Jetty Project and TCK

The Jetty project has a long history of participating in the standardization of EExx (previously JEE) specifications such as Servlet and Websocket. Jakarta renaming After the donation of TCK source code by Oracle to Eclipse Foundation, the EE group has decided to change the historical Java package names from javax.servlet Read more…

Indexing/Listing Vulnerability in Jetty

If you are using DefaultServlet or ResourceHandler with indexing/listing, then you are vulnerable to a variant of XSS behaviors surrounding the use of injected HTML element attributes on the parent directory link. We recommend disabling indexing/listing or upgrading to a non-vulnerable version. To disable indexing/listing: If using the DefaultServlet (provided Read more…

Eat What You Kill without Starvation!

Jetty 9 introduced the Eat-What-You-Kill[n]The EatWhatYouKill strategy is named after a hunting proverb in the sense that one should only kill to eat. The use of this phrase is not an endorsement of hunting nor killing of wildlife for food or sport.[/n] execution strategy to apply mechanically sympathetic techniques to the Read more…

CometD 4.0.0 Released

The CometD Project is happy to announce the availability of CometD 4.0.0. CometD 4.0.0 builds on top of the CometD 3.1.x series, bringing improvements and new features. You can find a migration guide at the official CometD documentation site. What’s new in CometD 4.0.0 The main theme behind CometD 4.0.x Read more…

Fast MultiPart FormData

Jetty’s venerable MultiPartInputStreamParser for parsing MultiPart form-data has been deprecated and replaced by the much more efficient MultiPartFormInputStream, based on a new MultiPartParser. This is much faster, but less forgiving of non-compliant format. So we have implemented a legacy mode to access the old parser, but with enhancements to make Read more…