HTTP/2 Bomb Vulnerability

The focus on security has recently seen an explosion (pun intended), mostly due to the use of AI, for good and for bad — the bad due to AI slop. The Jetty Project takes security reports very seriously: we verify them against Jetty, and if Jetty is found to be Read more

By Simone Bordet, ago

End of Life: Changes to Eclipse Jetty and CometD

Webtide (https://webtide.com) is the company behind the open-source Jetty and CometD projects. Since 2006, Webtide has fully funded the Jetty and CometD projects through services and support, including migration assistance, production support, developer assistance, and CVE resolution.  First, the change. Starting January 1, 2026, Webtide will no longer publish releases Read more

Security Audit with Trail of Bits

Several months ago, the Eclipse Foundation approached the Eclipse Jetty project with the offer of a security audit. The effort was being supported through a collaboration with the Open Source Technology Improvement Fund (OSTIF), with the actual funding coming from the Alpha-Omega Project. Upon reflection, this collaboration could not have Read more

New Jetty 12 Maven Coordinates

Now that Jetty 12.0.1 is released to Maven Central, we’ve started to get a few questions about where some artifacts are, or when we intend to release them (as folks cannot find them). Things have change with Jetty, starting with the 12.0.0 release. First, is that our historical versioning of Read more

Introducing Jetty-12

For the last 18 months, Webtide engineers have been working on the most extensive overhaul of the Eclipse Jetty HTTP server and Servlet container since its inception in 1995. The headline for the release of Jetty 12.0.0 could be “Support for the Servlet 6.0 API from Jakarta EE 10“, but Read more

By gregw, ago

Jetty HTTP/3 Support

Introduction HTTP/3 is the next iteration of the HTTP protocol. HTTP/1.0 was released in 1996 and HTTP/1.1 in 1997; HTTP/1.x is a fairly simple textual protocol based on TCP, possibly wrapped in TLS, that experienced over the years a tremendous growth that was not anticipated in the late ’90s. With Read more

By Simone Bordet, ago

UnixDomain Support in Jetty

UnixDomain sockets support was added in Jetty 9.4.0, back in 2015, based on the JNR UnixSocket library. The support for UnixDomain sockets with JNR was experimental, and has remained so until now. In Jetty 10.0.7/11.0.7 we re-implemented support for UnixDomain sockets based on JEP 380, which shipped with Java 16. Read more

By Simone Bordet, ago