| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: jetty-annotations | Distribution: openSUSE Tumbleweed |
| Version: 9.4.58 | Vendor: openSUSE |
| Release: 3.1 | Build date: Fri Mar 6 20:51:04 2026 |
| Group: Productivity/Networking/Web/Servers | Build host: reproducible |
| Size: 84207 | Source RPM: jetty-minimal-9.4.58-3.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.eclipse.org/jetty/ | |
| Summary: The annotations module for Jetty | |
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms. This package contains The annotations module for Jetty.
Apache-2.0 OR EPL-1.0
* Fri Mar 06 2026 Fridrich Strba <fstrba@suse.com>
- Added patch:
* jetty-CVE-2025-11143.patch
+ upstream patch fixing bsc#1259242 (CVE-2025-11143):
Different parsing of invalid URIs
* Fri Aug 22 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to version 9.4.58.v20250814
* Changes
+ #13461 - 9.4.x HTTP2Session cleanups - Addresses
CVE-2025-5115, bsc#1244252
+ #13261 - Improve handling of failed HTTP/2 requests
+ #461 - Move ServletTester to the test source directory
* Mon May 26 2025 Fridrich Strba <fstrba@suse.com>
- Upgrade to version 9.4.57.v20241219
* Security fixes:
+ CVE-2024-6763, bsc#1231652: the HttpURI class does
insufficient validation on the authority segment of a URI
+ CVE-2024-13009, bsc#1243271: Gzip Request Body Buffer
Corruption
* Changes:
+ #12268 - IteratingCallback may iterate too much when process()
returns Action.IDLE
+ #12648 - Backport improved handling of bad Gzip content (and
Gzip Exceptions)
+ #12532 - Backport of deprecation of UserInfo on URI (in
violation of RFC2616 spec)
* Mon Nov 11 2024 Fridrich Strba <fstrba@suse.com>
- Added patch:
* jetty-port-to-servlet-4.0.patch
+ Fix build against the javax.servlet-api 4.x
* Thu Oct 17 2024 Fridrich Strba <fstrba@suse.com>
- Package the infrastructure pom artifacts too
* Thu Oct 17 2024 Anton Shvetz <shvetz.anton@gmail.com>
- Fix the Group tag for jetty-server subpackage
- Clean up spec files
* Tue Oct 15 2024 Fridrich Strba <fstrba@suse.com>
- Upgrade to version 9.4.56.v20240826
* Security fixes:
+ CVE-2024-8184, bsc#1231651, ThreadLimitHandler.getRemote()
vulnerable to remote DoS attacks
* Changes:
+ #12201 backport ThreadLimitHandler improvements from Jetty 12
+ #11938 - Updating URL refs from eclipse.org/jetty and
eclipse.dev/jetty to jetty.org (including XML dtd references)
+ #10805 - Jetty response with an invalid HTTP2 packet if the
client set the hpack table size as 0
* Tue Feb 27 2024 Fridrich Strba <fstrba@suse.com>
- Upgrade to version 9.4.54.v20240208
* Security fixes
+ CVE-2024-22201, bsc#1220437: HTTP/2 connection not closed
after idle timeout when TCP congested
* Other changes
+ #1256 DoSFilter leaks USER_AUTH entries
+ #11389 Strip default ports on ws/wss scheme uris too
* Mon Oct 30 2023 Fridrich Strba <fstrba@suse.com>
- Do not force Java 11 to build on i586
* Thu Oct 12 2023 Fridrich Strba <fstrba@suse.com>
- Upgrade to version 9.4.53.v20231009
* Fixes of 9.4.53.v20231009
+ CVE-2023-44487, bsc#1216169
+ CVE-2023-36478, bsc#1216162
+ #10679 - backport HTTP/2 rate control from Jetty 10.0.x
+ #10573 - backport hpack improvements from Jetty 10.0.x
+ #10546 - backport jetty-http Huffman encoders/decoders from
Jetty 10.0.x
* Fixes of 9.4.52.v20230823
+ #10352 - Jetty accepts "+" prefixed value in Content-Length
(CVE-2023-40167, bsc#1215417)
+ #10337 - SizeLimitHandler does not enforce 0 responseLimit
+ #10169 - make sure that a ServiceLoader is retrieved before
iterating
+ #10066 - Allow SAXParserFactory or SAXParser to be configured
in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh
workaround
+ #9887 - Deprecate CGI Servlet (CVE-2023-36479, bsc#1215415)
+ #9716 - Deprecate PushSessionCacheFilter
+ #9660 - OpenId Revoked authentication allows one request
(CVE-2023-41900, bsc#1215416)
+ #9476 - onCompleteFailure called multiple times
* Sat Sep 09 2023 Fridrich Strba <fstrba@suse.com>
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
* Sun May 21 2023 Fridrich Strba <fstrba@suse.com>
- Update to version 9.4.51.v20230217
* Fixes of 9.4.49.v20220914:
+ #8578 - getRequestURL can append "null" if getRequestURI is
unspecified in an authority-form request-target
+ #8493 - Review HTTP client feature setRemoveIdleDestinations
* Fixes of 9.4.50.v20221201:
+ #8774 - Added SizeLimitHandler
+ #8678 - Jetty client is not responding to GO_AWAY packet
received from (Jetty) Server and continue to send traffic on
same connection
* Fixes of 9.4.51.v20230217:
+ #9352 - Update / Fix CookieCutter
+ #9345 - Backport Multipart Fix for CVE-2023-26048, bsc#1210620
+ #9352 - Backport Cookie Parsing Fix for CVE-2023-26049,
bsc#1210621
* Thu May 04 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
/usr/share/java/jetty /usr/share/java/jetty/jetty-annotations.jar /usr/share/maven-metadata/jetty-minimal-jetty-annotations.xml /usr/share/maven-poms/jetty /usr/share/maven-poms/jetty/jetty-annotations.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Apr 16 22:22:26 2026