CometD 5.0.3, 6.0.0 and 7.0.0

Following the releases of Eclipse Jetty 10.0.0 and 11.0.0, the CometD project has released versions 5.0.3, 6.0.0 and 7.0.0. CometD 5.0.x Series CometD 5.0.x, of which the latest is the newly released 5.0.3, require at least Java 8 and it …

Reactive HttpClient 1.1.5, 2.0.0 and 3.0.0

Following the releases of Eclipse Jetty 10.0.0 and 11.0.0, the Reactive HttpClient project — introduced back in 2017 — has released versions 1.1.5, 2.0.0 and 3.0.0. Reactive HttpClient 1.1.x Series Reactive HttpClient Versions 1.1.x, of which the latest is the …

Jetty 10 and 11 Have Arrived!

The Eclipse Jetty team is proud to announce the release of Jetty 10 and Jetty 11! Let’s first get into the details of Jetty 10, which includes a huge amount of enhancements and upgrades. A summary of the changes follows. …

Object Pooling, Benchmarks, and Another Way

Context The Jetty HTTP client internally uses a connection pool to recycle HTTP connections, as they are expensive to create and dispose of. This is a well-known pattern that has proved to work well. While this pattern brings great benefits, …

Jetty, ALPN & Java 8u252

Introduction The Jetty Project provided to the Java community support for NPN first (the precursor of ALPN) in Java 7, and then support for ALPN in Java 8. The ALPN support was implemented by modifying sun.security.ssl classes, and this required …

Renaming Jetty from javax.* to jakarta.*

The Issue The Eclipse Jakarta EE project has not obtained the rights from Oracle to extend the Java EE APIs living in the javax.* package. As such, the Java community is faced with a choice between continuing to use the …

Indexing/Listing Vulnerability in Jetty

If you are using DefaultServlet or ResourceHandler with indexing/listing, then you are vulnerable to a variant of XSS behaviors surrounding the use of injected HTML element attributes on the parent directory link. We recommend disabling indexing/listing or upgrading to a …

Eat What You Kill without Starvation!

Jetty 9 introduced the Eat-What-You-Kill[n]The EatWhatYouKill strategy is named after a hunting proverb in the sense that one should only kill to eat. The use of this phrase is not an endorsement of hunting nor killing of wildlife for food …

OpenJDK 11 and TLS 1.3 issues

At the Jetty Project we have been getting reports from the community as well as seeing random failures of load tests and benchmarks that were using TLS, and the failures were only happening with Java 11 (any version up to …

Running Jetty on the JPMS module-path

Jetty and the Java Module System. Java 9 introduced the arguably biggest change in the Java platform since its inception, the Java Module System (a.k.a. Project Jigsaw, or Java Platform Module System – JPMS). The Java Module System primarily targets …