 + JETTY-799 shell script for jetty on cygwin
 + JETTY-863 Non blocking stats handler
 + JETTY-937 Further Improvements for sun JVM selector bugs
 + JETTY-970 BayeuxLoadGenerator latency handling
 + JETTY-1011 Grizzly uses queued thread pool
 + JETTY-1028 jetty:run plugin should check for the web.xml from the overlays
   if not found in src/main/webapp/WEB-INF/
 + JETTY-1029 Handle quoted cookie paths
 + JETTY-1031 Handle large pipeline
 + JETTY-1033 jetty-plus compiled with jdk1.5
 + JETTY-1034 Cookie parsing
 + JETTY-1037 reimplemented channel doRemove
 + JETTY-1040 jetty.client.HttpConnection does not handle non IOExceptions
 + JETTY-1042 Avoid cookie reuse on shared connection
 + JETTY-1044 add commons-daemon support as contrib/start-daemon module
 + JETTY-1045 Handle the case where request.PathInfo() should be "/*"
 + JETTY-1046 maven-jetty-jspc-plugin keepSources takes affect only in
   packageRoot
 + JETTY-1047 Cometd client can grow cookie headers
 + JETTY-1048 Default servlet can handle partially filtered large static
   content
 + JETTY-1049 Improved transparent proxy usability
 + JETTY-1054 Avoid double deploys
 + JETTY-1055 Cookie quoting
 + JETTY-1057 Error page stack trace XSS
 + JETTY-1058 Handle trailing / with aliases on
 + JETTY-1062 Don't filter cometd message without data

jetty-7.0.0.RC2 - 29 June 2009
 + 283375 improved extensibility of SSL connectors
 + 283818 fixed merge of forward parameters
 + 283844 Webapp / TLD errors are not clear
 + 284475 update jetty.sh for new OPTIONS syntax
 + 284510 Enhance jetty-start for diagnosis and unit testing
 + 284981 Implement a cross-origin filter
 + 285006 fix AbstractConnector NPE during shutdown
 + Added DebugHandler
 + Added JavaUtilLog for Jetty logging to java.util.logging framework
 + backport jetty-8 annotation parsing to jetty-7
 + Disassociate method on IdentityService
 + Improved handling of overlays and resourceCollections

jetty-7.0.0.M3 - 20 June 2009
 + 274251 Allow dispatch to welcome files that are servlets (configurable)
 + 276545 Quoted cookie paths
 + 277403 Cleanup system property usage
 + 277798 Denial of Service Filter
 + 279725 Support 100 and 102 expectations
 + 280707 client.HttpConnection does not catch and handle non-IOExceptions
 + 281470 Handle the case where request.PathInfo() should be "/*"
 + Added ContinuationThrowable
 + added WebAppContext.setConfigurationDiscovered for servlet 3.0 features
 + fixed race with expired async listeners
 + Numerous cleanups from static code analysis
 + Portable continuations for jetty6 and servlet3
 + Refactored AbstractBuffers to HttpBuffers for performance
 + refactored configuration mechanism
 + Refactored continuations to only support response wrapping

jetty-7.0.0.RC1 - 15 June 2009
 + 283344 Startup on windows is broken
 + JETTY-1066 283357 400 response for bad URIs
 + JETTY-1068 Avoid busy flush of async SSL

jetty-7.0.0.RC0 - 08 June 2009
 + 271535 Adding integration tests, and enabling RFC2616 tests
 + 280843 Buffer pool uses isHeader
 + 281287 Handle date headers before 1 Jan 1970
 + 282807 Better handling of 100 continues if response committed
 + JETTY-967 create standalone build for PKCS12Import at codehaus
 + JETTY-1056 update jetty-ant module for Jetty 7 at codehaus trunk
 + JETTY-1058 Handle trailing / with aliases

jetty-7.0.0.M4 - 01 June 2009
 + 281059 NPE in QTP with debug on
 + JETTY-799 shell script for jetty on cygwin
 + JETTY-1031 Handle large pipeline
 + JETTY-1034 Cookie parsing
 + JETTY-1042 Prevent cookie leak between shared connection
 + JETTY-1048 Fix for large partially filtered static content
 + JETTY-1049 Improved transparent proxy usability
 + JETTY-1054 Avoid double deploys
 + JETTY-1055 Cookie quoting
 + JETTY-1057 Error page stack trace XSS

jetty-7.0.0.M2 - 18 May 2009
 + 273767 Update to use geronimo annotations spec 1.1.1
 + 275396 Added ScopedHandler to set servlet scope before security handler
 + JETTY-937 Work around Sun JVM bugs
 + JETTY-941 Linux chkconfig hint
 + JETTY-959 CGI servlet doesn't kill the CGI in case the client disconnects
 + JETTY-980 Fixed ResourceHandler ? handling, and bad URI creation in listings
 + JETTY-996 Make start-stop-daemon optional
 + JETTY-1003 java.lang.IllegalArgumentException: timeout can't be negative
 + JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment
 + JETTY-1013 MySql Error with JDBCUserRealm
 + JETTY-1014 Enable start-stop-daemon by default on jetty.sh
   (START_STOP_DAEMON=1)
 + JETTY-1015 Reduce BayeuxClient and HttpClient lock contention
 + JETTY-1020 ZipException in org.mortbay.jetty.webapp.TagLibConfiguration
   prevents all contexts from being loaded

jetty-5.1.15 - 18 May 2009
 + JETTY-418 synchronized load class
 + JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment
 + Fixes for CERT438616-CERT237888-CERT21284

jetty-6.1.18 - 16 May 2009
 + JETTY-937 Improved work around sun JVM selector bugs
 + JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment
 + JETTY-1008 ContinuationBayeux destroy is called
 + JETTY-1013 MySql Error with JDBCUserRealm
 + JETTY-1014 Enable start-stop-daemon by default on jetty.sh
   (START_STOP_DAEMON=1)
 + JETTY-1015 Reduce BayeuxClient and HttpClient lock contention
 + JETTY-1017 HttpDestination has too coarse locking
 + JETTY-1018 Denial of Service Filter
 + JETTY-1020 ZipException in org.mortbay.jetty.webapp.TagLibConfiguration
   prevents all contexts from being loaded
 + JETTY-1022 Removed several 1.5isms

jetty-6.1.17 - 30 April 2009
 + JETTY-936 Make optional dispatching to welcome files as servlets
 + JETTY-937 Work around sun JVM selector bugs
 + JETTY-941 Linux chkconfig hint
 + JETTY-957 Reduce hardcoded versions
 + JETTY-980 Security / Directory Listing XSS present
 + JETTY-982 Make test-jaas-webapp run with jetty:run
 + JETTY-983 Default Servlet sets accept-ranges for cached/gzipped content
 + JETTY-985 Allow listeners to implement both interfaces
 + JETTY-988 X-Forwarded-Host has precedence over X-Forwarded-Server
 + JETTY-989 GzipFilter handles addHeader
 + JETTY-990 Async HttpClient connect
 + JETTY-992 URIUtil.encodePath encodes markup characters
 + JETTY-996 Make start-stop-daemon optional
 + JETTY-997 Remove jpackage-utils dependency on rpm install
 + JETTY-1000 Avoided needless 1.5 dependency
 + JETTY-1002 cometd-api to 1.0.beta8
 + JETTY-1003 java.lang.IllegalArgumentException: timeout can't be negative
 + JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment
 + JETTY-1006 Resume meta connect on all XD messages

jetty-7.0.0.M1 - 22 April 2009
 + 271258 FORM Authentication dispatch handling avoids caching
 + 271536 Add support to IO for quietly closing Readers / Writers
 + 273011 JETTY-980 JETTY-992 Security / Directory Listing XSS present
 + 273101 Fix DefaultServletTest XSS test case
 + 273153 Test for Nested references in DispatchServlet
 + JETTY-695 Handler dump
 + JETTY-983 DefaultServlet generates accept-ranges for cached/gzip content
 + Initial support for LoginService.logout
 + Removed HTTPConnection specifics from connection dispatching
 + Reworked authentication for deferred authentication
 + Reworked JMX for new layout

jetty-6.1.16 - 01 April 2009
 + JETTY-702 Create "jetty-tasks.xml" for the Ant plugin
 + JETTY-899 Standardize location for configuration files which go into etc
 + JETTY-936 Allow dispatch to welcome files that are servlets
 + JETTY-944 Lazy messages don't prevent long polls waiting
 + JETTY-946 Redeploys with maven jetty plugin of webapps with overlays don't
   work
 + JETTY-947 Exception stops terracotta session scavenger
 + JETTY-948 ConcurrentModificationException in TerracottaSessionManager
   scavenger
 + JETTY-949 Move cometd source to cometd.org project
 + JETTY-953 SSL keystore file input stream is not being closed directly
 + JETTY-956 SslSelectChannelConnector - password should be the default value
   of keyPassword if not specified
 + JETTY-959 CGI servlet doesn't kill the CGI in case the client disconnects
 + JETTY-964 Typo in Jetty 6.1.15 Manifest - Bundle-RequiredExcutionEnvironment
 + JETTY-972 Move cometd code back from cometd.org project (temporarily)
 + JETTY-973 Deliver same message to a collection of cometd Clients

jetty-7.0.0.M0 - 27 March 2009
 + JETTY-496 Support inetd/xinetd through use of System.inheritedChannel()
 + JETTY-540 Merged 3.0 Public Review changes
 + JETTY-567 Delay in initial TLS Handshake With FireFox 3 beta5 and
   SslSelectChannelConnector
 + JETTY-600 Automated tests of WADI integration + upgrade to WADI 2.0
 + JETTY-691 System.getProperty() calls ... wrap them in doPrivileged
 + JETTY-713 Expose additional AbstractConnector methods via MBean
 + JETTY-731 Completed DeliverListener for cometd
 + JETTY-748 RandomAccessFileBuffer for hadoop optimization
 + JETTY-749 Improved ArrayQueue
 + JETTY-765 ensure stop mojo works for all execution phases
 + JETTY-774 Improved caching of mime types with charsets
 + JETTY-775 AbstractSessionTest remove timing related test
 + JETTY-778 handle granular windows timer in lifecycle test
 + JETTY-779 Fixed line feed in request log
 + JETTY-781 Add "mvn jetty:deploy-war" for deploying a pre-assembled war
 + JETTY-782 Implement interval advice for BayeuxClient
 + JETTY-783 Update jetty self-signed certificate
 + JETTY-784 TerracottaSessionManager leaks sessions scavenged in other nodes
 + JETTY-786 Allow DataSourceUserRealm to create tables
 + JETTY-787 Handle MSIE7 mixed encoding
 + JETTY-788 Fix jotm for scoped jndi naming
 + JETTY-790 WaitingContinuations can change mutex if not pending
 + JETTY-792 TerracottaSessionManager does not unlock new session with
   requested id
 + JETTY-793 Fixed DataCache millisecond rounding
 + JETTY-794 WADI integration tests fail intermittently
 + JETTY-795 NullPointerException in SocketConnector.java
 + JETTY-801 Bring back 2 arg EnvEntry constructor
 + JETTY-802 Modify the default error pages to make association with Jetty
   clearer
 + JETTY-804 HttpClient timeout does not always work
 + JETTY-805 Fix jetty-jaas.xml for new UserRealm package
 + JETTY-806 Timeout related Deadlocks in HTTP Client
 + JETTY-807 HttpTester to handle charsets
 + JETTY-808 cometd client demo run.sh
 + JETTY-809 Need a way to customize WEB-INF/lib file extensions that are added
   to the classpath
 + JETTY-811 Allow configuration of system properties for the maven plugin
   using a file
 + JETTY-813 Simplify NCSARequestLog.java
 + JETTY-814 Add org.eclipse.jetty.client.Address.toString()
 + JETTY-816 Implement reconnect on java bayeux client
 + JETTY-817 Aborted SSL connections may cause jetty to hang with full cpu
 + JETTY-818 Support javax.servlet.request.ssl_session_id
 + JETTY-821 Allow lazy loading of persistent sessions
 + JETTY-822 Commit when autocommit=true causes error with mysql
 + JETTY-823 Extend start.config profiles
 + JETTY-824 Access to inbound byte statistics
 + JETTY-825 URL decoding of spaces (+) fails for encoding not utf8
 + JETTY-830 Add ability to reserve connections on http client
 + JETTY-831 Add ability to stop java bayeux client
 + JETTY-832 More UrlDecoded handling in relation to JETTY-825
 + JETTY-834 Configure DTD does not allow <Map> children
 + JETTY-837 Response headers set via filter are ignored for static resources
 + JETTY-840 add default mime types to *.htc and *.pps
 + JETTY-841 Duplicate messages when sending private message to yourself with
   cometd chat demo
 + JETTY-842 NPE in jetty client when no path component
 + JETTY-843 META-INF/MANIFEST.MF is not present in unpacked webapp
 + JETTY-844 Replace reflection with direct invocation in Slf4jLog
 + JETTY-848 Temporary folder not fully cleanup after stop (via Sweeper)
 + JETTY-854 JNDI scope does not work with applications in a .war
 + JETTY-859 MultiPartFilter ignores the query string parameters
 + JETTY-861 switched buffer pools to ThreadLocal implementation
 + JETTY-862 EncodedHttpURI ignores given encoding in constructor
 + JETTY-866 jetty-client test case fix
 + JETTY-869 NCSARequestLog locale config
 + JETTY-870 NullPointerException in Response when performing redirect to wrong
   relative URL
 + JETTY-871 jetty-client expires() NPE race condition fixed
 + JETTY-876 Added new BlockingArrayQueue and new QueuedThreadPool
 + JETTY-890 merge jaspi branch to trunk
 + JETTY-894 Add android .apk to mime types
 + JETTY-897 Remove swing dependency in GzipFilter
 + JETTY-898 Allow jetty debs to start with custom java args provided by users
 + JETTY-899 Standardize location and build process for configuration files
   which go into etc
 + JETTY-909 Update useragents cache
 + JETTY-917 Change for JETTY-811 breaks systemProperties config parameter in
   maven-jetty-plugin
 + JETTY-922 Fixed NPE on getRemoteHost when socket closed
 + JETTY-923 Client supports attributes
 + JETTY-926 default location for generatedClasses of jspc plugin is incorrect
 + JETTY-938 Deadlock in the TerracottaSessionManager
 + JETTY-939 NPE in AbstractConfiguration.callPreDestroyCallbacks
 + JETTY-946 Redeploys with maven jetty plugin of webapps with overlays don't
   work
 + JETTY-950 Fix double-printing of request URI in request log
 + JETTY-953 SSL keystore file input stream is not being closed directly
 + JETTY-956 SslSelectChannelConnector - password should be the default value
   of keyPassword if not specified
 + moved to org.eclipse packages
 + simplified HandlerContainer API

jetty-6.1.15 - 02 March 2009
 + JETTY-923 BayeuxClient uses message pools to reduce memory footprint
 + JETTY-924 Improved BayeuxClient disconnect handling
 + JETTY-925 Lazy bayeux messages
 + JETTY-926 default location for generatedClasses of jspc plugin is incorrect
 + JETTY-931 Fix issue with jetty-rewrite.xml
 + JETTY-934 fixed stop/start of Bayeux Client
 + JETTY-938 Deadlock in the TerracottaSessionManager
 + JETTY-939 NPE in AbstractConfiguration.callPreDestroyCallbacks

jetty-6.1.15 - 02 March 2009
 + JETTY-923 BayeuxClient uses message pools to reduce memory footprint
 + JETTY-924 Improved BayeuxClient disconnect handling
 + JETTY-925 Lazy bayeux messages
 + JETTY-926 default location for generatedClasses of jspc plugin is incorrect

jetty-6.1.15.rc4 - 19 February 2009
 + JETTY-496 Support inetd/xinetd through use of System.inheritedChannel()
 + JETTY-713 Expose additional AbstractConnector methods via MBean
 + JETTY-749 Improved ack extension
 + JETTY-802 Modify the default error pages to make association with Jetty
   clearer
 + JETTY-811 Allow configuration of system properties for the maven plugin
   using a file
 + JETTY-815 Add comet support to jQuery javascript library
 + JETTY-840 add default mime types to *.htc and *.pps
 + JETTY-848 Temporary folder not fully cleanup after stop (via Sweeper)
 + JETTY-869 NCSARequestLog locale config
 + JETTY-870 NullPointerException in Response when performing redirect to wrong
   relative URL
 + JETTY-872 Handshake handler calls wrong extension callback
 + JETTY-878 Removed printStackTrace from WaitingContinuation
 + JETTY-879 Support extra properties in jQuery comet implementation
 + JETTY-882 ChannelBayeuxListener called too many times
 + JETTY-884 Use hashcode for threadpool ID
 + JETTY-887 Split configuration and handshaking in jquery comet
 + JETTY-888 Fix abort in case of multiple outstanding connections
 + JETTY-894 Add android .apk to mime types
 + JETTY-898 Allow jetty debs to start with custom java args provided by users
 + JETTY-909 Update useragents cache

jetty-6.1.15.rc3 - 28 January 2009
 + JETTY-691 System.getProperty() calls ... wrap them in doPrivileged
 + JETTY-844 Replace reflection with direct invocation in Slf4jLog
 + JETTY-861 switched buffer pools to ThreadLocal implementation
 + JETTY-866 jetty-client test case fix

jetty-6.1.15.rc2 - 23 January 2009
 + JETTY-567 Delay in initial TLS Handshake With FireFox 3 beta5 and
   SslSelectChannelConnector
 + adjustment to jetty-client assembly packaging

jetty-6.1.15.pre0 - 20 January 2009
 + JETTY-600 Automated tests of WADI integration + upgrade to WADI 2.0
 + JETTY-749 Reliable message delivery
 + JETTY-781 Add "mvn jetty:deploy-war" for deploying a pre-assembled war
 + JETTY-794 WADI integration tests fail intermittently
 + JETTY-795 NullPointerException in SocketConnector.java
 + JETTY-798 Jboss session manager incompatible with LifeCycle.Listener
 + JETTY-801 Bring back 2 arg EnvEntry constructor
 + JETTY-802 Modify the default error pages to make association with Jetty very
   clear
 + JETTY-804 HttpClient timeout does not always work
 + JETTY-806 Timeout related Deadlocks in HTTP Client
 + JETTY-807 HttpTester to handle charsets
 + JETTY-808 cometd client demo run.sh
 + JETTY-809 Need a way to customize WEB-INF/lib file extensions that are added
   to the classpath
 + JETTY-814 Add org.eclipse.jetty.client.Address.toString()
 + JETTY-816 Implement reconnect on java bayeux client
 + JETTY-817 Aborted SSL connections may cause jetty to hang with full cpu
 + JETTY-819 Jetty Plus no more jre 1.4
 + JETTY-821 Allow lazy loading of persistent sessions
 + JETTY-824 Access to inbound byte statistics
 + JETTY-825 URL decoding of spaces (+) fails for encoding not utf8
 + JETTY-827 Externalize servlet api
 + JETTY-830 Add ability to reserve connections on http client
 + JETTY-831 Add ability to stop java bayeux client
 + JETTY-832 More UrlDecoded handling in relation to JETTY-825
 + JETTY-833 Update debian and rpm packages for new jsp-2.1-glassfish jars and
   servlet-api jar
 + JETTY-834 Configure DTD does not allow <Map> children
 + JETTY-837 Response headers set via filter are ignored for static resources
 + JETTY-841 Duplicate messages when sending private message to yourself with
   cometd chat demo
 + JETTY-842 NPE in jetty client when no path component
 + JETTY-843 META-INF/MANIFEST.MF is not present in unpacked webapp
 + JETTY-852 Ensure handshake and connect retried on failure for jquery-cometd
 + JETTY-854 JNDI scope does not work with applications in a .war
 + JETTY-855 jetty-client uber assembly support
 + JETTY-858 ContentExchange provides bytes
 + JETTY-859 MultiPartFilter ignores the query string parameters
 + JETTY-862 EncodedHttpURI ignores given encoding in constructor

jetty-6.1.14 - 14 November 2008
 + JETTY-630 jetty6-plus rpm is missing the jetty6-plus jar
 + JETTY-748 Reduced flushing of large content
 + JETTY-765 ensure stop mojo works for all execution phases
 + JETTY-777 include util5 on the jetty debs
 + JETTY-778 handle granular windows timer in lifecycle test
 + JETTY-779 Fixed line feed in request log
 + JETTY-782 Implement interval advice for BayeuxClient
 + JETTY-783 Update jetty self-signed certificate
 + JETTY-784 TerracottaSessionManager leaks sessions scavenged in other nodes
 + JETTY-787 Handle MSIE7 mixed encoding
 + JETTY-788 Fix jotm for new scoped jndi
 + JETTY-790 WaitingContinuations can change mutex if not pending
 + JETTY-791 Ensure jdk1.4 compatibility for jetty-6
 + JETTY-792 TerracottaSessionManager does not unlock new session with
   requested id
 + JETTY-793 Fixed DataCache millisecond rounding

jetty-6.1.12 - 04 November 2008
 + JETTY-731 Completed DeliverListener for cometd
 + JETTY-772 Increased default threadpool size to 250
 + JETTY-774 Cached text/json content type
 + JETTY-775 fix port of openspaces to jetty-6

jetty-7.0.0.pre5 - 30 October 2008
 + JETTY-766 Fix npe
 + JETTY-767 Fixed SSL Client no progress handshake bug
 + JETTY-768 Remove EnvEntry overloaded constructors
 + JETTY-769 jquery example error
 + JETTY-771 Ensure NamingEntryUtil is jdk1.4 compliant
 + JETTY-772 Increased default threadpool size to 250

jetty-6.1.12.rc5 - 30 October 2008
 + JETTY-703 maxStopTimeMs added to QueuedThreadPool
 + JETTY-762 improved QueuedThreadPool idle death handling
 + JETTY-763 Fixed AJP13 constructor
 + JETTY-766 Ensure SystemProperties set early on jetty-maven-plugin
 + JETTY-767 Fixed SSL Client no progress handshake bug
 + JETTY-768 Remove EnvEntry overloaded constructors
 + JETTY-771 Ensure NamingEntryUtil jdk1.4 compliant

jetty-7.0.0.pre4 - 28 October 2008
 + JETTY-241 Support for web application overlays in rapid application
   development (jetty:run)
 + JETTY-319 improved passing of exception when webapp unavailable
 + JETTY-331 SecureRandom hangs on systems with low entropy (connectors slow to
   start)
 + JETTY-591 No server classes for jetty-web.xml
 + JETTY-604 AbstractSession.setSessionURL
 + JETTY-670 $JETTY_HOME/bin/jetty.sh not worked in Solaris, because of
   /usr/bin/which has no error-code
 + JETTY-676 ResourceHandler doesn't support HTTP HEAD requests
 + JETTY-677 GWT serialization issue
 + JETTY-680 Can't configure the ResourceCollection with maven
 + JETTY-681 JETTY-692 MultiPartFilter is slow for file uploads
 + JETTY-682 Added listeners and queue methods to cometd
 + JETTY-686 LifeCycle.Listener
 + JETTY-687 Issue with servlet-mapping in dynamic servlet invoker
 + JETTY-688 Cookie causes NumberFormatException
 + JETTY-689 processing of non-servlet related annotations
 + JETTY-690 Updated XBean dependencies to XBean version 3.4.3 and Spring
   2.0.5.
 + JETTY-696 jetty.sh restart not working
 + JETTY-698 org.eclipse.resource.JarResource.extract does not close
   JarInputStream jin
 + JETTY-699 Optimized cometd sending of 1 message to many many clients
 + JETTY-700 unit test for unread request data
 + JETTY-703 maxStopTimeMs added to QueuedThreadPool
 + JETTY-708 allow 3 scopes for jndi resources: jvm, server or webapp
 + JETTY-709 Jetty plugin's WebAppConfig configured properties gets overridden
   by AbstractJettyRunMojo even when already set
 + JETTY-710 Worked around poor implementation of File.toURL()
 + JETTY-711 DataSourceUserRealm implementation
 + JETTY-712 HttpClient does not handle request complete after response
   complete
 + JETTY-715 AJP Key size as Integer
 + JETTY-716 Fixed NPE on empty cometd message
 + JETTY-718 during ssl unwrap, return true if some bytes were read, even if
   underflow
 + JETTY-720 fix HttpExchange.waitForStatus
 + JETTY-721 Support wildcard in VirtualHosts configuration
 + JETTY-723 jetty.sh does not check if TMP already is set
 + JETTY-724 better handle EBCDIC default JVM encoding
 + JETTY-728 Improve Terracotta integration and performances
 + JETTY-730 Set SAX parse features to defaults
 + JETTY-731 DeliverListener for cometd
 + JETTY-732 Case Sensitive Basic Authentication Response Header
   Implementations
 + JETTY-733 Expose ssl connectors with xbean
 + JETTY-735 Wrong default jndi name on DataSourceUserRealm
 + JETTY-736 Client Specific cometd advice
 + JETTY-737 refactored jetty.jar into jetty, xml, security, ssl, webapp and
   deploy jars
 + JETTY-738 If jetty.sh finds a pid file is does not check to see if a process
   with that pid is still running
 + JETTY-739 Race in QueuedThreadPool
 + JETTY-741 HttpClient connects slowly due to reverse address lookup by
   InetAddress.getHostName()
 + JETTY-742 Private messages in cometd chat demo
 + JETTY-747 Handle HttpClient exceptions better
 + JETTY-755 Optimized HttpParser and buffers for few busy connections
 + JETTY-757 Unhide JAAS classes
 + JETTY-758 Update JSP to glassfish tag SJSAS-9_1_1-B51-18_Sept_2008
 + JETTY-759 Fixed JSON small negative real numbers
 + JETTY-760 Handle wildcard VirtualHost and normalize hostname in
   ContextHandlerCollection
 + JETTY-762 improved QueuedThreadPool idle death handling
 + JETTY-763 Fixed AJP13 constructor
 + JETTY-766 Ensure SystemProperties set early on jetty-maven-plugin

jetty-6.1.12.rc4 - 21 October 2008
 + JETTY-319 improved passing of exception when webapp unavailable
 + JETTY-729 Backport Terracotta integration to Jetty6.1 branch
 + JETTY-744 Backport of JETTY-741: HttpClient connects slowly due to reverse
   address lookup by InetAddress.getHostName()
 + JETTY-747 Handle exceptions better in HttpClient
 + JETTY-755 Optimized HttpParser and buffers for few busy connections
 + JETTY-758 Update JSP 2.1 to glassfish tag SJSAS-9_1_1-B51-18_Sept_2008
 + JETTY-759 Fixed JSON small negative real numbers
 + JETTY-760 Handle wildcard VirtualHost and normalize hostname in
   ContextHandlerCollection

jetty-6.1.12.rc3 - 10 October 2008
 + JETTY-241 Support for web application overlays in rapid application
   development (jetty:run)
 + JETTY-686 LifeCycle.Listener
 + JETTY-715 AJP key size
 + JETTY-716 NPE for empty cometd message
 + JETTY-718 during ssl unwrap, return true if some bytes were read, even if
   underflow
 + JETTY-720 fix HttpExchange.waitForStatus
 + JETTY-721 Support wildcard in VirtualHosts configuration
 + JETTY-722 jndi related threadlocal not cleared after deploying webapp
 + JETTY-723 jetty.sh does not check if TMP already is set
 + JETTY-725 port JETTY-708 (jndi scoping) to jetty-6
 + JETTY-730 set SAX parser features to defaults
 + JETTY-731 DeliverListener for cometd
 + JETTY-732 Case Sensitive Basic Authentication Response Header
   Implementations
 + JETTY-736 Client Specific cometd advice
 + JETTY-738 If jetty.sh finds a pid file is does not check to see if a process
   with that pid is still running
 + JETTY-739 Race in QueuedThreadPool
 + JETTY-742 Private messages in cometd chat demo

jetty-6.1.12rc2 - 12 September 2008
 + JETTY-282 Support manually-triggered reloading
 + JETTY-331 SecureRandom hangs on systems with low entropy (connectors slow to
   startup)
 + JETTY-591 No server classes for jetty-web.xml
 + JETTY-670 $JETTY_HOME/bin/jetty.sh not worked in Solaris, because of
   /usr/bin/which has no error-code
 + JETTY-671 Configure DTD does not allow <Property> children
 + JETTY-672 Utf8StringBuffer doesn't properly handle null characters (char
   with byte value 0)
 + JETTY-676 ResourceHandler doesn't support HTTP HEAD requests
 + JETTY-677 GWT serialization issue
 + JETTY-680 Can't configure the ResourceCollection with maven
 + JETTY-681 JETTY-692 MultiPartFilter is slow for file uploads
 + JETTY-682 Added listeners and queue methods to cometd
 + JETTY-683 ResourceCollection works for jsp files but does not work for
   static resources under DefaultServlet
 + JETTY-687 Issue with servlet-mapping in dynamic servlet invoker
 + JETTY-688 Cookie causes NumberFormatException
 + JETTY-696 ./jetty.sh restart not working
 + JETTY-698 org.eclipse.resource.JarResource.extract does not close
   JarInputStream jin
 + JETTY-699 Optimize cometd sending of 1 message to many many clients
 + JETTY-709 Jetty plugin's WebAppConfig configured properties gets overridden
   by AbstractJettyRunMojo even when already set
 + JETTY-710 Worked around poor implementation of File.toURL()
 + JETTY-712 HttpClient does not handle request complete after response
   complete

jetty-7.0.0pre3 - 06 August 2008
 + JETTY-30 Externalize servlet-api to own project
 + JETTY-182 Support setting explicit system classpath for jasper
   Jsr199JavaCompiler
 + JETTY-319 Get unavailable exception and added startWithUnavailable option
 + JETTY-381 JETTY-622 Multiple Web Application Source Directory
 + JETTY-442 Accessors for mimeType on ResourceHandler
 + JETTY-502 forward of an include should hide include attributes
 + JETTY-562 RewriteHandler support for virtual hosts
 + JETTY-563 JETTY-482 OpenRemoteServiceServlet for GWT1.5M2+
 + JETTY-564 Consider optionally importing org.apache.jasper.servlet
 + JETTY-571 SelectChannelConnector throws Exception on close on Windows
 + JETTY-608 Suspend/Resume/Complete request listeners
 + JETTY-621 Improved LazyList javadoc
 + JETTY-626 Null protect reading the dtd resource from classloader
 + JETTY-628 Rewrite rule for rewriting scheme
 + JETTY-629 Don't hold timeout lock during expiry call
 + JETTY-632 OSGi tags for Jetty client
 + JETTY-633 Default form encoding 8859_1 rather than utf-8
 + JETTY-635 Correctly merge request parameters when doing forward
 + JETTY-636 Separate lifeycle of jsp build
 + JETTY-637 empty date headers throw IllegalArgumentException
 + JETTY-641 JDBC Realm purge cache problem
 + JETTY-642 NPE in LdapLoginModule
 + JETTY-644 LdapLoginModule uses proper filters when searching
 + JETTY-645 Do not provide jetty-util to the webapps
 + JETTY-646 Should set Cache-Control header when sending errors to avoid
   caching
 + JETTY-647 suspended POSTs with binary data do too many resumes
 + JETTY-650 Parse "*" URI for HTTP OPTIONS request
 + JETTY-651 Release resources during destroy
 + JETTY-653 Upgrade jta api specs to more recent version
 + JETTY-654 Allow Cometd Bayeux object to be JMX manageable
 + JETTY-655 Support parsing application/x-www-form-urlencoded parameters via
   http PUT
 + JETTY-656 HttpClient defaults to async mode
 + JETTY-659 ContentExchange and missing headers in HttpClient
 + JETTY-663 AbstractDatabaseLoginModule handle not found UserInfo and userName
 + JETTY-665 Support merging class directories
 + JETTY-666 scanTargetPatterns override the values already being set by
   scanTarget
 + JETTY-667 HttpClient handles chunked content
 + JETTY-669 Http methods other than GET and POST should not have error page
   content
 + JETTY-671 Configure DTD does not allow <Property> children
 + JETTY-672 Utf8StringBuffer doesn't properly handle null characters (char
   with byte value 0)
 + JETTY-675 ServletContext.getRealPath("") returns null instead of returning
   the root dir of the webapp
 + Upgrade jsp 2.1 to SJSAS-9_1_02-B04-11_Apr_2008

jetty-6.1.12rc1 - 01 August 2008
 + JETTY-319 Get unavailable exception and added startWithUnavailable option
 + JETTY-381 JETTY-622 Multiple Web Application Source Directory
 + JETTY-442 Accessors for mimeType on ResourceHandler
 + JETTY-502 forward of an include should hide include attributes
 + JETTY-562 RewriteHandler support for virtual hosts
 + JETTY-563 GWT OpenRemoteServiceServlet GWT1.5M2+
 + JETTY-564 Consider optionally importing org.apache.jasper.servlet
 + JETTY-571 SelectChannelConnector throws Exception on close on Windows
 + JETTY-596 Proxy authorization support in HttpClient
 + JETTY-599 handle buffers consistently handle invalid index for poke
 + JETTY-603 Handle IPv6 in HttpURI
 + JETTY-605 Added optional threadpool to BayeuxService
 + JETTY-606 better writeTo impl for BIO
 + JETTY-607 Add GigaSpaces session clustering
 + JETTY-610 jetty.class.path not being interpreted
 + JETTY-613 website module now generates site-component for jetty-site
 + JETTY-614 scanner allocated hashmap on every scan
 + JETTY-623 ServletContext.getServerInfo() non compliant
 + JETTY-626 Null protect reading the dtd resource from classloader
 + JETTY-628 Rewrite rule for rewriting scheme
 + JETTY-629 Don't hold timeout lock during expiry call
 + JETTY-632 OSGi tags for Jetty client
 + JETTY-633 Default form encoding 8859_1 rather than utf-8
 + JETTY-635 Correctly merge request parameters when doing forward
 + JETTY-637 empty date headers throw IllegalArgumentException
 + JETTY-641 JDBC Realm purge cache problem
 + JETTY-642 NPE in LdapLoginModule
 + JETTY-644 LdapLoginModule uses proper filters when searching
 + JETTY-646 Should set Cache-Control header when sending errors to avoid
   caching
 + JETTY-647 suspended POSTs with binary data do too many resumes
 + JETTY-650 Parse "*" URI for HTTP OPTIONS request
 + JETTY-651 Release resources during destroy
 + JETTY-654 Allow Cometd Bayeux object to be JMX manageable
 + JETTY-655 Support parsing application/x-www-form-urlencoded parameters via
   http PUT
 + JETTY-656 HttpClient defaults to async mode
 + JETTY-657 Backport jetty-7 sslengine
 + JETTY-658 backport latest HttpClient from jetty-7 to jetty-6
 + JETTY-659 ContentExchange and missing headers in HttpClient
 + JETTY-660 Backported QoSFilter
 + JETTY-663 AbstractDatabaseLoginModule handle not found UserInfo and userName
 + JETTY-665 Support merging class directories
 + JETTY-666 scanTargetPatterns override the values already being set by
   scanTarget
 + JETTY-667 HttpClient handles chunked content
 + JETTY-669 Http methods other than GET and POST should not have error page
   content
 + Upgrade jsp 2.1 to SJSAS-9_1_02-B04-11_Apr_2008

jetty-7.0.0pre2 - 30 June 2008
 + JETTY-336 413 error for header buffer full
 + JETTY-425 race in stopping SelectManager
 + JETTY-568 Avoid freeing DirectBuffers. New locking NIO ResourceCache
 + JETTY-569 Stats for suspending requests
 + JETTY-572 Unique cometd client ID
 + JETTY-576 servlet dtds and xsds not being loaded locally
 + JETTY-578 OSGI Bundle-RequiredExcutionEnvironment set to J2SE-1.5
 + JETTY-579 OSGI resolved management and servlet.resources import error
 + JETTY-580 Fixed SSL shutdown
 + JETTY-581 ContextPath constructor
 + JETTY-582 final ISO_8859_1
 + JETTY-584 handle null contextPath
 + JETTY-587 persist sessions to database
 + JETTY-588 handle Retry in ServletException
 + JETTY-589 Added Statistics Servlet
 + JETTY-590 Digest auth domain for root context
 + JETTY-592 expired timeout callback without synchronization
 + JETTY-595 SessionHandler only deals with base request session
 + JETTY-596 proxy support in HttpClient
 + JETTY-598 Added more reliable cometd message flush option
 + JETTY-599 handle buffers consistently handle invalid index for poke
 + JETTY-603 Handle IPv6 in HttpURI
 + JETTY-605 Added optional threadpool to BayeuxService
 + JETTY-606 better writeTo impl for BIO
 + JETTY-607 Add GigaSpaces session clustering
 + JETTY-609 jetty-client improvements for http conversations
 + JETTY-610 jetty.class.path not being interpreted
 + JETTY-611 make general purpose jar scanning mechanism
 + JETTY-612 scan for web.xml fragments
 + JETTY-613 various distribution related changes
 + JETTY-614 scanner allocates hashmap on every iteration
 + JETTY-615 Replaced CDDL servlet.jar with Apache-2.0 licensed version
 + JETTY-623 ServletContext.getServerInfo() non compliant

jetty-6.1.11 - 06 June 2008
 + JETTY-336 413 error for full header buffer
 + JETTY-425 race in stopping SelectManager
 + JETTY-580 Fixed SSL shutdown
 + JETTY-581 ContextPath constructor
 + JETTY-582 final ISO_8859_1
 + JETTY-584 handle null contextPath
 + JETTY-588 handle Retry in ServletException
 + JETTY-590 Digest auth domain for root context
 + JETTY-592 expired timeout callback without synchronization
 + JETTY-595 SessionHandler only deals with base request session
 + JETTY-596 Proxy support in HttpClient
 + JETTY-598 Added more reliable cometd message flush option

jetty-6.1.10 - 20 May 2008
 + JETTY-440 allow file name patterns for jsp compilation for jspc plugin
 + JETTY-529 CNFE when deserializing Array from session resolved
 + JETTY-537 JSON handles Locales
 + JETTY-547 Shutdown SocketEndpoint output before close
 + JETTY-550 Reading 0 bytes corrupts ServletInputStream
 + JETTY-551 Upgraded to Wadi 2.0-M10
 + JETTY-556 Encode all URI fragments
 + JETTY-557 Allow ServletContext.setAttribute before start
 + JETTY-558 optional handling of X-Forwarded-For/Host/Server
 + JETTY-566 allow for non-blocking behavior in jetty maven plugin
 + JETTY-572 unique cometd client ID
 + JETTY-579 osgi fixes with management and servlet resources
 + Use QueuedThreadPool as default

jetty-7.0.0pre1 - 03 May 2008
 + JETTY-440 allow file name patterns for jsp compilation for jspc plugin
 + JETTY-529 CNFE when deserializing Array from session resolved
 + JETTY-558 optional handling of X-Forwarded-For/Host/Server
 + JETTY-559 ignore unsupported shutdownOutput
 + JETTY-566 allow for non-blocking behavior in jetty maven plugin
 + address osgi bundling issue relating to build resources
 + Allow annotations example to be built regularly, copy to contexts-available
 + Improved suspend examples
 + Make annotations example consistent with servlet 3.0
 + Refactor JNDI impl to simplify

jetty-7.0.0pre0 - 21 April 2008
 + JETTY-282 Support manually-triggered reloading by maven plugin
 + JETTY-341 100-Continues sent only after getInputStream called
 + JETTY-386 backout fix and replaced with
   ContextHandler.setCompactPath(boolean)
 + JETTY-399 update OpenRemoteServiceServlet to gwt 1.4
 + JETTY-467 allow URL rewriting to be disabled
 + JETTY-468 unique holder names for addServletWithMapping
 + JETTY-471 LDAP JAAS Realm
 + JETTY-474 Fixed case sensitivity issue with HttpFields
 + JETTY-475 AJP connector in RPMs
 + JETTY-486 Improved jetty.sh script
 + JETTY-487 Handle empty chunked request
 + JETTY-494 Client side session replication
 + JETTY-519 HttpClient does not recycle closed connection
 + JETTY-522 Add build profile for macos for setuid
 + JETTY-523 Default servlet uses ServletContext.getResource
 + JETTY-524 Don't synchronize session event listener calls
 + JETTY-525 Fixed decoding for long strings
 + JETTY-526 Fixed MMBean fields on JMX MBeans
 + JETTY-528 Factor our cookie parsing to CookieCutter
 + JETTY-530 Improved JMX MBeanContainer lifecycle
 + JETTY-531 Optional expires on MovedContextHandler
 + JETTY-532 MBean properties for QueuedThreadPool
 + JETTY-535 Fixed Bayeux server side client memory leak
 + JETTY-537 JSON handles Locales
 + JETTY-538 test harness fix for windows
 + JETTY-540 Servlet-3.0 & java5 support (work in progress)
 + JETTY-543 Atomic batch get and put of files
 + JETTY-545 Rewrite handler
 + JETTY-546 Webapp runner. All in one jar to run a webapps
 + JETTY-547 Shutdown SocketEndpoint output before close
 + JETTY-550 Reading 0 bytes corrupts ServletInputStream
 + JETTY-551 Wadi 2.0-M10
 + JETTY-553 Fixed customize override
 + JETTY-556 Encode all URI fragments
 + JETTY-557 Allow ServletContext.setAttribute before start
 + JETTY-560 Allow decoupling of jndi names in web.xml
 + Added option to dispatch to suspended requests.
 + BayeuxClient use a single connection for polling
 + Delay 100 continues until getInputStream
 + Ensure Jotm tx mgr can be found in jetty-env.xml
 + HttpClient supports pipelined request
 + Jetty-6.1.8 Changes
 + Make javax.servlet.jsp optional osgi import for jetty module
 + QueuedThreadPool default
 + Refactor of Continuation towards servlet 3.0 proposal
 + Renamed modules management and naming to jmx and jndi.
 + RetryRequest exception now extends ThreadDeath

jetty-6.1.9 - 26 March 2008
 + JETTY-399 update OpenRemoteServiceServlet to gwt 1.4
 + JETTY-471 LDAP JAAS Realm
 + JETTY-475 AJP connector in RPMs
 + JETTY-482 update to JETTY-399
 + JETTY-519 HttpClient does not recycle closed connection
 + JETTY-522 Add build profile for macos for setuid
 + JETTY-525 Fixed decoding for long strings
 + JETTY-526 Fixed MMBean fields on JMX MBeans
 + JETTY-532 MBean properties for QueuedThreadPool
 + JETTY-535 Fixed Bayeux server side client memory leak
 + JETTY-538 test harness fix for windows
 + JETTY-541 Cometd per client timeouts
 + Ensure Jotm tx mgr can be found in jetty-env.xml
 + Make javax.servlet.jsp optional osgi import for jetty module

jetty-6.1.8 - 28 February 2008
 + JETTY-350 log ssl errors on SslSocketConnector
 + JETTY-417 JETTY_LOGS environment variable not queried by jetty.sh
 + JETTY-433 ContextDeployer constructor fails unnecessarily when using a
   security manager if jetty.home not set
 + JETTY-434 ContextDeployer scanning of sub-directories should be optional
 + JETTY-481 Handle empty Bayeux response
 + JETTY-489 Improve doco on the jetty.port property for plugin
 + JETTY-490 Fixed JSONEnumConvertor
 + JETTY-491 opendocument mime types
 + JETTY-492 Null pointer in HashSSORealm
 + JETTY-493 JSON handles BigDecimals
 + JETTY-498 Improved cookie parsing
 + JETTY-507 Fixed encoding from JETTY-388 and test case
 + JETTY-508 Extensible cometd handlers
 + JETTY-509 Fixed JSONP transport for changing callback names
 + JETTY-511 jetty.sh mishandled JETTY_HOME when launched from a relative path
 + JETTY-512 add slf4j as optional to manifest
 + JETTY-513 Terracotta session replication does not work when the initial page
   on each server does not set any attributes
 + JETTY-515 Timer is missing scavenging Task in HashSessionManager
 + Add "mvn jetty:stop"
 + Added BayeuxService
 + Added JSON.Convertor and non static JSON instances
 + Added QueuedThreadPool
 + add removeHandler(Handler) method to HandlerContainer interface
 + AJP handles bad mod_jk methods
 + Allow code ranges on ErrorPageErrorHandler
 + allow sessions to be periodically persisted to disk
 + Cookie support in BayeuxClient
 + Fixed JSON negative numbers
 + further Optimizations and improvements of Cometd
 + grizzly fixed for posts
 + Improved Bayeux API
 + Improved Cometd timeout handling
 + JSON unquotes /
 + Long cache for JSON
 + Optimizations and improvements of Cometd, more pooled objects
 + Optimized QuotedStringTokenizer.quote()
 + Remove duplicate commons-logging jars and include sslengine in jboss sar

jetty-6.1.7 - 22 December 2007
 + JETTY-386 CERT-553235 backout fix and replaced with
   ContextHandler.setCompactPath(boolean)
 + JETTY-467 allow URL rewriting to be disabled
 + JETTY-468 unique holder names for addServletWithMapping
 + JETTY-474 Fixed case sensitivity issue with HttpFields
 + JETTY-486 Improved jetty.sh script
 + JETTY-487 Handle empty chunked request
 + Add "mvn jetty:stop"
 + Added BayeuxService
 + Added JSON.Convertor and non static JSON instances
 + allow sessions to be periodically persisted to disk
 + Cookie support in BayeuxClient
 + grizzly fixed for posts
 + jetty-6.1 branch created from 6.1.6 and r593 of jetty-contrib trunk
 + Optimizations and improvements of Cometd, more pooled objects
 + Update java5 patch

jetty-6.1.6 - 18 November 2007
 + JETTY-455 Optional cometd id
 + JETTY-459 Unable to deploy from Eclipse into the root context
 + JETTY-461 fixed cometd unknown channel
 + JETTY-464 typo in ErrorHandler
 + JETTY-465 System.exit() in constructor exception for MultiPartOutputStream
 + rudimentary debian packaging
 + updated grizzly connector to 1.6.1

jetty-6.1.6rc1 - 05 November 2007
 + JETTY-388 Handle utf-16 and other multibyte non-utf-8 form content
 + JETTY-409 String params that denote files changed to File
 + JETTY-438 handle trailing . in vhosts
 + JETTY-439 Fixed 100 continues clash with Connection:close
 + JETTY-443 windows bug causes Acceptor thread to die
 + JETTY-445 removed test code
 + JETTY-448 added setReuseAddress on AbstractConnector
 + JETTY-450 Bad request for response sent to server
 + JETTY-451 Concurrent modification of session during invalidate
 + JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
 + JETTY-453 updated Wadi to 2.0-M7
 + JETTY-454 handle exceptions with themselves as root cause
 + JETTY-456 allow null keystore for osX
 + JETTY-457 AJP certificate chains
 + Added configuration file for capturing stderr and stdout
 + CERT VU#38616 handle single quotes in cookie names.
 + Give bayeux timer name
 + Give Terracotta session scavenger a name
 + Housekeeping on poms
 + Improved JSON parsing from Readers
 + Jetty Eclipse Plugin 1.0.1: force copy of context file on redeploy
 + Moved some impl classes from jsp-api-2.1 to jsp-2.1
 + Updated for dojo 1.0(rc) cometd
 + Upgrade jsp 2.1 to SJSAS-9_1-B58G-FCS-08_Sept_2007

jetty-6.1.6rc0 - 03 October 2007
 + JETTY-259 SystemRoot set for windows CGI
 + JETTY-311 avoid json keywords
 + JETTY-376 allow anything but CRLF in reason string
 + JETTY-398 Allow same WADI Dispatcher to be used across multiple web-app
   contexts
 + JETTY-400 consume CGI stderr
 + JETTY-402 keep HashUserRealm in sync with file
 + JETTY-403 Allow long content length for range requests
 + JETTY-404 WebAppDeployer sometimes deploys duplicate webapp
 + JETTY-405 Default date formate for reqest log
 + JETTY-407 AJP handles unknown content length
 + JETTY-413 Make rolloveroutputstream timer daemon
 + JETTY-422 Allow <Property> values to be null in config files
 + JETTY-423 Ensure javax.servlet.forward parameters are latched on first
   forward
 + JETTY-425 Handle duplicate stop calls better
 + JETTY-430 improved cometd logging
 + JETTY-431 HttpClient soTimeout
 + Add ability to persist sessions with HashSessionManager
 + Added ConcatServlet to combine javascript and css
 + Added jetty.lib system property to start.config
 + Added JPackage RPM support
 + Added JSON.Convertable
 + Adding setUsername,setGroupname to setuid and mavenizing native build
 + Add jetty.host system property
 + AJP13 Fix on chunked post
 + Allow properties files on the XmlConfiguration command line.
 + Allow scan interval to be set after Scanner started
 + Avoid FULL exception in window between blockForOutput and remote close
 + Cached user agents strings in the /org/mortbay/jetty/useragents resource
 + Added protection for response splitting with bad headers (CVE-2007-5615)
 + Ensure session is completed only when leaving context.
 + Fix cached header optimization for extra characters
 + Fix Host header for async client
 + Fix patch for java5 to include cometd module
 + Fix typo in async client onResponsetHeader method name
 + Give deployment file Scanner threads a unique name
 + Make default time format for RequestLog match NCSA default
 + Make mx4j used only if runtime uses jdk<1.5
 + Moved Grizzly to contrib
 + Prevent infinite loop on stopping with temp dir
 + Removal of unneeded dependencies from management, maven-plugin, naming &
   plus poms
 + SetUID option to support setgid
 + Tweak OSGi manifests to remove unneeded imports
 + Updated README, test index.html file and jetty-plus.xml file
 + Update jasper2.1 to tag SJSAS-9_1-B58C-FCS-22_Aug_2007
 + Update terracotta to 2.4.1 and exclude ssl classes
 + Use terracotta repo for build; make jetty a terracotta module
 + UTF-8 for bayeux client

jetty-5.1.14 - 09 August 2007
 + JETTY-155 force close with content length
 + JETTY-369 failed state in Container
 + patched with correct version

jetty-6.1.5 - 19 July 2007
 + JETTY-392 updated LikeJettyXml example
 + Fixed GzipFilter for dispatchers
 + Fixed reset of reason
 + Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007

jetty-6.1.5rc0 - 15 July 2007
 + JETTY-253 Improved graceful shutdown
 + JETTY-373 Stop all dependent lifecycles
 + JETTY-374 HttpTesters handles large requests/responses
 + JETTY-375 IllegalStateException when committed
 + JETTY-376 allow spaces in reason string
 + JETTY-377 allow sessions to be wrapped with
   AbstractSesssionManager.SessionIf
 + JETTY-378 handle JVMs with non ISO/UTF default encodings
 + JETTY-380 handle pipelines of more than 4 requests
 + JETTY-385 EncodeURL for new sessions from dispatch
 + JETTY-386 Allow // in file resources
 + Added GzipFilter and UserAgentFilter
 + Dispatch SslEngine expiry (non atomic)
 + Improved Request log configuration options
 + make jetty plus example webapps use ContextDeployer
 + make OSGi manifests for jetty jars
 + Make SLF4JLog impl public, add mbean descriptors
 + Protect SslSelectChannelConnector from exceptions during close
 + remove call to open connectors in jetty.xml
 + SetUID option to only open connectors before setUID.
 + SPR-3682 - dont hide forward attr in include.
 + update links on website
 + update terracotta configs for tc 2.4 stable1
 + update terracotta session clustering to terracotta 2.4
 + Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007

jetty-6.1.4 - 15 June 2007
 + JETTY-370 ensure idleTimeout<=0 means connections never expire
 + JETTY-371 Fixed chunked HEAD response
 + JETTY-372 make test for cookie caching more rigorous
 + fixed early open() call in NIO connectors

jetty-6.1.4rc1 - 10 June 2007
 + JETTY-310 better exception when no filter file for cometd servlet
 + JETTY-323 handle htaccess without a user realm
 + JETTY-346 add wildcard support to extra scan targets for maven plugin
 + JETTY-355 extensible SslSelectChannelConnector
 + JETTY-357 cleaned up ssl buffering
 + JETTY-360 allow connectors, userRealms to be added from a <jettyConfig> for
   maven plugin
 + JETTY-361 prevent url encoding of dir listings for non-link text
 + JETTY-362 More object locks
 + JETTY-365 make needClientAuth work on SslSelectChannelConnector
 + JETTY-366 JETTY-368 Improved bayeux disconnect
 + async client improvements
 + fixed handling of large streamed files
 + Fixed synchronization conflict SslSelectChannel and SelectChannel
 + moved documentation for jetty and jspc maven plugins to wiki
 + Optional static content cache
 + Work around IBM JVM socket close issue

jetty-6.1.4rc0 - 01 June 2007
 + JETTY-257 fixed comet cross domain
 + JETTY-309 fix applied to sslEngine
 + JETTY-317 rollback inclusion of cometd jar for maven plugin
 + JETTY-318 Prevent meta channels being created
 + JETTY-330 Allow dependencies with scope provided for jspc plugin
 + JETTY-335 SslEngine overflow fix
 + JETTY-337 deprecated get/setCipherSuites and added
   get/setExcludeCipherSuites
 + JETTY-338 protect isMoreInBuffer from destroy
 + JETTY-339 MultiPartFiler deletes temp files on IOException
 + JETTY-340 FormAuthentication works with null response
 + JETTY-344 gready fill in ByteArrayBuffer.readFrom
 + JETTY-345 fixed lost content with blocked NIO
 + JETTY-347 Fixed type util init
 + JETTY-352 Object locks
 + Add (commented out) jspc precompile to test-webapp
 + Add ability to run cometd webapps to maven plugin
 + Add slf4j-api for upgraded version
 + Allow XmlConfiguration properties to be configured
 + Change scope of fields for Session
 + Delay ssl handshake until after dispatch in sslSocketConnector
 + fixed JSP close handling
 + fixed waiting continuation reset
 + improved date header handling
 + Optional send Date header. Server.setSendDateHeader(boolean)
 + Reorganized import of contrib modules
 + Set so_timeout during ssl handshake as an option on SslSocketConnector
 + Unified JMX configuration
 + Updated junit to 3.8.2
 + Updated slf4j version to 1.3.1
 + update etc/jetty-ssl.xml with new handshake timeout setting

jetty-6.1.3 - 04 May 2007
 + JETTY-309 don't clear writable status until dispatch
 + JETTY-315 suppressed warning
 + JETTY-322 AJP13 cping and keep alive
 + Handle CRLF for content in header optimization

jetty-6.1.2 - 01 May 2007
 + JETTY-322 fix ajp cpong response and close handling
 + JETTY-324 fix ant plugin
 + JETTY-328 updated jboss
 + Added static member definition in WadiSessionManager
 + Fixed session invalidation error in WadiSessionManager
 + Improved unavailabile handling
 + sendError resets output state
 + Updated Wadi to version 2.0-M3

jetty-6.1.2rc5 - 24 April 2007
 + JETTY-305 delayed connection destroy
 + JETTY-309 handle close in multivalue connection fields
 + JETTY-314 fix for possible NPE in Request.isRequestedSessionIdValid
 + Allow jsp-file to be / or /*
 + removed some compile warnings
 + set default keystore for SslSocketConnector

jetty-6.1.2rc4 - 19 April 2007
 + JETTY-294 Fixed authentication reset
 + JETTY-299 handle win32 paths for object naming
 + JETTY-300 removed synchronized on dispatch
 + JETTY-302 correctly parse quoted content encodings
 + JETTY-303 fixed dual reset of generator
 + JETTY-304 Fixed authentication reset

jetty-6.1.2rc3 - 16 April 2007
 + JETTY-283 Parse 206 and 304 responses in client
 + JETTY-285 enable jndi for mvn jetty:run-war and jetty:run-exploded
 + JETTY-289 fixed javax.net.ssl.SSLException on binary file upload
 + JETTY-292 Fixed error page handler error pages
 + JETTY-293 fixed NPE on fast init
 + JETTY-294 Response.reset() resets headers as well as content
 + JETTY-295 Optional support of authenticated welcome files
 + JETTY-296 Close direct content inputstreams
 + JETTY-297 Recreate tmp dir on stop/start
 + JETTY-298 Names in JMX ObjectNames for context, servlets and filters
 + AJP redirects https requests correctly
 + Fixed writes of unencoded char arrays.
 + Improved performance and exclusions for TLD scanning
 + Improvements to allow simple setting of Cache-Control headers
 + MBean properties assume writeable unless marked RO
 + refactor of SessionManager and SessionIdManager for clustering

jetty-6.1.2rc2 - 27 March 2007
 + JETTY-125 maven plugin: ensure test dependencies on classpath for
   <useTestClasspath>
 + JETTY-246 path encode cookies rather than quote
 + JETTY-254 prevent close of jar entry by bad JVMs
 + JETTY-256 fixed isResumed and work around JVM bug
 + JETTY-258 duplicate log message in ServletHandler
 + JETTY-260 Close connector before stop
 + JETTY-262 Allow acceptor thread priority to be adjusted
 + JETTY-263 Added implementation for authorizationType Packets
 + JETTY-265 Only quote cookie values if needed
 + JETTY-266 Fix deadlock with shutdown
 + JETTY-271 ResourceHandler uses resource for MimeType mapping
 + JETTY-272 Activate and Passivate events for sessions
 + JETTY-274 Improve flushing at end of request for blocking
 + JETTY-276 Partial fix for reset/close race
 + JETTY-277 Improved ContextHandlerCollection
 + JETTY-278 Session invalidation delay until no requests
 + JETTY-280 Fixed deadlock with two flushing threads
 + JETTY-284 Fixed stop connector race
 + JETTY-286 isIntegral and isConfidential methods overridden in
   SslSelectChannelConnector
 + Added RestFilter for PUT and DELETE from Aleksi Kallio
 + AJP13 CPING request and CPONG response implemented
 + AJP13 remoteUser, contextPath, servletPath requests implemented
 + AJP13 Shutdown Request from peer implemented
 + Change some JNDI logging to debug level instead of info
 + Enable the SharedStoreContextualiser for the WadiSessionManager(Database
   store for clustering)
 + Make annotations work for maven plugin
 + Optimized multi threaded init on startup servlets
 + Refactor Scanner to increase code reuse with maven/ant plugins
 + Removed unneeded specialized TagLibConfiguration class from maven plugin
 + Update jasper to glassfish tag SJSAS-9_1-B39-RC-14_Mar_2007

jetty-6.1.2rc1 - 08 March 2007
 + JETTY-157 make CGI handle binary data
 + JETTY-175 JDBCUserRealm use getInt instead of getObject
 + JETTY-188 Use timer for session scavaging
 + JETTY-235 default realm name
 + JETTY-242 fix race condition with scavenging sessions when stopping
 + JETTY-243 FULL
 + JETTY-244 Fixed UTF-8 buffer overflow
 + JETTY-245 Client API improvements
 + JETTY-246 spaces in cookies
 + JETTY-248 setContentLength after content written
 + JETTY-250 protect attribute enumerations from modification
 + JETTY-252 Fixed stats handling of close connection
 + JETTY-254 prevent close of jar file by bad JVMs
 + add ajp connector jar to jetty-jboss sar
 + Added option to allow null pathInfo within context
 + Added support for lowResourcesIdleTime to SelectChannelConnector
 + BoundedThreadPool queues rather than blocks excess jobs.
 + call preDestroy() after servlet/filter destroy()
 + Ensure jetty/jboss uses servlet-spec classloading order
 + Fix constructor for Constraint to detect wildcard role
 + fix Dump servlet to handle primitive array types
 + handle comma separated values for the Connection: header
 + Improved Context setters for wadi support
 + Improved handling of early close in AJP
 + Support null pathInfo option for webservices deployed to jetty/jboss
 + TagLibConfiguration uses resource input stream
 + Workaround to call SecurityAssocation.clear() for jboss webservices calls to
   ejbs

jetty-6.1.2rc0 - 15 February 2007
 + JETTY-223 Fix disassociate of UserPrincipal on dispatches
 + JETTY-226 Fixed SSLEngine close issue
 + JETTY-232 Fixed use of override web.xml
 + JETTY-236 Buffer leak
 + JETTY-237 AJPParser Buffer Data Handling
 + JETTY-238 prevent form truncation
 + Coma separated cookies
 + Cometd timeout clients
 + Patches from sybase for ClientCertAuthenticator

jetty-6.1.2pre1 - 05 February 2007
 + JETTY-224 run build up to process-test before invoking jetty:run
 + Added error handling for incorrect keystore/truststore password in
   SslSelectChannelConnector
 + added win32service to standard build
 + allow ResourceHandler to use resource base from an enclosing ContextHandler
 + fixed bug with virtual host handling in ContextHandlerCollection
 + refactored cometd to be continuation independent

jetty-6.1.2pre0 - 01 February 2007
 + JETTY-213 request.isUserInRole(String) fixed
 + JETTY-215 exclude more transitive dependencies from tomcat jars for jsp-2.0
 + JETTY-216 handle AJP packet fragmentation
 + JETTY-218 handle AJP ssl key size and integer
 + JETTY-219 fixed trailing encoded chars in cookies
 + JETTY-220 fixed AJP content
 + JETTY-222 fix problem parsing faces-config.xml
 + Added cometd jsonp transport from aabeling
 + Added terracotta cluster support for cometd
 + add support for Annotations in servlet, filter and listener sources
 + enable SslSelectChannelConnector to modify the SslEngine's client
   authentication settings
 + Fixed 1.4 method in jetty plus
 + Fixed generation of errors during jsp compilation for jsp-2.1
 + handle virtual hosts in ContextHandlerCollection
 + improved writer buffering
 + moved JSON parser to util to support reuse

jetty-6.1.1 - 15 January 2007

jetty-6.1.1rc1 - 12 January 2007
 + JETTY-210 Build jsp-api-2.0 for java 1.4
 + Use timers for Rollover logs and scanner

jetty-6.1.1rc0 - 10 January 2007
 + JETTY-209 Added ServletTester.createSocketConnector
 + JETTY-210 Build servlet-api-2.5 for java 1.4
 + JETTY-211 fixed jboss build
 + CGI servlet fails without exception
 + ensure response headers on AjaxFilter messsages turn off caching
 + extras/win32service download only if no JavaServiceWrapper exist
 + Fixed unpacking WAR
 + MultiPartFilter deleteFiles option
 + simplified chat demo
 + start webapps on deployment with jboss, use isDistributed() method from
   WebAppContext

jetty-6.1.0 - 05 January 2007
 + Fixed unpacking WAR
 + JETTY-206 fixed AJP getServerPort and getRemotePort
 + Added extras/win32service
 + Added WebAppContext.setCopyWebDir to avoid JVM jar caching issues.
 + GERONIMO-2677 refactor of session id handling for clustering
 + Improved config of java5 threadpool
 + Protect context deployer from Errors
 + ServletTester sets content length

jetty-6.1.0 - 05 January 2007
 + JETTY-206 fixed AJP getServerPort and getRemotePort
 + Added extras/win32service
 + Added WebAppContext.setCopyWebDir to avoid JVM jar caching issues.
 + GERONIMO-2677 refactor of session id handling for clustering
 + Improved config of java5 threadpool
 + Protect context deployer from Errors
 + ServletTester sets content length

jetty-6.1.0rc3 - 02 January 2007
 + JETTY-195 fixed ajp ssl_cert handling
 + JETTY-197 fixed getRemoteHost
 + JETTY-203 initialize ServletHandler if no Context instance
 + JETTY-204 setuid fix
 + extras/servlet-tester
 + implement resource injection and lifecycle callbacks declared in web.xml
 + setLocale does not use default content type
 + Use standard releases of servlet and jsp APIs.

jetty-6.1.0rc2 - 20 December 2006
 + JETTY-167 cometd refactor
 + JETTY-194 doubles slashes are significant in URIs
 + JETTY-201 make run-as work for both web container and ejb container in jboss
 + AJP13Parser, throw IllegalStateException on unimplemented AJP13 Requests
 + ContextHandlerCollection is noop with no handlers
 + ensure classpath passed to jspc contains file paths not urls
 + ensure com.sun.el.Messages.properties included in jsp-2.1 jar
 + ensure servlets initialized if only using ServletHandler
 + Jetty-197 AJP13 getRemoteHost()
 + Refactored AbstractSessionManager for ehcache
 + remove code to remove SecurityHandler if no constraints present

jetty-6.1.0rc1 - 14 December 2006
 + JETTY-193 MailSessionReference without authentication
 + JETTY-199 newClassPathResource
 + added cache session manager(pre-alpha)
 + ensure unique name for ServletHolder instances
 + simplified idle timeout handling

jetty-6.1.0rc0 - 08 December 2006
 + JETTY-123 fix improved
 + JETTY-181 Allow injection of a java:comp Context
 + JETTY-182 Optionally set JSP classpath initparameter
 + JETTY-184 cometd connect non blocking
 + JETTY-185 tmp filename generation
 + JETTY-189 ProxyConnection
 + 403 for BASIC authorization failure
 + Added extras/gwt
 + Added org.mortbay.thread.concurrent.ThreadPool
 + Added spring ejb3 demo example
 + DefaultHandler links virtual hosts.
 + Dispatcher does not protect javax.servlet attributes
 + Fixed cachesize on invalidate
 + Fixed idle timeout
 + flush if content-length written
 + forward query attribute fix
 + Handle request content encodings
 + null for unknown named dispatches
 + Optimization of writers
 + ServletHandler allows non REQUEST exceptions to propogate
 + Servlet role ref
 + session attribute listener
 + Support for RFC2518 102-processing response
 + TCK fixes from Sybase:
 + update jasper to glassfish SJSAS-9_1-B27-EA-07_Dec_2006

jetty-6.1.0pre3 - 22 November 2006
 + JETTY-154 Cookies are double quotes only
 + JETTY-180 XBean support for context deploy
 + Upgraded session ID generation to use SecureRandom (CVE-2006-6969)
 + Expose isResumed on Continuations
 + fixed NIO endpoint flush. Avoid duplicate sends
 + Refactored AJP generator
 + Support TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 + updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006

jetty-6.0.2 - 22 November 2006
 + JETTY-118 ignore extra content after close
 + JETTY-119 cleanedup Security optimizatoin
 + JETTY-123 handle windows UNC paths
 + JETTY-126 handle content > Integer.MAX_VALUE
 + JETTY-129 ServletContextListeners called after servlets are initialized
 + JETTY-151 Idle timeout only applies to blocking operations
 + JETTY-154 Cookies are double quotes only
 + JETTY-171 Fixed filter mapping
 + JETTY-172 use getName() instead of toString
 + JETTY-173 restore servletpath after dispatch
 + (re)make JAAS classes available to webapp classloader
 + add <Property> replacement in jetty xml config files
 + Added concept of bufferred endpoint
 + Added conversion Object -> ObjectName for the result of method calls made on
   MBeans
 + Added DataFilter configuration to cometd
 + added examples/test-jaas-webapp
 + Added extraClassPath to WebAppContext
 + Added hierarchical destroy of mbeans
 + Added ID constructor to AbstractSessionManager.Session
 + added isStopped() in LifeCycle and AbstractLifeCycle
 + Added override descriptor for deployment of RO webapps
 + Allow session cookie to be refreshed
 + alternate optimizations of writer (use -Dbuffer.writers=true)
 + Apply queryEncoding to getQueryString
 + CGI example in test webapp
 + change examples/test-jndi-webapp so it can be regularly built
 + Default soLinger is -1 (disabled)
 + ensure "" returned for ServletContext.getContextPath() for root context
 + ensure sessions nulled out on request recycle; ensure session null after
   invalidate
 + ensure setContextPath() works when invoked from jetty-web.xml
 + fixed NIO endpoint flush. Avoid duplicate sends
 + Fixed NPE in bio.SocketEndPoint.getRemoteAddr()
 + Fixed resource cache flushing
 + Fixed tld parsing for maven plugin
 + HttpGenerator can generate requests
 + Improved *-mbean.properties files and specialized some MBean
 + Major refactor of SelectChannel EndPoint for client selector
 + make .tag files work in packed wars
 + Moved all modules updates from 6.1pre2 to 6.0
 + Plugin shutdown context before stopping it.
 + Refactored session lifecycle and additional tests
 + release resource lookup in Default servlet
 + Reverted UnixCrypt to use coersions (that effected results)
 + Session IDs can change worker ID
 + Simplified ResourceCache and Default servlet
 + SocketConnector closes all connections in doStop
 + Support TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 + updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006
 + Upgraded session ID generation to use SecureRandom

jetty-5.1.12 - 22 November 2006
 + JETTY-154 Cookies ignore single quotes
 + Added support for TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 + AJP protected against bad requests from mod_jk
 + Quote single quotes in cookies
 + Upgraded session ID generation to use SecureRandom

jetty-4.2.27 - 22 November 2006
 + AJP protected against bad requests from mod_jk
 + Upgraded session ID generation to use SecureRandom

jetty-6.1.0pre2 - 20 November 2006
 + Added extraClassPath to WebAppContext
 + Clean up jboss module licensing
 + Fixed resource cache flushing

jetty-6.1.0pre1 - 19 November 2006
 + JETTY-151 Idle timeout only applies to blocking operations
 + JETTY-171 Fixed filter mapping
 + JETTY-172 use getName() instead of toString
 + JETTY-173 restore servletpath after dispatch
 + Added extras/jboss
 + Added hierarchical destroy of mbeans
 + Added override descriptor for deployment of RO webapps
 + alternate optimizations of writer (use -Dbuffer.writers=true)
 + Fixed NPE in bio.SocketEndPoint.getRemoteAddr()
 + Major refactor of SelectChannel EndPoint for client selector
 + release resource lookup in Default servlet
 + Reverted UnixCrypt to use coersions (that effected results)
 + Simplified ResourceCache and Default servlet
 + Use ContextDeployer as main deployer in jetty.xml

jetty-6.1.0pre0 - 21 October 2006
 + JETTY-112 ContextHandler checks if started
 + JETTY-113 support optional query char encoding on requests
 + JETTY-114 removed utf8 characters from code
 + JETTY-115 Fixed addHeader
 + JETTY-118 ignore extra content after close
 + JETTY-119 cleanedup Security optimizatoin
 + JETTY-121 init not called on externally constructed servlets
 + JETTY-123 handle windows UNC paths
 + JETTY-124 always initialize filter caches
 + JETTY-126 handle content > Integer.MAX_VALUE
 + JETTY-129 ServletContextListeners called after servlets are initialized
 + (re)make JAAS classes available to webapp classloader
 + add <Property> replacement in jetty xml config files
 + add a maven-jetty-jspc-plugin to do jspc precompilation
 + added cometd chat demo
 + Added concept of bufferred endpoint
 + Added conversion Object -> ObjectName for the result of method calls made on
   MBeans
 + Added DataFilter configuration to cometd
 + added examples/test-jaas-webapp
 + Added extras/setuid to support start as root
 + Added ID constructor to AbstractSessionManager.Session
 + added isStopped() in LifeCycle and AbstractLifeCycle
 + add hot deployment capability
 + AJP Connector
 + Allow session cookie to be refreshed
 + Apply queryEncoding to getQueryString
 + CGI example in test webapp
 + change examples/test-jndi-webapp so it can be regularly built
 + Default soLinger is -1 (disabled)
 + ensure "" returned for ServletContext.getContextPath() for root context
 + ensure sessions nulled out on request recycle; ensure session null after
   invalidate
 + ensure setContextPath() works when invoked from jetty-web.xml
 + Factored ErrorPageErrorHandler out of WebAppContext
 + fixed ClassCastException in JAASUserRealm.setRoleClassNames(String[])
 + fixed isUserInRole checking for JAASUserRealm
 + Fixed tld parsing for maven plugin
 + HttpGenerator can generate requests
 + Improved *-mbean.properties files and specialized some MBean
 + Improved charset handling in URLs
 + JETYY-120 SelectChannelConnector closes all connections on stop
 + make .tag files work in packed wars
 + minor optimization of bytes to UTF8 strings
 + Plugin shutdown context before stopping it.
 + Ported HtAccessHandler
 + Refactored ErrorHandler to avoid statics
 + Refactored session lifecycle and additional tests
 + Session IDs can change worker ID
 + SocketConnector closes all connections in doStop
 + Start of a client API
 + Transforming classloader does not transform resources.

jetty-5.1.11 - 08 October 2006
 + Default servlet only uses setContentLength on wrapped responses
 + Fixed AJP chunk header (1507377)
 + Fixed AJP handling of certificate length (1494939)
 + fixed ByteBufferOutputStream capacity calculation
 + Fixed order of destruction event calls
 + Fix to HttpOutputStream from M.Traverso

jetty-4.2.26 - 08 October 2006
 + Backport of AJP fixes

jetty-6.0.1 - 24 September 2006
 + JETTY-112 ContextHandler checks if started
 + JETTY-113 support optional query char encoding on requests
 + JETTY-114 removed utf8 characters from code
 + JETTY-115 Fixed addHeader
 + JETTY-121 init not called on externally constructed servlets
 + JETTY-124 always initialize filter caches
 + Factored ErrorPageErrorHandler out of WebAppContext
 + fixed ClassCastException in JAASUserRealm.setRoleClassNames(String[])
 + fixed isUserInRole checking for JAASUserRealm
 + Improved charset handling in URLs
 + JETYY-120 SelectChannelConnector closes all connections on stop
 + minor optimization of bytes to UTF8 strings
 + Refactored ErrorHandler to avoid statics

jetty-6.0.0 - 10 September 2006
 + Conveniance builder methods for listeners and filters
 + Plugin shutdown context before stopping it.
 + SocketConnector closes all connections in doStop
 + Transforming classloader does not transform resources.

jetty-6.0.0rc4 - 05 September 2006
 + JETTY-107 Poor cast in SessionDump demo
 + bind jetty-env.xml entries to java:comp/env
 + Set charset on error pages

jetty-6.0.0rc3 - 01 September 2006
 + JETTY-68 Complete request after sendRedirect
 + JETTY-104 (raised glassfish ISSUE-1044) hide JSP forced path attribute
 + Avoid double error handling of Bad requests
 + don't warn for content length on head requests
 + JETTY-103
 + Less verbose handling of BadResources from bad URLs
 + Move MailSessionReference to org.mortbay.naming.factories
 + pulled 6.0.0 branch
 + Transferred the sslengine patch from the patches directory to extras

jetty-6.0.0rc2 - 25 August 2006
 + added org.apache.commons.logging package to system classes that can't be
   overridden by a webapp classloader
 + Destroy HttpConnection to improve buffer pooling
 + Direct buffer useage is optional
 + Fixed NPE when no resource cache
 + Moved more utility packagtes to the util jar
 + mvn -Djetty.port=x jetty:run uses port number given for the default
   connector
 + Refactored WebXmlConfiguration to allow custom web.xml resource
 + Timestamp in StdErrLog
 + use mvn -Dslf4j=false jetty:run to disable use of slf4j logging with
   jdk1.4/jsp2.0

jetty-6.0.0ALPHA2 - 20 August 2006
 + Continuations - way cool way to suspend a request and retry later.
 + Dispatchers
 + Security

jetty-6.0.0ALPHA1 - 20 August 2006
 + Filters
 + web.xml handling

jetty-6.0.0ALPHA0 - 20 August 2006
 + file may be sent as sent is a single operation.
 + Improved "dependancy injection" and "inversion of control" design of
   components
 + Improved "interceptor" design of handlers
 + Missing Request Dispatchers
 + Missing Security
 + Missing war support
 + Missing web.xml based configuration
 + Optional use of NIO Buffering so that efficient direct buffers and memory
   mapped files can be used.
 + Optional use of NIO gather writes, so that for example a HTTP header and a
   memory mapped
 + Optional use of NIO non-blocking scheduling so that threads are not
   allocated per connection.
 + Smart split buffer design allows large buffers to only be allocated to
   active connections. The resulting memory savings allow very large buffers to
   be used, which increases the chance of efficient asynchronous flushing and
   of avoiding chunking.
 + Totally rearchitected and rebuilt, so 10 years of cruft could be removed!

jetty-6.0.0ALPHA3 - 20 August 2006
 + Added demo for Continuations
 + Jasper and associated libraries.

jetty-6.0.0rc1 - 16 August 2006
 + JETTY-85 JETTY-86 (TrustManager and SecureRandom are now configurable;
   better handling of null/default values)
 + add <requestLog> config param to jetty plugin
 + added modules/spring with XmlBeanFactory configuration
 + Added simple ResourceHandler and FileServer example
 + added start of cometd implementation (JSON only)
 + added start of grizzly connector
 + Added TransformingWebAppClassLoader for spring 2.0 byte code modification
   support
 + Allow direct filling of buffers for uncached static content.
 + Change path mapping so that a path spec of /foo/* does not match /foo.bar :
   JETTY-88
 + -DSTOP.PORT must be specified.
 + fixed bug that caused Response.setStatus to ignore the provided message
 + Fixed FD leak for bad TCP acks. JETTY-63
 + JETTY-87
 + JETTY-90
 + JETTY-91
 + moved optional modules to extras
 + parse jsp-property-group in web.xml for additional JSP servlet mappings
 + protected setContentType from being set during include
 + refactored resource cache
 + removed org.mortbay. from context system classes configuration
 + removed support for lowResources from SelectChannelConnector
 + Support for binding References and Referenceables and javax.mail.Sessions in
   JNDI

jetty-6.0.0rc0 - 07 July 2006
 + add ability to have a lib/ext dir from which to recursively add all jars and
   zips to the classpath
 + Added 8 random letters&digits to Jetty-generated tmp work dir name to ensure
   uniqueness
 + added html module from jetty 5 - but deprecated until maintainer found
 + Added maximum limit to filter chain cache.
 + added setters and getters on SessionManager API for session related config:
   cookie name, url parameter name, domain, max age and path.
 + added StatisticsHandler and statistics on Connector.
 + Added WebAppContextClassLoader.newInstance to better support exensible
   loaders.
 + allow <key> or <name> in <systemProperty> for plugin
 + changed ServletContext.getResourcePaths()  to not return paths containing
   double slashes
 + change name of generated tmp directory to be
   "Jetty_"+host+"_"+port+"_"+contextpath+"_"+virtualhost
 + change prefix from "jetty6" to just "jetty" for plugin: eg is now mvn
   jetty:run
 + Cleaned up idle expiry.
 + ContextHandlerCollection addContext and setContextClass
 + Discard excess bytes in header buffer if connection is closing
 + Do not wrap EofException with EofException
 + ensure explicitly set tmp directory called "work" is not deleted on exit
 + Ensure mvn clean cleans the build
 + ensure war is only unpacked if war is newer than "work" directory
 + fixed classesDirectory param for maven plugin to be configurable
 + fixed HttpGenerator convertion of non UTF-8: JETTY-82
 + immutable getParameterMap()
 + patch to allow Jetty to use JSP2.1 from Glassfish instead of Jasper from
   Tomcat
 + refactor HttpChannelEndPoint in preparation for SslEngine
 + reverse order for destroy event listeners
 + simplified jetty.xml with new constructor injections
 + Simplified Servlet Context API
 + Simplify runtime resolution of JSP library for plugin
 + Ssl algorithm taken from system property
 + support <load-on-startup> for SingleThreadModel
 + support graceful shutdown
 + Threadpool does not need to be a LifeCycle
 + Updated javax code from
   http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/javax@417727

jetty-6.0.0beta17 - 02 June 2006
 + Added clover reports and enough tests to get >50% coverage
 + Added config to disable file memory mapped buffers for windows
 + Added Request.isHandled()
 + BoundedThreadPool.doStop waits for threads to complete
 + Connector lowResourceMaxIdleTime  implemented.
 + ContextHandler.setConnectors replace setHosts
 + Default servlet checks for aliases resources
 + don't reset headers during forward
 + Fixed IE SSL issue.
 + Flush will flush all bytes rather than just some.
 + Implemented runAs on servlets
 + Protected WEB-INF and META-INF
 + Recovered repository from Codehaus crash
 + Refactored Synchronization of SelectChannelConnector

jetty-6.0.0beta16 - 15 May 2006
 + remove a couple of System.err.printlns
 + replace backwards compativle API in UrlEncoded

jetty-6.0.0beta15 - 11 May 2006
 + Added <scanTargets> parameter to allow other locations to scan for plugin
 + Added automatic scan of all WEB-INF/jetty-*.xml files for plugin
 + Added embedded examples
 + Added Server attribute org.mortbay.jetty.Request.maxFormContentSize
 + Added taglib resources to 2.1 jsp api jar
 + Added ThrottlingFilter and fixed race in Continuations
 + Added --version to start.jar
 + ContextHandler.setContextPath can be called after start.
 + don't accept partial authority in request line.
 + enforce 204 and 304 have no content
 + Fixed handling of params after forward
 + Improved HttpException
 + improved MBeanContainer object removal
 + improved MBean names
 + improved support for java5 jconsole
 + Major refactor to simplify Server and handler hierarchy
 + Moved more resources to resources
 + readded BoundedThreadPool shrinking (and then fixed resulting deadlock)
 + removed SelectBlockingChannelConnector (unmaintained)
 + Renamed NotFoundHandler to DefaultHandler
 + Reset of timer task clears expiry
 + Session scavenger threads from threadpool
 + setSendServerVersion method added to Server to control sending of Server:
   http header
 + Simplified DefaultServlet static content buffering
 + Thread names include URI if debug set

jetty-6.0.0beta14 - 09 April 2006
 + added configurability for webdefault.xml in maven plugin
 + Added Jasper 2.1 as jesper (jasper without JCL)
 + added jetty-util.jar module
 + Added JSP 2.1 APIs from apache
 + added ProxyServlet
 + added reset to Continuation
 + added support for stopping jetty using "java -jar start.jar --stop"
 + adding InvokerServlet
 + Change tmp dir of plugin to work to be in line with jetty convention
 + fixed forward bug (treated as include)
 + fixed HttpField iterator
 + fixed priority of port from url over host header
 + ignore dirs and files that don't exist in plugin scanner
 + implemented request.isUserInRole
 + improved contentType handling and test harness
 + Modify plugin to select JSP impl at runtime
 + moved test webapps to examples directory
 + securityHandler removed if not used.
 + Started readding logging to jesper using jdk logging
 + stop JDBCUserRealm coercing all credentials to String
 + Use start.config to select which JSP impl at runtime based on jdk version

jetty-5.1.11RC0 - 05 April 2006
 + Added provider support to SslListener
 + Fixed AJP handling of ;jsessionid.
 + force close with shutdownOutput for win32
 + improved contentType param handling
 + logging improvements for servlet and runtime exceptions
 + NPE protection if desirable client certificates
 + stop JDBCUserRealm forcing all credentials to be String

jetty-6.0.0beta12 - 16 March 2006
 + Added JSP2.0 demos to test webapp
 + Added provider support to SslListener
 + Fixed error handling in error page
 + Fixed JettyPlus for root contexts
 + Fixed maven plugin JNDI for redeploys
 + Fixed tld discovery for plugin (search dependencies)
 + Log ERROR for runtimeExceptions
 + Upgraded jasper to 5.5.15

jetty-6.0.0beta11 - 14 March 2006
 + Added HttpURI and improved UTF-8 parsing.
 + added JAAS
 + added missing Configurations for maven plugin
 + added patch to use joda-time
 + added webapp-specific JNDI entries
 + fixed ; decoding in URIs
 + fixed FORM authentication
 + moved dtd and xsd to standard javax location
 + refactored configuration files and start()
 + refactored session ID management
 + refactored writers and improved UTF-8 generation.

jetty-6.0.0beta0 - 27 February 2006
 + Dispatcher parameters
 + Fixed blocking read
 + Maven 2 build
 + UTF-8 encoding for URLs

jetty-6.0.0beta10 - 24 February 2006
 + added getLocalPort() to connector
 + Added support for java:comp/env
 + Added support for pluggable transaction manager
 + Additional accessors for request logging
 + Fixed content-type for range requests
 + Fixed default servlet handling of includes
 + Fix for myfaces and include with close
 + Fix for sf1435795 30sec delay from c taylor
 + Fix http://jira.codehaus.org/browse/JETTY-6. hi byte reader
 + Fix sf1431936 don't chunk the chunk
 + Forward masks include attributes and vice versa
 + Updates javax to MR2 release

jetty-6.0.0beta9 - 14 February 2006
 + Added CGI servlet.
 + Added request log.
 + Added TLD tag listener handling.
 + Continuation cleanup
 + Fixed dispatch of wrapped requests.
 + Fixed double flush of short content.
 + fixed setLocale bug sf1426940
 + Fixed unraw decoding of query string
 + Force a tempdir to be set.
 + Force jasper scratch dir.
 + PathMap for direct context mapping.
 + Refactored chat demo and upgraded prototype.js

jetty-6.0.0beta8 - 25 January 2006
 + conveniance addHandler removeHandler methods
 + fixed bug in overloaded write method on HttpConnection (reported against
   Tapestry4.0)
 + fixed dispatch of new session problem. sf:1407090
 + Handle pipeline requests without hangs
 + hid org.apache.commons.logging and org.slf4j packages from webapp
 + improve buffer return mechanism.
 + improved caching of content types
 + maven-jetty6-plugin: ensure compile is done before invoking jetty
 + maven-jetty6-plugin: support all types of artifact dependencies
 + maven-jetty6-plugin stopped transitive inclusion of log4j and
   commons-logging from commons-el for jasper
 + patch to remove spurious ; in HttpFields
 + reinstated rfc2616 test harness
 + Removed queue from thread pool.
 + convenience addHandler removeHandler methods

jetty-6.0.0beta7 - 10 January 2006
 + Faster header name lookup
 + Fixed infinite loop with chunk handling
 + maven-jetty6-plugin added tmpDirectory property
 + maven-jetty6-plugin stopped throwing an error if there is no target/classes
   directory
 + null dispatch attributes not in names
 + reduced info verbosity
 + removed singleton Container

jetty-5.1.10 - 05 January 2006
 + Fixed path aliasing with // on windows.
 + Fix for AJP13 with encoded path
 + Fix for AJP13 with multiple headers
 + Put POST content default back to iso_8859_1. GET is UTF-8 still
 + Remove null dispatch attributes from getAttributeNames

jetty-4.2.25 - 04 January 2006
 + Fixed aliasing of // for win32

jetty-6.0.0beta6 - 09 December 2005
 + Fixed issue with blocking reads
 + Fixed issue with unknown headers
 + optimizations

jetty-5.1.9 - 07 December 2005
 + Fixed wantClientAuth(false) overriding netClientAuth(true)

jetty-5.1.8 - 07 December 2005
 + Fixed space in URL issued created in 5.1.6

jetty-5.1.7 - 07 December 2005

jetty-5.1.7rc0 - 06 December 2005
 + better support for URI character encodings
 + char encoding for MultiPartRequest
 + fixed merging of POST params in dispatch query string.
 + improved server stats
 + JSP file servlet mappings copy JspServlet init params.
 + Prefix servlet context logs with org.mortbay.jetty.context
 + protect from NPE in dispatcher getValues
 + Updated to 2.6.2 xerces
 + use commons logging jar instead of api jar.

jetty-6.0.0beta5 - 05 December 2005
 + Added management module for mbeans
 + Fixed writer char[] creations
 + Moved to SVN

jetty-6.0.0beta4 - 22 November 2005
 + Fixed JSP visibility security issue (CVE-2006-2758)
 + Improved jetty-web.xml access to org.mortbay classes.
 + Jasper 5.5.12
 + System property support in plugin

jetty-5.1.6 - 18 November 2005
 + Fixed JSP visibility security issue (CVE-2006-2758)
 + Improved jetty-web.xml access to org.mortbay classes.

jetty-6.0.0beta3 - 17 November 2005
 + Fixed classloader issue with server classes
 + Fixed error in block read
 + Named dispatch.

jetty-6.0.0beta2 - 14 November 2005
 + Improved buffer return
 + Improved reuse of HttpField values and cookies.
 + loosely coupled with JSP servlet
 + loosely coupled with SLF4J
 + merged util jar back into jetty jar
 + Simpler continuation API

jetty-6.0.0beta1 - 11 November 2005
 + Error pages
 + Implemented all listeners
 + maven2 plugin
 + Multiple select sets
 + refactored start/stop
 + Servlet 2.5 API
 + shutdown hook
 + SSL connector
 + Virtual hosts

jetty-5.1.5 - 10 November 2005
 + Improved mapping of JSP files.
 + Improved shutdown hook
 + Improved URL Decoding

jetty-5.1.5rc2 - 07 October 2005
 + ProxyHandler can handle chained proxies
 + public ServerMBean constructor
 + ReFixed merge of Dispatcher params
 + Response.setLocale will set locale even if getWriter called.
 + Reverted dispatcher params to RI rather than spec behaviour.
 + unsynchronized ContextLoader
 + UTF-8 encoding for URLs

jetty-5.1.5rc1 - 23 August 2005
 + Encoded full path in ResourceHandler directory listing
 + Fixed 100-continues with chunking and early commit
 + Fixed illegal state with chunks and 100 continue - Tony Seebregts
 + Fixed merge of Dispatcher parameters
 + Fixed PKCS12Import input string method
 + handle extra params after charset in header
 + Release commons logging factories when stopping context.
 + upgraded to commons logging 1.0.4

jetty-5.1.5rc0 - 16 August 2005
 + Applied ciphersuite patch from tonyj
 + Authenticators use servlet sendError
 + CGI sets SCRIPT_FILENAME
 + Expect continues only sent if input is read.
 + Facade over commons LogFactory so that discovery may be avoided.
 + Fixed component remove memory leak for stop/start cycles
 + HttpTunnel timeout
 + NPE protection for double stop in ThreadedServer

jetty-5.1.4 - 05 June 2005
 + Change JAAS impl to be more flexible on finding roles
 + Fixed FTP close issue.
 + ModelMBean handles null signatures
 + NPE protection in ThreadedServer
 + set classloader during webapp doStop
 + setup MX4J with JDK1.5 in start.config

jetty-5.1.4rc0 - 19 April 2005
 + Allow ServletHandler in normal HttpContext again.
 + HttpServer delegates component handling to Container.
 + More protection from null classloaders.
 + ServletHttpContext correctly calls super.doStop.
 + Stop start.jar putting current directory on classpath.
 + Turn off web.xml validation for JBoss.

jetty-5.1.13 - 07 April 2005
 + Sourceforge 1648335: problem setting version for AJP13

jetty-5.1.3 - 07 April 2005
 + Some minor code janitorial services

jetty-4.2.24 - 07 April 2005

jetty-5.1.3rc4 - 31 March 2005
 + Allow XmlConfiguration to start with no object.
 + make java:comp/env immutable for webapps as per J2EE spec
 + Moved servlet request wrapping to enterContextScope for geronimo security
 + refixed / mapping for filters
 + rework InitialContextFactory to use static 'default' namespace
 + updated to mx4j 3.0.1

jetty-5.1.3rc3 - 20 March 2005
 + fixed "No getter or setter found" mbean errors
 + removed accidental enablement of DEBUG for JettyPlus jndi in
   log4j.properties

jetty-5.1.3rc2 - 16 March 2005
 + Fixed context to _context refactory error
 + Updated JSR154Filter for ERROR dispatch

jetty-5.1.3rc1 - 13 March 2005
 + Fixed principal naming in FormAuthenticator
 + Fixed typo in context-param handling.
 + JettyPlus updated to JOTM 2.0.5, XAPool 1.4.2
 + update to demo site look and feel.

jetty-4.2.24rc1 - 11 March 2005
 + Fixed principal naming in FormAuthenticator

jetty-5.1.3rc0 - 08 March 2005
 + Added logCookie and logLatency support to NCSARequestLog
 + Added new JAAS callback to allow extra login form fields in authentication
 + Added simple xpath support to XmlParser
 + Added SslListener for 1.4 JSSE API.
 + Added TagLibConfiguration to search for listeners in TLDs.
 + Allow system and server classes to be configured for context loader.
 + Fixed HTAccess crypt salt handling.
 + Fixed JSR154 error dispatch with explicit pass of type.
 + Fixed moderate load preventing ThreadPool shrinking.
 + Fixed rollover filename format bug
 + Flush filter chain caches on servlet/filter change
 + IOException if EOF read during chunk.

jetty-4.2.24rc0 - 08 March 2005
 + Added logCookie and logLatency support to NCSARequestLog
 + Back ported Jetty 5 ThreadedServer and ThreadPool

jetty-5.1.2 - 18 January 2005
 + Added id and ref support to XmlConfiguration
 + Apply patch #1103953
 + Cleaned up AbstractSessionManager synchronization.
 + Fixed potential concurrent login problem with JAAS

jetty-4.2.23 - 16 January 2005
 + Cleaned up AbstractSessionManager synchronization.
 + Fixed potential concurrent login problem with JAAS

jetty-5.1.2pre0 - 22 December 2004
 + Added global invalidation to AbstractSessionManager
 + Fixed case of Cookie parameters
 + Fixed suffix filters
 + Modified useRequestedID handling to only use IDs from other contexts
 + Support Secure and HttpOnly in session cookies
 + UnavailableException handling from handle

jetty-4.2.23RC0 - 17 December 2004
 + Added LogStream to capture stderr and stdout to logging
 + Build unsealed jars
 + LineInput handles readers with small internal buffer
 + Support Secure and HttpOnly in session cookies

jetty-5.1.1 - 01 December 2004

jetty-5.1.1RC1 - 24 November 2004
 + Allow double // within URIs
 + Applied patch for MD5 hashed credentials for MD5
 + Fixed ordering of filters with multiple interleaved mappings.
 + Made more WebApplicationHandle configuration methods public.
 + Some minor findbugs code cleanups

jetty-5.1.1RC0 - 17 November 2004
 + added new contributed shell start/stop script
 + excluded ErrorPageHandler from standard build in extra/jdk1.2 build
 + fix commons logging imports to IbmJsseListener
 + fix for adding recognized EventListeners

jetty-5.1.0 - 14 November 2004

jetty-5.1.RC1 - 24 October 2004
 + Allow JSSE listener to be just confidential or just integral.
 + Allow multiple accepting threads
 + Build unsealed jars
 + default / mapping does not apply to Filters
 + Fixed NPE for null contenttype
 + improved clean targets
 + many minor cleanups suggested from figbug utility
 + Partially flush writers on every write so content length can be detected.
 + when committed setHeader is a noop rather than IllegalStateException

jetty-5.1.RC0 - 11 October 2004
 + Added filter chain cache
 + Added JSR77 servlet statistic support
 + Added LifeCycle events and generic container.
 + Added LogStream to capture stderr and stdout to logging
 + Fixed HTAccessHandler
 + Fixed many minor issues from J2EE 1.4 TCK testing See sf.net bugs 1031520 -
   1032205
 + JBoss 4.0.0 support
 + LineInput handles readers with small internal buffer
 + Refactored, simplified and optimized HttpOutputStream
 + Refactored webapp context configurations
 + Upgraded to ant-1.6 for jasper

jetty-5.0.0 - 10 September 2004

jetty-5.0.RC4 - 05 September 2004
 + Fixed configuration of URL alias checking
 + JettyJBoss: Use realm-name from web.xml if present, otherwise use
   security-domain from jboss-web.xml

jetty-5.0.RC3 - 28 August 2004
 + Added parameters for acceptQueueSize and lowResources level.
 + Always say close for HTTP/1.0 non keep alive.
 + Changed default URI encoding to UTF-8
 + DIGEST auth handles qop, stale and maxNonceAge.
 + fixed deployment of ejb-link elements in web.xml with jboss
 + fixed jaas logout for jetty-jboss
 + Fixes to work with java 1.5
 + JettyPlus addition of pluggable DataSources
 + JettyPlus upgrade to XAPool 1.3.3. and HSQLDB 1.7.2
 + Less verbose warning for non validating xml parser.
 + Update to jasper 5.0.27

jetty-4.2.22 - 24 August 2004
 + Added parameters for acceptQueueSize and lowResources level.
 + fixed deployment of ejb-link elements in web.xml for jboss
 + fixed jaas logout for jetty-jboss integration

jetty-5.0.RC2 - 02 July 2004
 + add JMX support for JettyPlus
 + add listing of java:comp/env for webapp with JMX
 + Default servlet may use only pathInfo for resource
 + Error dispatchers are always GET requests.
 + Fixed DIGEST challenge delimiters
 + Fixed JAAS logout
 + Fixed no-role security constraint combination.
 + Fixed session leak in j2ee
 + Fix to use runas roles during servlet init and destroy
 + HTAccess calls UnixCrypt correctly
 + HttpContext sendError for authentication errors
 + integrated jetty-jboss with jboss-3.2.4
 + make choice of override of JNDI ENC entries: config.xml or web.xml
 + OPTIONS works for all URLs on default servlet

jetty-4.2.21 - 02 July 2004
 + add JMX support for JettyPlus
 + add listing of java:comp/env for webapp with JMX
 + Fixed JAAS logout
 + integrated jetty-jboss with jboss-3.2.4
 + make choice of override of JNDI ENC entries: config.xml or web.xml

jetty-5.0.RC1 - 24 May 2004
 + added extra/etc/start-plus.config to set up main.class for jettyplus
 + Changed to apache 2.0 license
 + Fixed HTTP tunnel timeout setting.
 + FORM auth redirects to context on a re-auth
 + Handle multiple virutal hosts from JBoss 3.2.4RC2
 + Improved handling of exception from servlet init.
 + maxFormContentLength may be unlimited with <0 value

jetty-4.2.20 - 22 May 2004
 + Fixed HTTP tunnel timeout setting.
 + FORM auth redirects to context on a re-auth
 + Improved handling of exception from servlet init.
 + maxFormContentLength may be unlimited with <0 value

jetty-5.0.0RC0 - 07 April 2004
 + Changed dist naming convention to lowercase
 + Default servlet respectes servlet path
 + Factored out XML based config from WebApplicationContext
 + Fixed Default servlet for non empty servlet paths
 + Fixed DOS problem
 + Fixed j2se 1.3 problem with HttpFields
 + Fixed setCharacterEncoding for parameters.
 + Forced close of connections over stop/start
 + Improved RequestLog performance
 + ProxiedFor field support added to NCSARequestLog
 + ServletContext attributes wrap HttpContext attributes.
 + Updated jasper to 5.0.19
 + Updated JettyPlus to JOTM 1.4.3 (carol-1.5.2, xapool-1.3.1)
 + Updated mx4j to V2
 + Worked around bad jboss URL handler in XMLParser

jetty-4.2.20RC0 - 07 April 2004
 + Changed dist naming convention to lowercase
 + Fixed Default servlet for non empty servlet paths
 + Forced close of connections over stop/start
 + HttpFields protected headers
 + ProxiedFor field support added to NCSARequestLog
 + Worked around bad jboss URL handler in XMLParser

jetty-4.2.19 - 19 March 2004
 + Fixed DOS attack problem

jetty-4.2.18 - 01 March 2004
 + Added log4j context repository to jettyplus
 + Default servlet respectes servlet path
 + Fixed j2se 1.3 problem with HttpFields
 + Improved log performance
 + NPE guard for no-listener junit deployment
 + Suppress some more IOExceptions

jetty-5.0.beta2 - 12 February 2004
 + Added experimental NIO listeners again.
 + Added log4j context repository to jettyplus
 + Added skeleton JMX MBean for jetty plus
 + FileResource better handles non sun JVM
 + Fixed busy loop in threadpool run
 + fixed filter dispatch configuration.
 + Fixed HEAD with empty chunk bug.
 + Fixed jetty.home/work handling
 + fixed lazy authentication with FORMs
 + Fixed SessionManager init
 + Fixed setDate thread safety
 + Improved low thread handling
 + Monitor closes socket before exit
 + NPE guard for no-listener junit deployment
 + Reorganized ServletHolder init
 + RequestDispatcher uses request encoding for query params
 + Updated to Japser 5.0.16

jetty-4.2.17 - 01 February 2004
 + Fixed busy loop in threadpool run
 + Reorganized ServletHolder init

jetty-4.2.16 - 30 January 2004
 + FileResource better handles non sun JVM
 + Fixed HttpTunnel for JDK 1.2
 + Fixed setDate multi-cpu race
 + Improved low thread handling
 + Monitor closes socket before exit
 + RequestDispatcher uses request encoding for query params
 + Update jasper to 4.1.29

jetty-5.0.beta1 - 24 December 2003
 + Added patch for JBoss realm single sign on
 + Env variables for CGI
 + Fixed UnixCrypt handling in HTAccessHandler
 + Removed support for old JBoss clustering
 + Reorganized FAQ
 + SecurityConstraints not reset by stop() on custom context

jetty-4.2.15 - 24 December 2003
 + Added patch for JBoss realm single sign on
 + Environment variables for CGI
 + Fixed UnixCrypt handling in HTAccessHandler
 + Removed support for old JBoss clustering
 + SecurityConstraints not reset by stop() on custom context

jetty-5.0.beta0 - 22 November 2003
 + Added MsieSslHandler to handle browsers that don't grok persistent SSL (msie
   5)
 + Added org.mortbay.http.ErrorHandler for error pages.
 + Allow per listener handlers
 + Expire pages that contain set-cookie as per RFC2109 recommendation
 + Fixed init race in HttpFields cache
 + JBoss integration uses writer rather than stream for XML config handling
 + PathMap uses own Map.Entry impl for IBM JVMs
 + Protect ThreadPool.run() from interrupted exceptions
 + Removed support for HTTP trailers
 + Removed the CMR/CMP distributed session implementation
 + Respect content length when decoding form content.
 + Updated jasper to 5.0.14beta
 + Use ${jetty.home}/work or WEB-INF/work for temp directories if present

jetty-4.2.15rc0 - 22 November 2003
 + Added org.mortbay.http.ErrorHandler for error pages.
 + JsseListener checks UserAgent for browsers that can't grok persistent SSL
   (msie5)
 + PathMap uses own Map.Entry impl for IBM JVMs
 + Protect ThreadPool.run() from interrupted exceptions
 + Race in HttpFields cache
 + Removed the CMR/CMP distributed session implementation
 + Use ${jetty.home}/work or WEB-INF/work for temp directories if present

jetty-4.2.14 - 04 November 2003
 + Expire pages that contain set-cookie as per RFC2109 recommendation
 + Fixed NPE in SSO
 + JBoss integration uses writer rather than stream for XML config handling
 + respect content length when decoding form content.

jetty-5.0.alpha3 - 19 October 2003
 + Allow customization of HttpConnections
 + Failed requests excluded from duration stats
 + FileClassPath derived from walk of classloader hierarchy.
 + Fixed null pointer if no sevices configured for JettyPlus
 + Implemented security constraint combinations
 + Lazy authentication if no auth constraint.
 + Priority added to ThreadPool
 + replaced win32 service with http://wrapper.tanukisoftware.org
 + Restore servlet handler after dispatch
 + Reworked Dispatcher to better support cross context sessions.
 + Set TransactionManager on JettyPlus datasources and pools
 + Updated jasper and examples to 5.0.12
 + Use File.toURI().toURL() when jdk 1.2 alternative is available.

jetty-4.2.14RC1 - 19 October 2003
 + Added UserRealm.logout and arrange for form auth
 + Allow customization of HttpConnections
 + Failed requests excluded from
 + Reworked Dispatcher to better support cross context sessions.

jetty-4.2.14RC0 - 07 October 2003
 + Build fileclasspath from a walk of the classloaders
 + cookie timestamps are in GMT
 + Correctly setup context classloader in cross context dispatch.
 + Fixed comments with embedded double dashes on jettyplus.xml file
 + Fixed handling of error pages for IO and Servlet exceptions
 + Fixed null pointer if no sevices configured for JettyPlus
 + Priority on ThreadedServer
 + Put a semi busy loop into proxy tunnels for IE problems
 + replaced win32 service with http://wrapper.tanukisoftware.org
 + Set TransactionManager on JettyPlus datasources and pools
 + updated extra/j2ee to jboss 3.2.1+
 + Use File.toURI().toURL() when jdk 1.2 alternative is available.

jetty-5.0.alpha2 - 19 September 2003
 + Correctly setup context classloader in cross context dispatch.
 + Fixed error page handling of IO and Servlet exceptions.
 + Implemented ServletRequestListeners as optional filter.
 + Improved JMX start.
 + minor doco updates.
 + Moved error page mechanism to be webapp only.
 + moved mailing lists to sourceforge.
 + MultipartRequest supports multi value headers.
 + Put a semi busy loop into proxy tunnels for IE problems
 + Turn off validation without non-xerces errors
 + Update jakarta examples
 + Use commons logging.
 + Use log4j if extra is present.
 + XML entity resolution uses URLs not Resources

jetty-5.0.alpha1 - 12 August 2003
 + Implemented locale encoding mapping.
 + Improve combinations of Security Constraints
 + Server javadoc from war
 + Switched to mx4j
 + Synced with 4.2.12
 + Updated to Jasper 5.0.7

jetty-4.2.12 - 12 August 2003
 + Added missing S to some OPTIONS strings
 + Added open method to threaded server.
 + Fixed MIME types for chemicals
 + Fixed parameter ordering for a forward request.
 + Fixed up HTAccessHandler
 + FORMAuthenticator does 403 with empty error page.
 + Improved error messages from ProxyHandler
 + Padding for IE in RootNotFoundHandler
 + Removed protection of org.mortbay.http attributes
 + Restore max inactive interval for session manager

jetty-5.0.alpha0 - 16 July 2003
 + Compiled against 2.4 servlet spec.
 + Implemented Dispatcher forward attributes.
 + Implemented filter-mapping <dispatcher> element
 + Implemented remote/local addr/port methods
 + Implemented setCharaterEncoding
 + Updated authentication so that a normal Principal is used.
 + updated to jasper 5.0.3

jetty-4.2.11 - 12 July 2003
 + Branched for Jetty 5 development.
 + Cookie params all in lower case.
 + Fixed race in servlet initialization code.
 + Prevent AJP13 from reordering query.
 + Simplified AJP13 connection handling.
 + Support separate Monitor class for start

jetty-4.2.10 - 07 July 2003
 + Updates to JettyPlus documentation
 + Updates to Jetty tutorial for start.jar, jmx etc

jetty-4.2.10pre2 - 04 July 2003
 + Addition of mail service for JettyPlus
 + Allow multiple security-role-ref elements per servlet.
 + Cleaned up alias handling.
 + Confidential redirection includes query
 + Fixed cookie handling for old cookies and safari
 + handle multiple security role references
 + Handle Proxy-Connection better
 + Improvement to JettyPlus config of datasources and connection pools
 + Many improvements in JettyPlus java:comp handling
 + Move to Service-based architecture for JettyPlus features
 + Re-implementation of JNDI
 + Restricted ports in ProxyHandler.
 + Session statistics
 + URI always encodes %
 + XmlConfiguration can get/set fields.

jetty-4.2.10pre1 - 02 June 2003
 + Added SSO implementation for FORM authentication.
 + Added stop.jar
 + Deprecated forced chunking.
 + Fixed AJP13 protocol so that request/response header enums are correct.
 + Fixed form auth success redirect after retry, introduced in 4.2.9rc1
 + Fixed JSP code visibility problem introduced in Jetty-4.2.10pre0
 + Fixed problem with shared session for inter context dispatching.
 + Form authentication remembers URL over 403
 + ProxyHandler has improved test for request content
 + Removed support of org.mortbay.http.User role.
 + Trace support is now optional (in AbstractHttpHandler).
 + WebApplicationContext does not reassign defaults descriptor value.

jetty-4.2.10pre0 - 05 May 2003
 + Added ability to override jetty startup class by using -Djetty.server on
   runline
 + Allow params in form auth URLs
 + Allow query params in error page URL.
 + Apply the append flag of RolloverFileOutputStream constructor.
 + Fixed CRLF bug in MultiPartRequest
 + Fixed table refs in JDBCUserRealm.
 + FORM Authentication is serializable for session distribution.
 + getAuthType maps the HttpServletRequest final strings.
 + getAuthType returns CLIENT_CERT instead of CLIENT-CERT.
 + Incorporate jetty extra and plus into build
 + Incorporate JettyPlus jotm etc into build.
 + Integrate with JAAS
 + Massive reorg of the CVS tree.
 + Merge multivalued parameters in dispatcher.
 + Moved Log4JLogSink into JettyPlus
 + New look and feel for www site.
 + ProxyHandler checks black and white lists for Connect.
 + RolloverFileOutputStream manages Rollover thread.
 + Updated to jasper jars from tomcat 4.1.24
 + Warn if max form content size is reached.

jetty-4.2.9 - 19 March 2003
 + Conditional headers check after /dir to /dir/ redirection.

jetty-4.2.9rc2 - 16 March 2003
 + Added X-Forwarded-For header in ProxyHandler
 + Allow dispatch to j_security_check
 + Defaults descriptor has context classloader set.
 + Fixed build.xml for source release
 + Made rfc2068 PUT/POST Continues support optional.
 + Updated included jmx jars

jetty-4.2.9rc1 - 06 March 2003
 + Added requestlog to HttpContext.
 + Added support for client certs to AJP13.
 + Added trust manager support to SunJsseListener.
 + Allow delegated creation of WebApplication derivations.
 + Check Data contraints before Auth constraints
 + Cleaned up includes
 + Dump servlet can load resources for testing now.
 + Optional 2.4 behaviour for sessionDestroyed notification.
 + ProxyHandler has black and white host list.
 + Reduced default context cache sizes (Total 1MB file 100KB).
 + Removed checking for single valued headers.
 + Stop proxy url from doing user interaction.
 + Turn request log buffering off by default.
 + Work around URLClassloader not handling leading /

jetty-4.2.8_01 - 18 February 2003
 + Added a SetResponseHeadersHandler, can set P3P headers etc.
 + Added MBeans for Servlets and Filters
 + Added option to resolve remote hostnames.  Defaults to off.
 + Default servlet can have own resourceBase.
 + Fixed AdminServlet to handle changed getServletPath better.
 + Fixed CGI servlet to handle multiple headers.
 + Moved ProxyHandler to the src1.4 tree
 + Patched first release of 4.2.8 with correct version number
 + ProxyHandler can handle multiple cookies.
 + Rolled back SocketChannelListener to 4.2.5 version

jetty-4.2.7 - 04 February 2003
 + Changed PathMap to conform to / getServletPath handling.
 + Fixed proxy tunnel for non persistent connections.
 + Relative sendRedirect handles trailing / correctly.
 + Upgraded to JSSE 1.0.3_01 to fix security problem.

jetty-4.2.6 - 24 January 2003
 + Added HttpContext.setHosts to restrict context by real interface.
 + Added MBeans for session managers
 + Added version to HttpServerMBean.
 + Allow AJP13 buffers to be resized.
 + ClientCertAuthentication updates request.
 + Fixed LineInput problem with expanded buffers.
 + Fixed rel sendRedirects for root context.
 + Improved SocketChannelListener contributed.
 + Improved synchronization on AbstractSessionManager.

jetty-4.2.5 - 14 January 2003
 + Added Log4jSink in the contrib directory.
 + Don't process conditional headers and ranges for includes
 + Fixed pathParam bug for ;jsessionid
 + Fixed requestedSessionId null bug.

jetty-4.2.4 - 04 January 2003
 + Added MBeans for handlers
 + Clear context attributes after stop.
 + Clear context listeners after stop.
 + Fixed stop/start handling of servlet context
 + HTAccessHandler checks realm as well as htpassword.
 + Reuse empty LogSink slots.
 + Upgraded jasper to 4.1.18
 + Use requestedSessionId as default session ID.

jetty-4.2.4rc0 - 12 December 2002
 + Added gzip content encoding support to Default and ResourceHandler
 + Added HttpContext.flushCache
 + Allow empty host header.
 + Avoid optional 100 continues.
 + Better access to session manager.
 + Character encoding handling for GET requests.
 + Cheap clear for HttpFields
 + Cleaned up some unused listener throws.
 + Code logs objects rather than strings.
 + Configurable root context.
 + Dir listings in UTF8
 + Fixed dir listing from jars.
 + Fixed isSecure and getScheme for SSL over AJP13
 + Fixed setBufferSize NPE.
 + Handle = in param values.
 + Handle chunked form data.
 + Implemented RFC2817 CONNECT in ProxyHandler
 + Improved ProxyHandler to the point is works well for non SSL.
 + Improved setBufferSize handling
 + Limit form content size.
 + Removed container transfer encoding handling.
 + RootNotFoundHandler to help when no context found.
 + Simplified ThreadedServer
 + Update jasper to 4.1.16beta
 + Use ThreadLocals for ByteArrayPool to avoid synchronization.
 + Use Version to reset HttpFields

jetty-4.2.3 - 02 December 2002
 + Added links to Jetty Powered page
 + added main() to org.mortbay.http.Version
 + Added PKCS12Import class to import PKCS12 key directly
 + Check form authentication config for leading /
 + Cleaner servlet stop to avoid extra synchronization on handle
 + Clean up of ThreadedServer.stop()
 + Fixed some typos
 + org.mortbay.http.HttpContext.FileClassPathAttribute
 + Removed aggressive threadpool shrinkage to avoid deadlock on SMP machines.
 + removed old HttpContext.setDirAllowed()
 + Updated bat scripts

jetty-4.2.2 - 20 November 2002
 + Added EOFException to reduce log verbosity on closed connections.
 + Avoided bad buffer status after closed connection.
 + Fixed handling of empty headers
 + Fixed sendRedirect for non http URLS
 + Fixed URI query recycling for persistent connections

jetty-4.2.1 - 18 November 2002
 + Fixed bad optimization in UrlEncoding
 + Re-enabled UrlEncoding test harnesses

jetty-4.2.0 - 16 November 2002
 + Added definitions for RFC2518 WebDav response codes.
 + Added upload demo to dump servlet.
 + Fixed AJP13 buffer size.
 + Fixed include of Invoker servlet.
 + Fixed remove listener bug.
 + Lowercase jsessionid for URLs only.
 + Made NCSARequestLog easier to extend.
 + Many more optimizations.
 + Removed jasper source and just include jars from 4.1.12
 + Removed remaining non portable getBytes() calls
 + Restrict 304 responses to seconds time resolution.
 + Use IE date formatting for speed.
 + Worked around JVM1.3 bug for JSPs

jetty-4.1.4 - 16 November 2002
 + Fixed ContextLoader parent delegation bug
 + Fixed Invoker servlet for RD.include
 + Fixed remove SocketListener bug.
 + Last modified handling uses second resolution.
 + Made NCSARequestLog simpler to extend.
 + Use IE date formatting for last-modified efficiency

jetty-4.2.0rc1 - 02 November 2002
 + Fixed ContextLoader parent delegation bug.
 + Fixed directory resource bug in JarFileResource.
 + Fixed firstWrite after commit.
 + Fixed problem setting the size of chunked buffers.
 + Fixed servletpath on invoker for named servlets.
 + Improved handling of 2 byte encoded characters within forms.
 + Recycling of HttpFields class.
 + Removed unused Servlet and Servlet-Engine headers.
 + Renamed Filter application methods.
 + Support default mime mapping defined by *

jetty-4.2.0rc0 - 24 October 2002
 + Added authenticator to admin.xml
 + Added embedded iso8859 writer to HttpOutputStream.
 + Fixed RolloverFileOutputStream without date.
 + Fixed SessionManager initialization
 + Fixed Session timeout NPE.
 + Greg's birthday release!
 + Removed duplicate classes from jar

jetty-4.1.3 - 24 October 2002
 + Added authenticator to admin.xml
 + Fixed RolloverFileOutputStream without date.
 + Fixed SessionManager initialization
 + Fixed Session timeout NPE.

jetty-4.0.6 - 24 October 2002
 + Clear interrupted status in ThreadPool
 + fixed forward attribute handling for jsp-file servlets
 + Fixed forward query string handling
 + Fixed handling of relative sendRedirect after forward.
 + Fixed setCharacterEncoding to work with getReader
 + Fixed virtual hosts temp directories.

jetty-4.2.0beta0 - 13 October 2002
 + 404 instead of 403 for WEB-INF requests
 + Allow %3B encoded ; in URLs
 + Allow anonymous realm
 + Build without jmx
 + Fixed bad log dir detection
 + Fixed caching of directories to avoid shared buffers.
 + Fix Session invalidation bug
 + FORM authentication sets 403 error page
 + getNamedDispatcher(null) returns containers default servlet.
 + New AJP13 implementation.
 + New Buffering implementation.
 + New ThreadPool implementation.
 + Removed Dispatcher dependancy on ServletHttpContext
 + Stop/Start filters in declaration order.
 + unquote charset in content type
 + Update jasper to 4.1.12 tag
 + Use "standard" names for default,jsp & invoker servlets.

jetty-4.1.2 - 13 October 2002
 + 404 instead of 403 for WEB-INF requests
 + Allow %3B encoded ; in URLs
 + Allow anonymous realm
 + Build without jmx
 + Fixed bad log dir detection
 + Fixed caching of directories to avoid shared buffers.
 + Fix Session invalidation bug
 + FORM authentication sets 403 error page
 + getNamedDispatcher(null) returns containers default servlet.
 + Some AJP13 optimizations.
 + Stop/Start filters in declaration order.
 + unquote charset in content type
 + Update jasper to 4.1.12 tag
 + Use "standard" names for default,jsp & invoker servlets.

jetty-4.1.1 - 30 September 2002
 + Avoid setting sotimeout for optimization.
 + Cache directory listings.
 + Deprecated maxReadTime.
 + Fixed client scripting vulnerability with jasper2.
 + Fixed infinite recursion in JDBCUserRealm
 + Fixed space in resource name handling for jdk1.4
 + Merged LimitedNCSARequestLog into NCSARequestLog
 + Moved launcher/src to src/org/mortbay/start
 + String comparison of If-Modified-Since headers.
 + Touch files when expanding jars

jetty-4.1.0 - 22 September 2002
 + Added LimitedNCSARequestLog
 + ClientCertAuthenticator protected from null subjectDN
 + Context Initparams to control session cookie domain, path and age.
 + Fixed AJP13 handling of mod_jk loadbalancing.
 + Fixed CGI+windows security hole.
 + Handle unremovable tempdir.
 + NCSARequest log buffered default
 + Sorted directory listings.
 + Stop servlets in opposite order to start.
 + Use javac -target 1.2 for normal classes
 + WEB-INF/classes before WEB-INF/lib

jetty-4.1.0RC6 - 14 September 2002
 + Added logon.jsp for no cookie form authentication.
 + Added redirect to welcome file option.
 + Cleaned up old debug.
 + Don't URL encode FileURLS.
 + Encode URLs of Authentication redirections.
 + Extended Session API to pass request for jvmRoute handling
 + Fixed problem with AJP 304 responses.
 + FormAuthenticator uses normal redirections now.
 + Improved HashUserRealm doco
 + Improved look and feel of demo

jetty-4.1.0RC5 - 08 September 2002
 + Added commandPrefix init param to CGI
 + AJP13Listener caught up with HttpConnection changes.
 + Implemented security-role-ref for isUserInRole.
 + Improved errors for misconfigured realms.
 + More cleanup in ThreadPool for idle death.

jetty-4.1.0RC4 - 30 August 2002
 + Created statsLock sync objects to avoid deadlock when stopping.
 + Included IbmJsseListener in the contrib directory.
 + Reverted to 302 for all redirections as all clients do not understand 303
 + Updated jasper2 to 4.1.10 tag.

jetty-4.1.0RC3 - 28 August 2002
 + Added buffering to request log
 + Added defaults descriptor to addWebApplications.
 + addWebApplications encodes paths to allow for spaces in file names.
 + Allow FORM auth pages to be within security constraint.
 + Allow WebApplicationHandler to be used with other handlers.
 + Created and integrated the Jetty Launcher
 + Fixed security problem for suffix matching with trailing "/"
 + Improved handling of path encoding in Resources for bad JVMs
 + Improved handling of PUT,DELETE & MOVE.
 + Made Resource canonicalize it's base path for directories

jetty-4.1.0RC2 - 20 August 2002
 + Added HttpListener.bufferReserve
 + Build ant, src and zip versions with the release
 + Clear interrupted status in ThreadPool
 + Conveninace setClassLoaderJava2Compliant method.
 + Fixed HttpFields cache overflow
 + Improved ByteArrayPool to handle multiple sizes.
 + Updated to Jasper2 (4_1_9 tag)
 + Use system line separator for log files.

jetty-4.1.0RC1 - 11 August 2002
 + Fixed forward query string handling
 + Fixed forward to jsp-file servlet
 + Fixed getContext to use canonical contextPathSpec
 + Fixed handling of relative sendRedirect after forward.
 + Fixed setCharacterEncoding to work with getReader
 + Improved the return codes for PUT
 + Made HttpServer serializable
 + Updated international URI doco
 + Updated jasper to CVS snapshot 200208011920

jetty-4.1.0RC0 - 31 July 2002
 + Added DigestAuthenticator
 + Added ExpiryHandler which can set a default Expires header.
 + Added link to a Jetty page in Korean.
 + Changed URI default charset back to ISO_8859_1
 + Fixed getRealPath for packed war files.
 + Restructured Password into Password and Credentials

jetty-4.0.5 - 31 July 2002
 + Fixed getRealPath for packed war files.
 + Fixed getRequestURI for RD.forward to return new URI.
 + Reversed order of ServletContextListener.contextDestroyed calls

jetty-4.1.B1 - 19 July 2002
 + Added 2.4 Filter dispatching support.
 + Added PUT,DELETE,MOVE support to webapps.
 + CGI Servlet, catch and report program invocation failure status.
 + CGI Servlet, fixed suffix mapping problem.
 + CGI Servlet, pass all HTTP headers through.
 + CGI Servlet, set working directory for exec
 + Moved dynamic servlet handling to Invoker servlet.
 + Moved webapp resource handling to Default servlet.
 + Reversed order of ServletContextListener.contextDestroyed calls
 + Sessions create attribute map lazily.
 + Support HTTP/0.9 requests again
 + Updated mini.http.jar target

jetty-3.1.9 - 15 July 2002
 + Allow doHead requests to be forwarded.
 + Fixed race in ThreadPool for minThreads <= CPUs

jetty-4.1.B0 - 13 July 2002
 + Added work around of JDK1.4 bug with NIO listener
 + Allow filter init to access servlet context methods.
 + close rather than disable stream after forward
 + Fixed close problem with load balancer.
 + Fixed ThreadPool bug when minThreads <= CPUs
 + Keep notFoundContext out of context mapping lists.
 + mod_jk FAQ
 + Moved 3rd party jars to $JETTY_HOME/ext
 + NCSARequestLog can log to stderr
 + RD.forward changes getRequestURI.
 + Stopped RD.includes closing response.

jetty-4.1.D2 - 24 June 2002
 + Added AJP13 listener for apache integration.
 + Allow comma separated cookies and headers
 + Back out Don't chunk 30x empty responses.
 + Better recycling of HttpRequests.
 + Conditional header tested against welcome file not directory.
 + Fixed ChunkableOutputStream close propagation
 + Improved ThreadedServer stopping on bad networks
 + Moved jmx classes from JettyExtra to here.
 + Protect session.getAttributeNames from concurrent modifications.
 + Set contextloader during webapplicationcontext.start
 + Support trusted external authenticators.
 + Use ThreadLocals to avoid unwrapping in Dispatcher.

jetty-4.0.4 - 23 June 2002
 + Back out change: Don't chunk 30x empty responses.
 + Conditional header tested against welcome file not directory.
 + Improved ThreadedServer stopping on bad networks

jetty-4.0.3 - 20 June 2002
 + Allow comma separated cookies and headers
 + Allow session manager to be initialized when set.
 + Better recycling of HttpRequests.
 + Fixed close propagation of on-chunked output streams
 + Fixed japanese locale
 + Force security disassociation.
 + Protect session.getAttributeNames from concurrent modifications.
 + WebapplicationContext.start sets context loader

jetty-4.1.D1 - 08 June 2002
 + Added simple buffer pool.
 + Don't chunk 30x empty responses.
 + Fixed /foo/../bar// bug in canonical path.
 + Fixed "" contextPaths in Dispatcher.
 + Merged ResourceBase and SecurityBase into HttpContext
 + Recycle servlet requests and responses
 + Removed race for the starting of session scavaging
 + Reworked output buffering to keep constant sized buffers.

jetty-4.0.2 - 06 June 2002
 + Added OptimizeIt plug
 + Don't chunk 30x empty responses.
 + Fixed /foo/../bar// bug in canonical path.
 + Fixed "" contextPaths in Dispatcher.
 + Fixed handler/context start order.
 + Fixed web.dtd references.
 + Removed race for the starting of session scavaging

jetty-3.1.8 - 06 June 2002
 + Fixed /foo/../bar// bug in canonical path.
 + Fixed no slash context redirection.
 + Fixed singled threaded dynamic servlets
 + Made SecurityConstraint.addRole() require authentication.

jetty-4.1.D0 - 05 June 2002
 + Added OptimizeIt plug.
 + Added TypeUtil to reduce Integer creation.
 + BRAND NEW WebApplicationHandler & WebApplicationContext
 + Experimental CLIENT-CERT Authenticator
 + Fixed handler/context start order.
 + Fixed web.dtd references.
 + General clean up of the API for for MBean getters/setters.
 + Removed the HttpMessage facade mechanism
 + Restructured ResourceHandler into ResourceBase
 + The 4.1 Series started looking for even more performance within the 2.3
   specification.

jetty-4.0.1 - 22 May 2002
 + Fixed "null" return from getRealPath
 + Fixed contextclassloader on ServletContextEvents.
 + OutputStreamLogSink config improvements
 + Support graceful stopping of context and server.
 + Updated jasper to 16 May snapshot

jetty-4.0.1RC2 - 14 May 2002
 + 3DES Keylength was being reported as 0. Now reports 168 bits.
 + Added confidential and integral redirections to HttpListener
 + Better error for jre1.3 with 1.4 classes
 + Cleaned up RD query string regeneration.
 + Fixed ServletResponse.reset() to resetBuffer.
 + Implemented the run-as servlet tag.

jetty-4.0.1RC1 - 29 April 2002
 + Avoid flushes during RequestDispatcher.includes
 + Better handling if no realm configured.
 + Expand ByteBuffer full limit with capacity.
 + Fixed double filtering of welcome files.
 + Fixed FORM authentication auth of login page bug.
 + Fixed setTempDirectory creation bug
 + Improved flushing of chunked responses

jetty-4.0.1RC0 - 18 April 2002
 + AbstractSessionManager sets contextClassLoader for scavanging
 + Added extract arg to addWebApplications
 + DTD allows static "Get" and "Set" methods to be invoked.
 + Extended facade interfaces to HttpResponse.sendError
 + Fixed delayed response bug: Stopped HttpConnection consuming input from
   timedout connection.
 + Moved basic auth handling to HttpRequest
 + Pass pathParams via welcome file forward for jsessionid
 + Set thread context classloader for webapp load-on-startup inits
 + Updated Jasper to CVS snapshot from Apr 18 18:50:59 BST 2002

jetty-4.0.0 - 22 March 2002
 + Added IPAddressHandler for IP restrictions
 + Jetty.sh cygwin support
 + Minor documentation updates.
 + Updated contributors.
 + Updated tutorial configure version

jetty-4.0.RC3 - 20 March 2002
 + Changed html attribute order for mozilla quirk.
 + ContextInitialized notified before load-on-startup servlets.
 + Fixed ZZZ offset format to +/-HHMM
 + JDBCUserRealm instantiates JDBC driver
 + Suppress WriterOutputStream warning.
 + Updated history

jetty-4.0.RC2 - 12 March 2002
 + Added experimental nio SocketChannelListener
 + Added skeleton load balancer
 + Disabled the Password EXEC mechanism by default
 + Dont try to extract directories
 + Fixed column name in JDBCUserRealm
 + Fixed empty referrer in NCSA log.
 + Fixed security constraint problem with //
 + Fixed version for String XmlConfigurations
 + Removed redundant sessionID check.
 + Remove last of the Class.forName calls.
 + Security FAQ

jetty-3.1.7 - 12 March 2002
 + Fixed security problem with constraints being bypassed with // in URLs

jetty-4.0.RC1 - 06 March 2002
 + Added ContentEncodingHandler for compression.
 + Call response.flushBuffer after service to flush wrappers.
 + contextDestroyed event sent before destruction.
 + Contributors list as an image to prevent SPAM!
 + Empty suffix for temp directory.
 + FileResource depends less on FilePermissions.
 + Fixed filter vs forward bug.
 + Fixed recursive DEBUG loop in Logging.
 + Improved efficiency of quality list handling
 + Minor changes to make HttpServer work on J2ME CVM
 + Simplified filter API to chunkable streams
 + Updated jetty.sh to always respect arguments.
 + Warn if jdk 1.4 classes used on JVM <1.4
 + WebApplication will use ContextLoader even without WEB-INF directory.
 + XmlParser is validating by default. use o.m.x.XmlParser.NotValidating
   property to change.

jetty-3.1.6 - 28 February 2002
 + Dispatcher.forward dispatches directly to ServletHolder to avoid premature
   exception handling.
 + Empty suffix for temp directory.
 + Fixed HttpFields remove bug
 + HttpResponse.sendError makes a better attempt at finding an error page.
 + Implemented 2.3 clarifications to security constraint semantics PLEASE
   REVIEW YOUR SECURITY CONSTRAINTS (see README).
 + LineInput can handle any sized marks
 + Set Listeners default scheme

jetty-4.0.B2 - 25 February 2002
 + Accept jetty-web.xml or web-jetty.xml in WEB-INF
 + Added LoggerLogSink to direct Jetty Logs to JDK1.4 Log.
 + Added optional JDK 1.4 src tree
 + Added org.mortbay.http.JDBCUserRealm
 + Added String constructor to XmlConfiguration.
 + Adjust servlet facades for welcome redirection
 + Improved default jetty.xml
 + Improve handling of unknown URL protocols.
 + Init classloader for JspServlet
 + Minor Jasper updates
 + o.m.u.Frame uses JDK1.4 stack frame handling
 + Simplified addWebApplication
 + Slightly more agressive eating unused input from non persistent connection.
 + Start ServletHandler as part of the FilterHandler start.
 + User / mapping rather than /* for servlet requests to static content

jetty-4.0.B1 - 13 February 2002
 + Added setClassLoader and moved getFileClassPath to HttpContext
 + getRequestURI returns encoded path
 + HttpConnection always eats unused bodies
 + LineInput waits for LF after CF if seen CRLF before.
 + Merged HttpMessage and Message
 + Servlet request destined for static content returns paths as default servlet
 + Suppress error only for IOExceptions not derivitives.
 + Updated examples webapp from tomcat
 + WriterOutputStream so JSPs can include static resources.

jetty-4.0.B0 - 04 February 2002
 + Added AbstractSessionManager
 + Added Array element to XMLConfiguration
 + Added hack for compat tests in watchdog for old tomcat stuff
 + Added index links to tutorial
 + Allow listener schemes to be set.
 + Common handling of TRACE
 + Factor out RolloverFileOutputStream from OutputStreamLogSink
 + Fixed HttpFields remove bug
 + Handle special characters in resource file names better.
 + HttpContext destroy
 + Implemented 2.3 security constraint semantics PLEASE REVIEW YOUR SECURITY
   CONSTRAINTS (see README).
 + Reduce object count and add hash width to StringMap
 + Release process builds JettyExtra
 + Removed triggers from Code.
 + Remove request logSink and replace with RequestLog using
   RolloverFileOutputStream
 + Renamed getHttpServers and added setAnonymous
 + Stop and remove NotFound context for HttpServer
 + Support Random Session IDs in HashSessionManager.
 + Updated crimson to 1.1.3
 + Updated tutorial and FAQ
 + Welcome file dispatch sets requestURI.
 + Welcome files may be relative

jetty-4.0.D4 - 14 January 2002
 + Added BlueRibbon campaign.
 + Added isAuthenticated to UserPrincipal
 + Extract WAR files to standard temp directory
 + Fixed noaccess auth demo.
 + FORM auth caches UserPrincipal
 + Handle ServletRequestWrappers for Generic Servlets
 + Improved handling of UnavailableException
 + Improved HttpResponsse.sendError error page matching.
 + Prevent output after forward
 + RequestDispatcher uses cached resources for include
 + URI uses UTF8 for % encodings.

jetty-4.0.D3 - 31 December 2001
 + cookies with maxAge==0 expire on 1 jan 1970
 + Corrected name to HTTP_REFERER in CGI Servlet.
 + DateCache handles misses better.
 + Fixed cached filter wrapping.
 + Fixed ContextLoader lib handling.
 + Fixed getLocale again
 + Fixed UrlEncoding for % + combination.
 + Generalized temp file handling
 + HttpFields uses DateCache more.
 + Made Frame members private and fixed test harness
 + Moved admin port to 8081 to avoid JBuilder
 + Patch jasper to 20011229101000
 + Removed limits on mark in LineInput.
 + setCookie always has equals

jetty-3.1.5 - 11 December 2001
 + Allow POSTs to static resources.
 + Branched at Jetty_3_1
 + cookies with maxage==0 expired 1 jan 1970
 + Fixed ChunableInputStream.resetStream bug.
 + Fixed formatting of redirectURLs for NS4.08
 + Ignore IO errors when trying to persist connections.
 + setCookie always has equals for cookie value
 + stopJob/killStop in ThreadPool to improve stopping ThreadedServer on some
   platforms.

jetty-4.0.D2 - 02 December 2001
 + added addWebApplications auto discovery
 + Allow POSTs to static resources.
 + Better handling of charset in form encoding.
 + Disabled last forwarding by setPath()
 + Fixed ChunableInputStream.resetStream bug.
 + Fixed formatting of redirect URLs.
 + Ignore IO errors when trying to persist connections.
 + Made the root context a webapplication.
 + Moved demo docroot/servlets to demo directory
 + New event model to decouple from beans container.
 + Removed Demo.java (until updated).
 + Removed ForwardHandler.
 + Removed most of the old doco, which needs to be rewritten and added again.
 + Removed Request set methods (will be replaced)
 + Restructured for demo and test hierarchies
 + stopJob/killStop in ThreadPool to improve stopping ThreadedServer on some
   platforms.

jetty-4.0.D1 - 14 November 2001
 + Added Context and Session Event Handling
 + Added FilterHandler
 + Added FilterHolder
 + Changed HandlerContext to HttpContext
 + Fixed bug with request dispatcher parameters
 + Fixed ServletHandler with no servlets
 + New ContextLoader implementation.
 + New Dispatcher implementation
 + Removed destroy methods
 + Simplified MultiMap
 + Simplified ServletHandler

jetty-4.0.D0 - 06 November 2001
 + 1.2 JSP API
 + 2.3 Servlet API
 + Added examples webapp from tomcat4
 + Branched at Jetty_3_1
 + Branched from Jetty_3_1 == Jetty_3_1_4
 + Jasper from tomcat4
 + Start SessionManager abstraction.

jetty-3.1.4 - 06 November 2001
 + Added RequestLogFormat to allow extensible request logs.
 + Default PathMap separator changed to ":,"
 + Generate session unbind events on a context.stop()
 + getRealPath accepts \ URI separator on platforms using \ file separator.
 + HTAccessHandler made stricter on misconfiguration
 + PathMap now ignores paths after ; or ? characters.
 + Remove old stuff from contrib that had been moved to extra
 + Support the ZZZ timezone offset format in DateCache

jetty-3.1.3 - 26 October 2001
 + Allow a per context UserRealm instance.
 + Correct dispatch to error pages with javax attributes set.
 + Fixed binary files in CVS
 + Fixed several problems with external role authentication. Role
   authentication in JBoss was not working correctly and there were possible
   object leaks. The fix required an API change to UserPrinciple and UserRealm.
 + Fixed Virtual hosts to case insensitive.
 + Fix security problem with trailing special characters. Trailing %00 enabled
   JSP source to be viewed or other servlets to be bypassed.
 + Improved FORM auth handling of role failure.
 + Improved Jasper debug output.
 + Improved ThreadedServer timeout defaults
 + PathMap spec separator changed from ',' to ':'. May be set with
   org.mortbay.http.PathMap.separators system property.
 + Upgraded JSSE to 1.0.2

jetty-3.1.2 - 13 October 2001
 + Added run target to ant
 + Added ServletHandler.sessionCount()
 + Added short delay to shutdown hook for JVM bug.
 + Changed 304 responses for Opera browser.
 + Changed JSESSIONID to jsessionid
 + Changed unsatisfiable range warnings to debug.
 + Fixed attr handling in XmlParser.toString
 + Fixed authentication role handling in FORM auth.
 + Fixed double entry on PathMap.getMatches
 + Fixed FORM Authentication username.
 + Fixed NotFoundHandler handling of unknown methods
 + Fixed request log date formatting
 + Fixed servlet handling of non session url params.
 + FORM authentication passes query params.
 + Further improvements in handling of shutdown.
 + Log OK state after thread low warnings.

jetty-3.1.1 - 27 September 2001
 + Correctly ignore auth-constraint descriptions.
 + Fixed jar manifest format - patched 28 Sep 2001
 + Fixed ServletRequest.getLocale().
 + Handle requestdispatcher during init.
 + Reduced verbosity of bad URL errors from IIS virus attacks
 + Removed incorrect warning for WEB-INF/lib jar files.
 + Removed JDK 1.3 dependancy
 + Use lowercase tags in html package to be XHTML-like.

jetty-3.1.0 - 21 September 2001
 + Added HandlerContext.registerHost
 + Added long overdue Tutorial documentation.
 + Fix .. handling in URI
 + Fix flush on stop bug in logs.
 + Fix FORM authentication on exact patterns
 + Fix Jetty.bat for spaces.
 + Fix param reading on CGI servlet
 + Fix REFFERER in CGI
 + Fix ResourceHandler cache invalidate.
 + Fix reuse of Resource
 + Fix ServletResponse.setLocale()
 + Improved closing of listeners.
 + Improved some other documentation.
 + New simplified jetty.bat
 + Optimized List creation
 + Removed win32 service.exe

jetty-3.1.rc9 - 02 September 2001
 + Added bin/orgPackage.sh script to change package names.
 + Added handlerContext.setClassPaths
 + Added lowResourcePersistTimeMs for more graceful degradation when we run out
   of threads.
 + Added support for Nonblocking listener.
 + Changed to org.mortbay domain names.
 + Fixed bug with non cookie sessions.
 + Fixed handling of rel form authentication URLs
 + Format cookies in HttpFields.
 + Form auth login and error pages relative to context path.
 + Patched Jasper to 3.2.3.

jetty-3.1.rc8 - 22 August 2001
 + Added HttpServer statistics
 + Allow contextpaths without leading /
 + Allow per context log files.
 + Buffer allocation
 + Don't add notfound context.
 + Fixed handling of default mime types
 + ISO8859 conversion
 + Many major and minor optimizations:
 + OutputStreamLogSink replaces WriterLogSink
 + Removed race from dynamic servlet initialization.
 + Separation of URL params in HttpHandler API.
 + StringMap
 + Support WEB-INF/web-jetty.xml configuration extension for webapps
 + Updated sponsors page
 + URI canonicalPath
 + URI pathAdd

jetty-3.1.rc7 - 09 August 2001
 + Added doco for Linux port redirection.
 + Added FORM authentication.
 + Added method handling to HTAccessHandler.
 + Added shutdown hooks to Jetty.Server to trap Ctl-C
 + Added UML diagrams to Jetty architecture documentation.
 + Added utility methods to ServletHandler for wrapping req/res pairs.
 + Don't persist connections if low on threads.
 + Dump Servlet displays cert chains
 + Fix bug in sendRedirect for HTTP/1.1
 + Fixed bug with session ID generation.
 + Fixed redirect handling by the CGI Servlet.
 + Fixed request.getPort for redirections from 80
 + Optimized HttpField handling to reduce object creatiyon.
 + Remove old context path specs
 + ServletRequest SSL attributes in line with 2.2 and 2.3 specs.
 + ServletResponse.sendRedirect puts URLs into absolute format.
 + Use Enumerations to reduce conversions for servlet API.

jetty-3.1.rc6 - 10 July 2001
 + Added Client authentication to the JsseListener
 + Added debug and logging config example to demo.xml
 + Added Get element to the XmlConfiguration class.
 + Added getResource to HandleContext.
 + Added Static calls to the XmlConfiguration class.
 + Avoid script vulnerability in error pages.
 + Cleaned up destroy handling of listeners and contexts.
 + Cleaned up Win32 Service server creation.
 + Close persistent HTTP/1.0 connections on missing Content-Length
 + Fixed a problem with Netscape and the acrobat plugin.
 + Fixed bug in B64Code. Optimised B64Code.
 + Fixed XmlParser to handle xerces1.3 OK
 + Improved debug output for IOExceptions.
 + Improved SSL debugging information.
 + KeyPairTool can now load cert chains.
 + KeyPairTool is more robust to provider setup.
 + Moved gimp image files to Jetty3Extra
 + Moved mime types and encodings to property bundles.
 + Removed getConfiguration from LifeCycleThread to avoid JMX clash.
 + RequestDispatch.forward() uses normal HandlerContext.handle() path if
   possible.
 + Updated to JSSE-1.0.2, giving full strength crypto.
 + Use exec for jetty.sh run
 + WebApps initialize resourceBase before start.
 + Win32 Service uses Jetty.Server instead of HttpServer.

jetty-3.1.rc5 - 01 May 2001
 + Added build target for mini.jetty.jar - see README.
 + Added HTaccessHandler to authenitcate against apache .htaccess files.
 + Added query param handling to ForwardHandler
 + Added ServletHandler().setUsingCookies().
 + Added UnixCrypt support to c.m.U.Password
 + Fixed EOF handling in MultiPartRequest.
 + Fixed forwarding to null pathInfo requests.
 + Fixed handling of empty responses at header commit.
 + Fixed handling of multiple cookies.
 + Fixed jetty.bat classpath problems.
 + Fixed ResourceHandler handling of ;JSESSIONID
 + Fixed sync of ThreadPool idleSet.
 + Major restructing of packages to separate servlet dependancies. c.m.XML  -
   moved XML dependant classes from c.m.Util c.m.HTTP - No servlet or XML
   dependant classes: c.m.Jetty.Servlet - moved from c.m.HTTP.Handler.Servlet
   c.m.Servlet - received some servlet dependant classes from HTTP.
 + Optimized canonical path calculations.
 + Request log contains bytes actually returned.
 + Warn and close connections if content-length is incorrectly set.

jetty-3.0.6 - 26 April 2001
 + Fixed EOF handlding in MultiPartRequest.
 + Fixed forwarding to null pathInfo requests.
 + Fixed handling of empty responses at header commit.
 + Fixed ResourceHandler handling of ;JSESSIONID
 + Fixed sync of ThreadPool idleSet.
 + Load-on-startup the JspServlet so that precompiled servlets work.

jetty-3.1.rc4 - 14 April 2001
 + Added idle thread getter to ThreadPool.
 + Include full versions of JAXP and Crimson
 + Load-on-startup the JspServlet so that precompiled servlets work.
 + Removed stray debug println from the Frame class.

jetty-3.0.5 - 14 April 2001
 + Branched from 3.1 trunk to fix major errors
 + Created better random session ID
 + Don't chunk if content length is known.
 + fixed getLocales handling of quality params
 + Fixed LineInput bug EOF
 + Fixed session invalidation unbind notification to conform with spec
 + Improved flush ordering for forwarded requests.
 + Load-on-startup the JspServlet so that precompiled servlets work.
 + Resource handler strips URL params like JSESSION.
 + Turned off range handling by default until bugs resolved

jetty-3.1.rc3 - 09 April 2001
 + Added ContentHandler Observer to XmlParser.
 + Allow webapp XmlParser to be observed for ejb-ref tags etc.
 + Cleaned up handling of exceptions thrown by servlets.
 + Created better random session ID
 + Frame handles more JIT stacks.
 + Handle zero length POSTs
 + Implemented multi-part ranges so that acrobat is happy.
 + Improved flush ordering for forwarded requests.
 + Improved ThreadPool stop handling
 + Simplified multipart response class.
 + Start session scavenger if needed.

jetty-3.1.rc2 - 30 March 2001
 + Added MultiException to throw multiple nested exceptions.
 + added options to turn off ranges and chunking to support acrobat requests.
 + fixed getLocales handling of quality params
 + fixed getParameter(name) handling for multiple values.
 + Improved handling of Primitive classes in XmlConfig
 + Improved logging of nested exceptions.
 + Lifecycle.start() may throw Exception
 + Only one instance of default MIME map.
 + Renamed getConnection to getHttpConnection
 + Use reference JAXP1.1 for XML parsing.y
 + Version 1.1 of configuration dtd supports New objects.

jetty-3.1.rc1 - 18 March 2001
 + Added Jetty documentation pages from JettyWiki
 + Cleaned up build.xml script
 + Fixed problem with ServletContext.getContext(uri)
 + Minimal handling of Servlet.log before initialization.
 + Moved JMX and SASL handling to Jetty3Extra release
 + Resource handler strips URL params like JSESSION.
 + Various SSL cleanups

jetty-3.1.rc0 - 23 February 2001
 + Added JMX management framework.
 + Changed getter and setter methods that did not conform to beans API.
 + Dynamic servlets may be restricted to Context classloader.
 + Fixed init order for unnamed servlets.
 + Fixed session invalidation unbind notification to conform with spec
 + Improved handling of primitives in utilities.
 + Improved InetAddrPort and ThreadedServer to reduce DNS lookups.
 + Reoganized packages to allowed sealed Jars
 + Socket made available via HttpConnection.
 + Use Thread context classloader as default context loader parent.

jetty-3.0.4 - 23 February 2001
 + Fixed LineInput bug with split CRLF.

jetty-3.0.3 - 03 February 2001
 + Allow Log to be disabled before initialization.
 + Fixed handling of directories without trailing /
 + Fixed pipelined request buffer bug.
 + Handle empty form content without exception.
 + Implemented web.xml servlet mapping to a JSP
 + Included new Jetty Logo

jetty-3.0.2 - 13 January 2001
 + Added etc/jetty.policy as example policy file.
 + Allow '+' in path portion of a URL.
 + Context specific security permissions.
 + Greatly improved buffering in ChunkableOutputStream
 + Handle unknown status reasons in HttpResponse
 + Ignore included response updates rather than IllegalStateException
 + Improved HTML.Block efficiency
 + Improved jetty.bat
 + Improved jetty.sh
 + Padded error bodies for IE bug.
 + Removed classloading stats which were causing circular class loading
   problems.
 + Replaced ResourceHandler FIFO cache with LRU cache.
 + Restructured demo site pages.
 + Try ISO8859_1 encoding if can't find ISO-8859-1

jetty-3.0.1 - 20 December 2000
 + Fixed value unbind notification for session invalidation.
 + Removed double null check possibility from ServletHolder

jetty-3.0.0 - 17 December 2000
 + Fixed rel path handling in default configurations.
 + Fixed rollover bug in WriterLogSink
 + Fixed taglib parsing
 + Fixed WriterLogSink init bug
 + Improved dtd resolution in XML parser.
 + Improved jetty.sh logging
 + Optional extract war files.
 + Use inner class to avoid double null check sync problems

jetty-3.0.0.rc8 - 13 December 2000
 + Added ForwardHandler
 + Change PathMap handling of /* to give precedence over suffix mapping.
 + Default log options changed if in debug mode.
 + Forward to welcome pages rather than redirect.
 + getSecurityHandler creates handler at position 0.
 + Improved exit admin handling
 + Jetty.Server catches init exceptions per server
 + Mapped *.jsp,*.jsP,*.jSp,*.jSP,*.Jsp,*.JsP,*.JSp,*.JSP
 + Optional alias checking added to FileResource.  Turned on by default on all
   platforms without the "/" file separator.
 + Patched jasper to tomcat 3.2.1
 + Protected META-INF as well as WEB-INF in web applications.
 + Removed security constraint on demo admin server.
 + Removed some unused variables.
 + Removed special characters from source.
 + SysV unix init script
 + Tidied handling of ".", ".." and "//" in resource paths

jetty-3.0.0.rc7 - 02 December 2000
 + Added Com.mortbay.HTTP.Handler.Servlet.Context.LogSink attribute to Servlet
   Context. If set, it is used in preference to the system log.
 + Added NotFoundServlet
 + Added range handling to ResourceHandler.
 + Allow dynamic servlets to be served from /
 + Auto add a NotFoundHandler if needed.
 + CGI servlet handles not found better.
 + Changed log options to less verbose defaults.
 + Conditionals apply to puts, dels and moves in ResourceHandler.
 + Depreciated RollOverLogSink and moved functionality to an improved
   WriterLogSink.
 + Don't set MIME-Version in response.
 + Double null lock checks use ThreadPool.__nullLockChecks.
 + Extended security constraints (see README and WebApp Demo).
 + Fixed security problem with lowercase WEB-INF uris on windows.
 + Handle multiple inits of same servlet class.
 + PUT, MOVE disabled in WebApplication unless defaults file is passed.
 + Set the AcceptRanges header.
 + Set thread context classloader during handler start/stop calls.
 + Split Debug servlet out of Admin Servlet.
 + ThreadedServer.forceStop() now makes a connection to itself to handle
   non-premptive close.
 + URIs accept all characters < 0xff.
 + WEB-INF protected by NotFoundServlet rather than security constraint.

jetty-3.0.0.rc6 - 20 November 2000
 + Added ServletWriter that can be disabled.
 + Added Win32 service support
 + Admin servlet uses unique links for IE.
 + Allow HttpMessage state to be manipulated.
 + Allow load-on-startup with no content.
 + Allow multiple set cookies.
 + Corrected a few of the many spelling mistakes.
 + don't include classes in release.
 + Don't set connection:close for normal HTTP/1.0 responses.
 + Don't start HttpServer log sink on add.
 + Fixed RollOverFileLogSink bug with extra log files.
 + Implemented customizable error pages.
 + Implemented resource aliases in HandlerContext - used by Servlet Context
 + Improved Log defaults
 + Javadoc improvements.
 + Map tablib configuration to resource aliases.
 + Prevent reloading dynamic servlets at different paths.
 + Put extra server and servlet info in header.
 + Reduced risk of double null check sync problem.
 + RequestDispatcher.forward() only resets buffer, not headers.
 + RequestDispatcher new queries params replace old.
 + Resource gets systemresources from it's own classloader.
 + Servlet init order may be negative.
 + Session cookies are given context path
 + Sessions try version 1 cookies in set-cookie2 header.
 + Simple stats in ContextLoader.
 + Version details in header can be suppressed with System property
   java.com.mortbay.HTTP.Version.paranoid
 + Warn for missing WEB-INF or web.xml
 + Webapps serve dynamics servlets by default.

jetty-3.0.0.rc5 - 12 November 2000
 + Added debug form to Admin servlet.
 + Allow null cookie values
 + Avoid jprobe race warnings in DateCache
 + Default writer encoding set by mime type if not explicitly set.
 + Implemented servlet load ordering.
 + Many javadoc cleanups.
 + Merged DynamicHandler into ServletHandler.
 + Moved JSP classpath hack to ServletHolder
 + Pass flush through ServletOut
 + Relax webapp rules, accept no web.xml or no WEB-INF
 + Removed Makefile build system.
 + RequestDispatcher can dispatch static resources.
 + Servlet exceptions cause 503 unavailable rather than 500 server error

jetty-2.4.9 - 12 November 2000
 + HtmlFilter handles non default encodings
 + HttpListener default max idle time = 20s
 + HttpListener ignore InterruptedIOExceptions
 + HttpRequest.write uses ISO8859_1 encoding.
 + Writing HttpRequests encodes path

jetty-3.0.0.rc4 - 06 November 2000
 + Fixed mime type mapping bug introduced in RC3
 + Fixed mis-synchronization in ThreadPool.stop()
 + Ignore more IOExceptions (still visible with debug).
 + Provide default JettyIndex.properties

jetty-3.0.0.rc3 - 05 November 2000
 + Added bin/jetty.sh run script.
 + Added context class path dynamic servlet demo
 + Added gz tgz tar.gz .z mime mappings.
 + Added HandlerContext.setHttpServerAccess for trusted contexts.
 + Changed ThreadPool.stop for IBM 1.3 JVM
 + Fixed default mimemap initialization bug
 + Further clean up of the connection close actions
 + Handle mime suffixes containing dots.
 + Implemented mime mapping in webapplications.
 + Moved unused classes from com.mortbay.Util to com.mortbay.Tools in new
   distribution package.
 + Optimized persistent connections by recycling objects
 + Prevent servlet setAttribute calls to protected context attributes.
 + Removed redundant context attributes.
 + Set MaxReadTimeMs in all examples
 + Set the thread context class loader in HandlerContext.handle
 + Strip ./ from relative resources.
 + upgraded build.xml to ant v1.2

jetty-3.0.0.rc2 - 29 October 2000
 + Accept HTTP/1. as HTTP/1.0 (for netscape bug).
 + Accept public DTD for XmlConfiguration (old style still supported).
 + Cleaned up non persistent connection close.
 + ErlEncoding treats params without values as empty rather than null.
 + Fixed thread name problem in ThreadPool
 + Pass file based classpath to JspServlet (see README).
 + Prevented multiple init of ServletHolder
 + Replaced ISO-8859-1 literals with StringUtil static

jetty-2.4.8 - 23 October 2000
 + Fixed bug with 304 replies with bodies.
 + Fixed closing socket problem
 + Improved win32 make files.

jetty-3.0.0.rc1 - 22 October 2000
 + Added CGI to demo
 + Added HashUserRealm and cleaned up security constraints
 + Added Multipart request and response classes from Jetty2
 + Added simple admin servlet.
 + All attributes in javax. java. and com.mortbay. name spaces to be set.
 + Cleaned up exception handling.
 + Initialize JSP with classloader.
 + Moved and simplified ServletLoader to ContextLoader.
 + Partial handling of 0.9 requests.
 + removed Thread.destroy() calls.

jetty-3.0.B05 - 18 October 2000
 + Added default webapp servlet mapping /servlet/name/*
 + Cleaned up response committing and flushing
 + Fixed JarFileResource to handle jar files without directories.
 + Handler RFC2109 cookies (like any browser handles them!)
 + Implemented security-role-ref for servlets
 + Implemented war file support
 + improved ant documentation.
 + Improved default log format for clarity.
 + Improved null returns to get almost clean watchdog test.
 + Improved path spec interpretation by looking at 2.3 spec
 + Java2 style classloading
 + Made test harnesses work with ant.
 + Protected servletConfig from downcast security problems
 + Removed most deprecation warnings
 + Separated context attributes and initParams.

jetty-3.0.B04 - 12 October 2000
 + Added modified version of JasperB3.2 for JSP
 + Added webdefault.xml for web applications.
 + Do not try multiple servlets for a request.
 + Filthy hack to teach jasper JspServer Jetty classpath
 + Fixed problem with session ID in paths
 + Implemented Context.getContext(uri)
 + Merged and renamed third party jars.
 + Moved FileBase to docroot
 + Redirect to index files, so index.jsp works.
 + Restricted context mapping to simple model for servlets.

jetty-3.0.B03 - 09 October 2000
 + Added append mode in RolloverFileLogSink
 + Added release script
 + Catch stop and destroy exceptions in HttpServer.stop()
 + Expanded import package.*; lines
 + Expanded leading tabs to spaces
 + Handle ignorable spaces in WebApplication
 + Handle ignorable spaces in XmlConfiguration
 + Implemented request dispatching.
 + Improved Context to Handler contract.
 + Improved handler toString
 + Improved Log rollover.
 + Made LogSink a Lifecycle interface
 + Parse but not handler startup ordering in web applications.
 + Pass object to LogSink
 + Redirect context only paths.
 + Redo dynamic servlets handling
 + Remove 411 checks as IE breaks this rule after redirect.
 + Removed last remnants JDK 1.1 support
 + Send request log via a LogSink
 + Simplified path translation and real path calculation.
 + Warn about explicit sets of WebApplication

jetty-2.4.7 - 06 October 2000
 + Added encode methods to URI
 + Allow Objects to be passed to LogSink
 + fixes to SSL doco
 + Improved win32 build
 + Set content length on errors for keep alive.
 + Support key and keystore passwords
 + Various improvements to  ServletDispatch, PropertyTree and associated
   classes.

jetty-3.0.B02 - 24 August 2000
 + Added CGI servlet
 + Fixed bug in TestRFC2616
 + Fixed HTTP/1.0 input close bug
 + Fixed LineInput bug with SSL giving CR pause LF.
 + Improved ThreadedServer stop and destroy
 + Use resources in WebApplication

jetty-3.0.B01 - 21 August 2000
 + Implemented more webapp configuration
 + Partial implementation of webapp securitycontraints
 + SSL implemented with JsseListener
 + Switched to the aelfred XML parser from microstar, which is only partially
   validating, but small and lightweight

jetty-2.4.6 - 16 August 2000
 + Added passive mode methods to FTP
 + com.mortbay.Util.KeyPairTool added to handle openSSL SSL keys.
 + JsseListener & SunJsseListener added and documented
 + Minor changes to compile with jikes.
 + Turn Linger off before closing sockets, to allow restart.

jetty-3.0.A99 - 10 August 2000
 + Added Resource abstraction
 + Added Xmlconfiguration utility
 + Implemented jetty.xml configuration
 + Make it compile cleanly with jikes.
 + Re-added commented out imports for JDK-1.1 compile
 + Removed FileBase. Now use ResourceBase instead
 + Replaced FileHandler with ResourceHandler
 + ServletLoader simplied and uses ResourcePath
 + Use SAX XML parsing instead of DOM for space saving.

jetty-3.0.A98 - 20 July 2000
 + Allow HttpRequest.toString() handles bad requests.
 + Fixed constructor to RolloverFileLogSink
 + Implemented Jetty demos and Site as Web Application.
 + Implemented WebApplicationContext
 + Improved synchronization on LogSink
 + ServletRequest.getServerPort() returns 80 rather than 0
 + Switched to JDK1.2 only

jetty-3.0.A97 - 13 July 2000
 + Added error handling to LifeCycleThread
 + Added WML mappings
 + Better tuned SocketListener parameters
 + Fixed makefiles for BSD ls
 + Fixed persistent commits with no content (eg redirect+keep-alive).
 + Formatted version in server info string.
 + implemented removeAttribute on requests
 + Implemented servlet getLocale(s).
 + Implemented servlet isSecure().
 + Less verbose debug
 + Protect setContentLength from a late set in default servlet HEAD handling.
 + Started RequestDispatcher implementation.
 + Tempory request log implementation

jetty-2.4.5 - 09 July 2000
 + Added HtmlExpireFilter and removed response cache revention from HtmlFilter.
 + Don't mark a session invalid until after values unbound.
 + Fixed transaction handling in JDBC wrappers
 + Formatted version in server info.

jetty-3.0.A96 - 27 June 2000
 + Fixed bug with HTTP/1.1 Head reqests to servlets.
 + Supressed un-needed chunking EOF indicators.

jetty-3.0.A95 - 24 June 2000
 + Fixed getServletPath for default "/"
 + Handle spaces in file names in FileHandler.

jetty-3.0.A94 - 19 June 2000
 + Added HandlerContext to allow grouping of handlers into units with the same
   file, resource and class configurations.
 + Cleaned up commit() and added complete() to HttpResponse
 + Implemented Sessions.
 + PathMap exact matches can terminate with ; or # for URL sessions and
   targets.
 + Updated license to clarify that commercial usage IS OK!

jetty-3.0.A93 - 14 June 2000
 + Lots of changes and probably unstable
 + Major rethink! Moved to 2.2 servlet API

jetty-3.0.A92 - 07 June 2000
 + Added HTML classes to jar
 + Fixed redirection bug in FileHandler

jetty-2.4.4 - 03 June 2000
 + Added build-win32.mak
 + Added HTML.Composite.replace
 + Added RolloverFileLogSink
 + Added uk.org.gosnell.Servlets.CgiServlet to contrib
 + BasicAuthHandler uses getResourcePath so it can be used behind request
   dispatching
 + FileHandler implements IfModifiedSince on index files.
 + HttpRequest.setRequestPath does not null pathInfo.
 + Improved LogSink configuration
 + Many debug call optimizations
 + Support System.property expansions in PropertyTrees.

jetty-3.0.A91 - 03 June 2000
 + Abstracted ServletHandler
 + Added HTML classes from Jetty2
 + Implemented realPath and getResource methods for servlets.
 + Improved LogSink mechanism
 + Simplified class loading
 + Simplified HttpServer configuration methods and arguments

jetty-3.0.A9 - 07 May 2000
 + File handler checks modified headers on directory indexes.
 + Fixed double chunking bug in SocketListener.
 + Improvided finally handling of output end game.
 + ServletLoader tries unix then platform separator for zip separator.

jetty-3.0.A8 - 04 May 2000
 + addCookie takes an int maxAge rather than a expires date.
 + Added LogSink extensible log architecture.
 + Added Tenlet class for reverse telnet.
 + Code.ignore only outputs when debug is verbose.
 + Moved Sevlet2_1 handler to com.mortbay.Servlet2_1
 + Servlet2_1 class loading re-acrchitected. See README.

jetty-2.4.3 - 04 May 2000
 + Allow CRLF in UrlEncoded
 + Pass Cookies with 0 max age to browser.

jetty-2.4.2 - 23 April 2000
 + Added GNUJSP to JettyServer.prp file.
 + Added LogSink and FileLogSink classes to allow extensible Log handling.
 + Handle nested RequestDispatcher includes.
 + Modified GNUJSP to prevent close in nested requests.

jetty-3.0.A7 - 15 April 2000
 + Added InetGateway to help debug IE5 problems
 + added removeValue method to MultiMap
 + fixed flush problem with chunked output for IE5
 + Include java 1.2 source hierarchy
 + removed excess ';' from source

jetty-2.4.1 - 09 April 2000
 + Fixed bug in HtmlFilter for tags split between writes.
 + Removed debug println from ServletHolder.
 + Set encoding before exception in FileHandler.

jetty-3.0.A6 - 09 April 2000
 + added bin/useJava2Collections to convert to JDK1.2
 + Dates forced to use US locale
 + Improved portability of Frame and Debug.
 + Integrated skeleton 2.1 Servlet container
 + Removed Converter utilities and InetGateway.

jetty-2.4.0 - 24 March 2000
 + Absolute URIs are returned by getRequestURI (if sent by browser).
 + Added doc directory with a small start
 + Added per servlet resourceBase configuration.
 + Added VirtualHostHandler for virtual host handling
 + Fixed bug with RequestDispatcher.include()
 + Fixed caste problem in UrlEncoded
 + Fixed null pointer in ThreadedServer with stopAll
 + Form parameters only decoded for POSTs
 + Implemented full handling of cookie max age.
 + Improved parsing of stack trace in debug mode.
 + Moved SetUID native code to contrib hierarchy
 + RequestDispatcher handles URI parameters
 + Upgraded to gnujsp 1.0.0

jetty-2.3.5 - 25 January 2000
 + Added configuration option to turn off Keep-Alive in HTTP/1.0
 + Added contrib/com/kiwiconsulting/jetty JSSE SSL adaptor to release.
 + Allow configured servlets to be auto reloaded.
 + Allow properties to be configured for dynamic servlets.
 + Fixed expires bug in Cookies
 + Fixed nasty bug with HTTP/1.1 redirects.
 + Force locale of date formats to US.
 + ProxyHandler sends content for POSTs etc.

jetty-2.3.4 - 18 January 2000
 + Cookie map keyed on domain as well as name and path.
 + DictionaryConverter handles null values.
 + Fixed IllegalStateException handling in DefaultExceptionHandler
 + Fixed interaction with resourcePaths and proxy demo.
 + Improved HtmlFilter.activate header modifications.
 + include from linux rather than genunix for native builds
 + MethodTag.invoke() is now public.
 + Servlet properties allow objects to be stored.
 + URI decodes applies URL decoding to the path.

jetty-3.0.A5 - 19 October 1999
 + Do our own URL string encoding with 8859-1
 + Replaced LF wait in LineInput with state boolean.
 + Use char array in UrlEncoded.decode
 + Use ISO8859_1 instead of UTF8 for headers etc.

jetty-2.3.3 - 19 October 1999
 + Do our own URL encoding with ISO-8859-1
 + HTTP.HTML.EmbedUrl uses contents encoding.
 + Replaced UTF8 encoding with ISO-8859-1 for headers.
 + Use UrlEncoded for form parameters.

jetty-2.3.2 - 17 October 1999
 + Fixed getReader bug with HttpRequest.
 + Updated UrlEncoded with Jetty3 version.

jetty-3.0.A4 - 16 October 1999
 + Added LF wait after CR to LineInput.
 + Basic Authentication Handler.
 + Request attributes
 + UTF8 in UrlDecoded.decodeString.

jetty-2.3.1 - 14 October 1999
 + Added assert with no message to Code
 + Added Oracle DB adapter
 + Changed demo servlets to use writers in preference to outputstreams
 + Fixed GNUJSP 1.0 resource bug.
 + Force UTF8 for FTP commands
 + Force UTF8 for HTML
 + HTTP/1.0 Keep-Alive (about time!).
 + NullHandler/Server default name.name.PROPERTIES to load
   prefix/name.name.properties
 + Prevented thread churn on idle server.
 + ThreadedServer calls setSoTimeout(_maxThreadIdleMs) on accepted sockets.
   Idle reads will timeout.
 + Use UTF8 in HTTP headers

jetty-3.0.A3 - 14 October 1999
 + Added LifeCycle interface to Utils implemented by ThreadPool,
   ThreadedServer, HttpListener & HttpHandler
 + Added service method to HttpConnection for specialization.
 + MaxReadTimeMs added to ThreadedServer.
 + StartAll, stopAll and destroyAll methods added to HttpServer.

jetty-3.0.A2 - 13 October 1999
 + Added cookie support and demo.
 + Cleaned up Util TestHarness.
 + Fixed LineInput problem with repeated CRs
 + HEAD handling.
 + HTTP/1.0 Keep-alive (about time!)
 + NotFound Handler
 + OPTION * Handling.
 + Prevent entity content for responses 100-199,203,304
 + Reduced flushing on writing response.
 + TRACE handling.
 + UTF8 handling on raw output stream.
 + Virtual Hosts.

jetty-3.0.A1 - 12 October 1999
 + Added HttpHandler interface with start/stop/destroy lifecycle
 + Added MultiMap for common handling of multiple valued parameters.
 + Added parameters to HttpRequest
 + Added PathMap implementing mapping as defined in the 2.2 API specification
   (ie. /exact, /prefix/*, *.extention & default ).
 + Implemented simple extension architecture in HttpServer.
 + LineInput uses own buffering and uses character encodings.
 + Quick port of FileHandler
 + Setup demo pages.
 + Updated HttpListener is start/stop/destroy lifecycle.

jetty-3.0.A0 - 09 October 1999
 + Added generalized HTTP Connection.
 + Added support for servlet 2.2 outbut buffer control.
 + Added support for transfer and content encoding filters.
 + Cleaned up chunking code to use LineInput and reduce buffering.
 + Cleanup and abstraction of ThreadPool.
 + Cleanup of HttpRequest and decoupled from Servlet API
 + Cleanup of HttpResponse and decoupled from Servlet API
 + Cleanup of LineInput, using 1.2 Collections.
 + Cleanup of URI, using 1.2 Collections.
 + Cleanup of UrlEncoded, using 1.2 Collections.
 + Created RFC2616 test harness.
 + Extended URI to handle absolute URLs
 + Generalized notification of outputStream events.
 + gzip and deflate request transfer encodings
 + HttpExceptions now produce error pages with specific detail of the
   exception.
 + HttpMessage supports chunked trailers.
 + HttpMessage supports message states.
 + Moved com.mortbay.Base classes to com.mortbay.Util
 + Moved HttpInput/OutputStream to ChunkableInput/OutputStream.
 + Split HttpHeader into HttpFields and HttpMessage.
 + Started fresh repository in CVS
 + TE field coding and trailer handler
 + ThreadedServer based on ThreadPool.

jetty-2.3.0 - 05 October 1999
 + Added SetUID class with native Unix call to set the effective User ID.
 + FTP closes files after put/get.
 + FTP uses InetAddress of command socket for data socket.

jetty-2.3.0A - 22 September 1999
 + Added "Powered by Jetty" button.
 + Added BuildJetty.java file.
 + Added GNUJSP 1.0 for the JSP 1.0 API.
 + Expanded tabs to spaces in source.
 + Made session IDs less predictable and removed race.
 + ServerContext available to HtmlFilters via context param
 + Use javax.servlet classes from JWSDK1.0

jetty-2.2.8 - 15 September 1999
 + Added disableLog() to turn off logging.
 + Allow default table attributes to be overriden.
 + Fixed bug in Element.attribute with empty string values.
 + Improved quoting in HTML element values
 + Made translation of getRequestURI() optional.
 + Removed recursion from TranslationHandler

jetty-2.2.7 - 09 September 1999
 + Added default row, head and cell elements to Table.
 + Added GzipFilter for content encoding.
 + FileHandler passes POST request through if the file does not exist.
 + Reverted semantics of getRequestURI() to return untranslated URI.

jetty-2.2.6 - 05 September 1999
 + Added destroy() method on all HttpHandlers.
 + Added ServletRunnerHandler to the contrib directories.
 + Allow the handling of getPathTranslated to be configured in ServletHandler.
 + class StyleLink added.
 + Cookies always available from getCookies.
 + Cookies parameter renamed to CookiesAsParameters
 + cssClass, cssID and style methods added to element.
 + FileHandler does not server files ending in '/'
 + Fixed Cookie max age order of magnitude bug.
 + HttpRequest.getSession() always returns a session as per the latest API
   spec.
 + Ignore duplicate single valued headers, rather than reply with bad request,
   as IE4 breaks the rules.
 + media added to Style
 + New implementation of ThreadPool, avoids a thread leak problem.
 + Removed JRUN options from ServletHandler configuration.
 + ServletHandler.destroy destroys all servlets.
 + SPAN added to Block
 + Updated HTML package to better support CSS:

jetty-2.2.5 - 19 August 1999
 + Always close connection after a bad request.
 + Better default handling of ServletExceptions
 + Close loaded class files so Win32 can overwrite them before GC (what a silly
   file system!).
 + Don't override the cookie as parameter option.
 + Fixed bug with closing connections in ThreadedServer
 + Improved error messages from Jetty.Server.
 + Limited growth in MultiPartResponse boundary.
 + Made start and stop non final in ThreadedServer
 + Set Expires header in HtmlFilter.

jetty-2.2.4 - 02 August 1999
 + Better help on Jetty.Server
 + Fixed bugs in HtmlFilter parser and added TestHarness.
 + HtmlFilter blanks IfModifiedSince headers on construction
 + HttpRequests may be passed to HttpFilter constructors.
 + Improved cfg RCS script.
 + ThreadedServer can use subclasses of Thread.

jetty-2.2.3 - 27 July 1999
 + Added stop call to HttpServer, used by Exit Servlet.
 + FileHandler defaults to allowing directory access.
 + Fixed parser bug in HtmlFilter
 + Improved performance of com.mortbay.HTML.Heading
 + JDBC tests modified to use cloudscape as DB.
 + Made setInitialize public in ServletHolder
 + Simplified JDBC connection handling so that it works with Java1.2 - albeit
   less efficiently.

jetty-2.2.2 - 22 July 1999
 + File handler passes through not allowed options for non existant files.
 + Fixed bug in com.mortbay.Util.IO with thread routines.
 + Fixed bug in HtmlFilter that prevented single char buffers from being
   written.
 + Fixed bug with CLASSPATH in FileJarServletLoader after attempt to load from
   a jar.
 + Implemented getResourceAsStream in FileJarServletLoader
 + Improved com.mortbay.Base.Log handling of different JVMs
 + Minor fixes to README
 + Moved more test harnesses out of classes.
 + NotFoundHandler can repond with SC_METHOD_NOT_ALLOWED.

jetty-2.2.1 - 18 July 1999
 + Added optional resourceBase property to HttpConfiguration. This is used as a
   URL prefix in the getResource API and was suggested by the JSERV and Tomcat
   implementors.
 + Added TerseExceptionHandler
 + Comma separate header fields.
 + Decoupled ExceptionHandler configuration from Handler stacks. Old config
   style will produce warning and Default behavior. See new config file format
   for changes.
 + Handle continuation lines in HttpHeader.
 + HtmlFilter resets last-modified and content-length headers.
 + Ignore IOException in ThreadedServer.run() when closing.
 + Implemented com.mortbay.Util.IO as a ThreadPool
 + Less verbose debug in PropertyTree
 + Limit maximum line length in HttpInputStream.
 + Protect against duplicate single valued headers.
 + Response with SC_BAD_REQUEST rather than close in more circumstances

jetty-2.2.0 - 01 July 1999
 + Added Protekt SSL HttpListener
 + Exit servlet improved (a little).
 + Fixed some of the javadoc formatting.
 + Improved feature description page.
 + Moved GNUJSP and Protekt listener to a contrib hierarchy.
 + ThreadedServer.stop() closes socket before interrupting threads.

jetty-2.2.Beta4 - 29 June 1999
 + Added comments to configuration files.
 + Added getGlobalProperty to Jetty.Server and used this to configure default
   page type.
 + Added JettyMinimalDemo.prp as an example of an abbreviated configuration.
 + Added property handling to ServletHandler to read JRUN servlet configuration
   files.
 + Altered meaning of * in PropertyTree to assist in abbreviated configuration
   files.
 + Expanded Mime.prp file
 + FileHandler flushes files from cache in DELETE method.
 + Made ServerSocket and accept call generic in ThreadedServer for SSL
   listeners.
 + Options "allowDir" added to FileHandler.
 + Restructured com.mortbay.Jetty.Server for better clarity and documentation.
 + ThreadedServer.stop() now waits until all threads are stopped.
 + Updated README.txt

jetty-2.2.Beta3 - 22 June 1999
 + Added alternate constructors to HTML.Include for InputStream.
 + Added file cache to FileHandler
 + Applied contributed patch of spelling and typo corrections
 + Fixed bug in HttpResponse flush.
 + Fixed file and socket leaks in Include and Embed tags.
 + Implemented efficient version of ServletContext.getResourceAsStream() that
   does not open a new socket connection (as does getResource()).
 + Improved Block.write.
 + LookAndFeelServlet uses getResourceAsStream to get the file to wrap. This
   allows it to benefit from any caching done and to wrap arbitrary content
   (not just files).
 + Ran dos2unix on all text files
 + Re-implemented ThreadedServer to improve and balance performance.
 + Restructure demo so that LookAndFeel content comes from simple handler
   stack.
 + Server.shutdown() clears configuration so that server may be restarted in
   same virtual machine.

jetty-2.2.Beta2 - 12 June 1999
 + Added all write methods to HttpOutputStream$SwitchOutputStream
 + Added com.mortbay.Jetty.Server.shutdown() for gentler shutdown of server.
   Called from Exit servlet
 + Handle  path info of a dynamic loaded servlets and correctly set the servlet
   path.
 + HttpRequest.getParameterNames() no longer alters the order returned by
   getQueryString().
 + Standardized date format in persistent cookies.

jetty-2.2.Beta1 - 07 June 1999
 + Allow configuration of MinListenerThreads, MaxListenerThreads,
   MaxListenerThreadIdleMs
 + Close files after use to avoid "file leak" under heavy load.
 + Defined abstract ServletLoader, derivations of which can be specified in
   HttpConfiguration properties.
 + Destroy requests and responses to help garbage collector.
 + Don't warn about IOExceptions unless Debug is on.
 + Fixed cache in FileJarServletLoader
 + Fixed incorrect version numbers in a few places.
 + Fixed missing copyright messages from some contributions
 + HtmlFilter optimized for being called by a buffered writer.
 + Implemented all HttpServer attribute methods by mapping to the
   HttpConfiguration properties.  Dynamic reconfiguration is NOT supported by
   these methods (but we are thinking about it).
 + Improved ThreadPool synchronization and added minThreads.
 + Included GNUJSP 0.9.9
 + Limit the job queue only grow to the max number of threads.
 + Optional use of DateCache in log file format
 + Restructure ThreadedServer to reduce object creation.

jetty-2.2.Beta0 - 31 May 1999
 + Added "Initialize" attribute to servlet configuration to allow servlet to be
   initialized when loaded.
 + Added HttpResponse.requestHandled() method to avoid bug with servlet doHead
   method.
 + Added Page.rewind() method to allow a page to be written multiple times
 + Handle malformed % characters in URLs.
 + HttpRequest.getCookies returns empty array rather than null for no cookies.
 + Included and improved version of ThreadPool for significant performance
   improvement under high load.
 + Included contributed com.mortbay.Jetty.StressTester class
 + LogHandler changed to support only a single outfile and optional append.
 + Removed support for STF
 + Servlet loader handles jar files with different files separator.
 + ThreadedServer gently shuts down.
 + Token effort to keep test files out of the jar

jetty-2.2.Alpha1 - 07 May 1999
 + Call destroy on old servlets when reloading.
 + Dynamic servlets can have autoReload configured
 + Fixed bug in SessionDump
 + Made capitalization of config file more consistent(ish)
 + ServletHolder can auto reload servlets
 + Wait for requests to complete before reloading.

jetty-2.2.Alpha0 - 06 May 1999
 + Added reload method to ServletHolder, but no way to call it yet.
 + Added ServletLoader implementation if ClassLoader.
 + Changed options for FileServer
 + Dynamic loading of servlets.
 + Fixed date overflow in Cookies
 + HttpHandlers given setProperties method to configure via Properties.
 + HttpListener class can be configured
 + HttpResponse.sendError avoids IllegalStateException
 + Implemented ServletServer
 + Improved PropertyTree implementation
 + Improved SessionDump servlet
 + Mime suffix mapping can be configured.
 + New Server class using PropertyTree for configuration
 + Old Jetty.Server class renamed to Jetty.Server21
 + Removed historic API from sessions
 + Removed SimpleServletServer

jetty-2.1.7 - 22 April 1999
 + Fixed showstopper bug with getReader and getWriter in requests and
   responses.
 + HttpFilter uses package interface to get HttpOutputStream

jetty-2.1.6 - 21 April 1999
 + Added additional date formats for HttpHeader.getDateHeader
 + New simpler version of PropertyTree
 + Reduced initial size of most hashtables to reduce default memory overheads.
 + Return EOF from HttpInputStream that has a content length.
 + Throw IllegalStateException as required from gets of
   input/output/reader/writer in requests/responses.
 + Updated PropertyTreeEditor

jetty-2.1.5 - 15 April 1999
 + Added setType methods to com.mortbay.FTP.Ftp
 + Fixed alignment bug in TableForm
 + Fixed bug in ServletDispatch for null pathInfo
 + Fixed bugs with invalid sessions
 + Form parameters protected against multiple decodes when redirected.
 + HtmlFilter now expands <!=SESSION> to the URL encoded session if required.
 + Implemented HttpRequest.getReader()
 + Instrumented most of the demo to support URL session encoding.
 + Moved SessionHandler to front of stacks
 + Page factory requires response for session encoding
 + Reduced session memory overhead of sessions
 + Removed RFCs from package
 + Servlet log has been diverted to com.mortbay.Base.Log.event() Thus debug
   does not need to be turned on to see servlet logs.
 + Session URL encoding fixed for relative URLs.

jetty-2.1.4 - 26 March 1999
 + fixed bug in getRealPath
 + Fixed problem compiling PathMap under some JDKs.
 + getPathTranslated now call getRealPath with pathInfo (as per spec).
 + HttpRequest attributes implemented.
 + pathInfo returns null for zero length pathInfo (as per spec). Sorry if this
   breaks your servlets - it is a pain!
 + Reduced HTML dependence in HTTP package to allow minimal configuration
 + Session max idle time implemented.
 + Tightened license agreement so that binary distributions are required to
   include the license file.

jetty-2.1.3 - 19 March 1999
 + Added support for suffixes to PathMap
 + Included GNUJSP implementation of Java Server Pages
 + Use Java2 javadoc

jetty-2.1.2 - 09 March 1999
 + API documentation for JSDK 2.1.1
 + Cascading style sheet HTML element added.
 + Converted most servlets to HttpServlets using do Methods.
 + Fixed trailing / bug in FileHandler (again!).
 + JSDK 2.1.1

jetty-2.1.1 - 05 March 1999
 + com.mortbay.Base.DateCache class added and used to speed date handling.
 + Fast char buffer handling in HttpInputStream
 + Faster version of HttpHeader.read()
 + Faster version of HttpInputStream.readLine().
 + Faster version of HttpRequest
 + Handle '.' in configured paths (temp fix until PropertyTrees)
 + Reduced number of calls to getRemoteHost for optimization
 + Size all StringBuffers

jetty-2.1.0 - 22 February 1999
 + Deprecated com.mortbay.Util.STF
 + getServlet methods return null.
 + image/jpg -> image/jpeg
 + PropertyTrees (see new Demo page)
 + ServletDispatch (see new Demo page)
 + Session URL Encoding

jetty-2.1.B1 - 13 February 1999
 + Added video/quicktime to default MIME types.
 + Fixed bug with if-modified-since in FileHandler
 + Fixed bug with MultipartRequest.
 + Implemented getResource and getResourceAsStream (NOT Tested!).
 + Implemented Handler translations and getRealPath.
 + Implemented RequestDispatcher (NOT Tested!).
 + Improved handling of File.separator in FileHandler.
 + Replace package com.mortbay.Util.Gateway with class
   com.mortbay.Util.InetGateway
 + Updated DefaultExceptionHandler.
 + Updated InetAddrPort.
 + Updated URI.

jetty-2.1.B0 - 30 January 1999
 + Added plug gateway classes com.mortbay.Util.Gateway
 + Added support for PUT, MOVE, DELETE in FileHandler
 + FileHandler now sets content length.
 + Fixed command line bug with SimpleServletConfig
 + Minor changes to support MS J++ and its non standard language extensions -
   MMMmmm should have left it unchanged!
 + Uses JSDK2.1 API, but not all methods implemented.

jetty-2.0.5 - 15 December 1998
 + added getHeaderNoParams
 + Temp fix to getCharacterEncoding

jetty-2.0.4 - 10 December 1998
 + Implement getCharacterEncoding
 + Improved default Makefile behaviour
 + Improved error code returns
 + Portability issues solved for Apple's
 + Removed MORTBAY_HOME support from Makefiles
 + Use real release of JSDK2.0 (rather than beta).

jetty-2.0.3 - 13 November 1998
 + Fix bug with index files for Jetty.Server. Previously servers configured
   with com.mortbay.Jetty.Server would not handle index.html files.  Need to
   make this configurable in the prp file.
 + Fixed errors in README file: com.mortbay.Jetty.Server was called
   com.mortbay.HTTP.Server
 + Limit threads in ThreadedServer and low priority listener option greatly
   improve performance under worse case loads.

jetty-2.0.2 - 01 November 1998
 + Add thread pool to threaded server for significant performance improvement.
 + Buffer files during configuration
 + Buffer HTTP Response headers.
 + Use JETTY_HOME rather than MORTBAY_HOME for build environment

jetty-2.0.1 - 27 October 1998
 + Released under an Open Source license.

jetty-2.0.0 - 25 October 1998
 + Added multipart/form-data demo.
 + Fixed Code.formatObject handling of null objects.
 + Removed Chat demo (too many netscape dependencies).
 + Removed exceptional case from FileHandler redirect.

jetty-2.0.Beta3 - 29 September 1998
 + Added com.mortbay.HTTP.MultiPartRequest to handle file uploads
 + Added com.mortbay.Jetty.Server (see README.Jetty)
 + Demo converted to an instance of com.mortbay.Jetty.Server
 + Fixed Log Handler again.
 + Ignore exception from HttpListener
 + Properly implemented multiple listening addresses
 + Send 301 for directories without trailing / in FileHandler

jetty-2.0Beta2 - 01 July 1998
 + Fixed Log Handler for HTTP/1.1
 + Slight improvement in READMEEs

jetty-2.0Beta1 - 01 June 1998
 + Fixed bug with calls to service during initialization of servlet
 + Handle full URLs in HTTP requests (to some extent)
 + Improved performance of Code.debug() calls, significantly in the case of non
   matching debug patterns.
 + Improved performance with special asciiToLowerCase
 + Provided addSection on com.mortbay.HTML.Page
 + Provided reset on com.mortbay.HTML.Composite.
 + Proxy demo in different server instance
 + Warn if MSIE used for multi part MIME.

jetty-2.0Alpha2 - 01 May 1998
 + Added date format to Log
 + Added timezone to Log
 + Handle params in getIntHeader and getDateHeader
 + Handle Single Threaded servlets with servlet pool
 + JDK1.2 javax.servlet API
 + Removed HttpRequest.getByteContent
 + Use javax.servlet.http.Cookie
 + Use javax.servlet.http.HttpSession
 + Use javax.servlet.http.HttpUtils.parsePostData

jetty-1.3.5 - 01 May 1998
 + Added date format to Log
 + Correct handling of multiple parameters
 + Debug triggers added to com.mortbay.Base.Code
 + Fixed socket inet bug in FTP

jetty-2.0Alpha1 - 08 April 1998
 + accept chunked data
 + Add HTTP/1.1 Date: header
 + Correct formatting of Date HTTP headers
 + Debug triggers added to com.mortbay.Base.Code
 + Fixed forward bug with no port number
 + handle extra spaces in HTTP headers
 + Handle file requests with If-Modified-Since: or If-Unmodified-Since:
 + Handle HEAD properly
 + Handle HTTP/1.1 Host: header
 + HttpTests test harness
 + persistent connections
 + Really fixed handling of multiple parameters
 + Removed HttpRequestHeader class
 + Requires Host: header for 1.1 requests
 + Send 100 Continue for HTTP/1.1 requests (concerned about push???)
 + Send Connection: close
 + Sends chunked data for 1.1 responses of unknown length.

jetty-1.3.4 - 15 March 1998
 + Dump servlet enhanced to exercise these changes.
 + Fixed handling of multiple parameters in query and form content.
   "?A=1%2C2&A=C%2CD" now returns two values ("1,2" & "C,D") rather than 4.
 + ServletHandler now takes an optional file base directory name which is used
   to set the translated path for pathInfo in servlet requests.

jetty-1.3.3 - 01 March 1998
 + Closed exception window in HttpListener.java
 + Fixed TableForm.addButtonArea bug.
 + TableForm.extendRow() uses existing cell

jetty-1.3.2 - 20 February 1998
 + Added per Table cell composite factories
 + Fixed proxy bug with no port number

jetty-1.3.1 - 12 February 1998
 + Better handling of InvocationTargetException in debug
 + ForwardHandler only forwards as http/1.0 (from Tobias.Miller)
 + Improved parsing of stack traces
 + Minor fixes in SmtpMail
 + Minor release adjustments for Tracker

jetty-1.3.0 - 03 February 1998
 + Added DbAdaptor to JDBC wrappers
 + Beta release of Tracker

jetty-1.2.0 - 22 January 1998
 + Alternate look and feel for Jetty
 + Better Debug configuration
 + DebugServlet
 + Fixed install bug for nested classes
 + Reintroduced STF

jetty-1.1.1 - 13 January 1998
 + Improved documentation

jetty-1.1 - 09 January 1998
 + Improved connection caching in java.mortbay.JDBC
 + Moved HttpCode to com.mortbay.Util

jetty-1.0.1 - 06 January 1998
 + Bug fixes

jetty-1.0 - 01 January 1998
 + MBServlerV5 renamed to Jetty
 + First release in com.mortbay package structure
 + Included Util, JDBC, HTML, HTTP, Jetty MBServler-V4.5Beta + Using It
   JSDK1.0Beta API + Improved HTML package. + Filter mechanism inspired by
   JigSaw MBServler-V4
 + JeevesA1.2 servlet API
 + Better configuration and setup for embedding in other Java applications.
 + Util classes from Intelligent Switched Systems. MBServler-V1 / IssueTracker
   3.1
 + The IssueTracker HTTP server has been separated from the Issue Tracker
   application and updated to the java.servlet interface. It is now called
   MBServler
 + JDBC module IssueTracker-2.0
 + Faster HTTP server
 + Basic authentication
 + User management IssueTracker-1.0 - Jan 1995
 + Won the Australian Java Programming Contest!
 + HTTP Server
 + Issue tracking application