You are on page 1of 68


26 10 November 2010
+ JETTY-748 Prevent race close of socket by old acceptor threads
+ JETTY-1239 HTAccessHandler [allow from] does not work
+ JETTY-1291 Extract query parameters even if POST content consumed
+ JETTY-1293 Avoid usage of String.split
+ JETTY-1296 Always clear changes list in selectManager
Jetty-6.1.26.RC0 20 October 2010
+ JETTY-547 Improved usage of shutdownOutput before close.
+ JETTY-912 add per exchange timeout
+ JETTY-1051 offer jetty.skip flag for maven plugin
+ JETTY-1096 exclude maven and plexus classes from jetty plugin
+ JETTY-1248 Infinite loop creating temp MultiPart files
+ JETTY-1264 Idle timer deadlock
+ JETTY-1271 Handle unavailable request
+ JETTY-1278 J2se6 SPI filter handling fix
+ JETTY-1283 Allow JSONPojoConvertorFactory to set fromJSON
+ JETTY-1287 rewrite handler thread safe issue resolved
+ JETTY-1288 info when atypical classloader set to WebAppContext
+ JETTY-1289 MRU cache for filter chains
+ JETTY-1292 close input streams after keystore.load()
+ 325468 Clean work webapp dir before unpack
+ 327109 Fixed AJP handling of empty packets
+ 327562 Implement all X-Forwarded headers in ProxyServlet
Jetty-6.1.25 26 July 2010
+ Jetty-6 is now in maintenance mode.
+ JETTY-1212 Long content lengths
+ JETTY-1214 Avoid ISE when scavenging invalid session
+ JETTY-1223 DefaultServlet: NPE when setting relativeResourceBase and resource
Base is not set
+ JETTY-1226 javax.activation needs to be listed in the system classes
+ JETTY-1237 Remember local/remote details of endpoint
+ JETTY-1251 protected against closed selector
+ COMETD-112 if two threads create the same channel, then create events may occ
ur after subscribe events
+ 320264 Removed duplicate entries
jetty-6.1.24 21 April 2010
+ JETTY-903 Stop both caches
+ JETTY-1198 reset idle timeout on request body chunks
+ JETTY-1200 SSL NIO Endpoint wraps non NIO buffers
+ JETTY-1211 SetUID loadlibrary name and debug
+ 308925 Protect the test webapp from remote access
+ COMETD-99 ClientImpl logs exceptions in listeners with "debug" level
+ COMETD-100 ClientImpl logs "null" as clientId
+ COMETD-107 Reloading the application with reload extension does not fire /met
a/connect handlers until long poll timeout expires
+ Upgraded to cometd 1.1.1 client
jetty-6.1.23 2 April 2010
+ JSON parses NaN as null
+ Updated JSP to 2.1.v20091210
+ COMETD-28 Improved concurrency usage in Bayeux and channel handling
+ COMETD-46 reset ContentExchange content on resend
+ COMETD-58 Extension.rcv() return null causes NPE in AbstractBayeux.PublishHan
+ COMETD-59 AcknowledgeExtension does not handle null channel in Message
+ COMETD-62 Delay add listeners until after client construction
+ 296569 removeLifeCycleListener() has no effect


292800 ContextDeployer - recursive setting is undone by FilenameFilter

300178 HttpClients opens too many connections that are immediately closed
304658 Inconsistent Expires date format in Set-Cookie headers with maxAge=0
304698 org.eclipse.jetty.http.HttpFields$DateGenerator.formatCookieDate() use
s wrong (?) date format
+ 306331 Session manager is kept after call to doScope
+ 306840 suppress content-length in requests without content
+ 307847 Fixed combining mime type parameters
+ Remove references to old content in HttpClient client tests for
+ JETTY-875 Allow setting of advice field in response to Handshake
+ JETTY-983 Range handling cleanup
+ JETTY-1133 Handle multiple URL ; parameters
+ JETTY-1134 BayeuxClient: Connect msg should be sent as array
+ JETTY-1149 transient should be volatile in AbstractLifeCycle
+ JETTY-1153 System property for UrlEncoded charset
+ JETTY-1155 HttpConnection.close notifies HttpExchange
+ JETTY-1156 SSL blocking close with JVM Bug busy key fix
+ JETTY-1157 Don't hold array passed in write(byte[])
+ JETTY-1158 NPE in StdErrLog when Throwable is null
+ JETTY-1161 An Extension that measures round-trip delay for cometd messages.
+ JETTY-1162 Add support for async/sync message delivery to BayeuxClient
+ JETTY-1163 AJP13 forces 8859-1 encoding
+ JETTY-1168 Don't hold sessionIdManager lock when invalidating sessions
+ JETTY-1170 NPE on client when server-side extension returns null
+ JETTY-1174 Close rather than finish Gzipstreams to avoid JVM leak
+ JETTY-1174 Memory leak in ChannelImpl/ContinuationClient
+ JETTY-1175 NPE in TimesyncExtension
+ JETTY-1176 NPE in StatisticsExtension if client is null
+ JETTY-1177 Allow error handler to set cacheControl
+ JETTY-1178 Make continuation servlet to log the incoming JSON in case of pars
ing errors
+ JETTY-1180 Extension methods are wrongly called
+ JETTY-1182 COMETD-76 do not lock client while sending messages.
+ JETTY-1182 Reduce synchronization in ContinuationCometdServlet
+ JETTY-1183 AcknowledgedMessagesClientExtension does not handle correctly mess
age resend when client long polls again
+ JETTY-1186 Better document JMX setup in jetty-jmx.xml
+ JETTY-1188 Null old jobs in QueuedThreadPool
+ JETTY-1191 Limit size of ChannelId cache
+ JETTY-1192 Fixed Digested POST and HttpExchange onRetry
+ JETTY-1193 Exception details are lost in AbstractCometdServlet.getMessages
+ JETTY-1195 Coalesce buffers in ChannelEndPoint.flush()
+ JETTY-1196 Enable TCP_NODELAY by default in client connectors
+ JETTY-1197 SetUID module test fails when using Java 1.6 to build
+ JETTY-1199 FindBugs cleanups
+ JETTY-1205 Memory leak in browser-to-client mapping
+ JETTY-1207 NPE protection in FormAuthenticator
+ JETTY-1202 Use platfrom default algorithm for SecureRandom
jetty-6.1.22 16 November 2009
+ Fixed XSS issue in demo CometDump servlet
+ JETTY-937 More JVM bug work arounds. Insert pause if all else fails
+ JETTY-983 Send content-length with multipart ranges
+ JETTY-1120 Requests with no body are treated as complete even if there's a LF
left to read
+ JETTY-1121 Merge Multipart query parameters
+ JETTY-1122 Handle multi-byte utf that causes buffer overflow
+ JETTY-1129 Filter control characters out of StdErrLog
+ JETTY-1135 Handle connection closed before accepted during JVM bug work aroun


JETTY-1144 Fixed multi-byte character overflow

JETTY-1148 Reset partially read request reader.
289221 HttpExchange does not timeout when using blocking connector
290761 HttpExchange.waitForDone()
291340 state==HEADER (Race condition in onException() notifications)
292546 Proactively enforce HttpClient idle timeout
CVE-2009-3555 Prevent SSL renegotiate for SSL vulnerability

jetty-6.1.21 22 September 2009

+ JETTY-719 Document state machine of jetty http client
+ JETTY-933 State == HEADER in client
+ JETTY-936 Improved servlet matching and optimized
+ JETTY-1038 ChannelId.isParentOf returns the wrong result
+ JETTY-1061 Catch exceptions from cometd listeners
+ JETTY-1072 maven plugin handles context path not as documented
+ JETTY-1080 modified previous fix for windows
+ JETTY-1084 HEAD command not setting content-type in response under certain ci
+ JETTY-1090 resolve inifinte loop condition for webdav listener
+ JETTY-1092 MultiPartFilter can be pushed into infinite loop
+ JETTY-1093 Request.toString throws exception when size exceeds 4k
+ JETTY-1098 Default form encoding is UTF8
+ JETTY-1099 Improve cookie handling in BayeuxClient
+ JETTY-1100 extend setuid feature to allow setting max open file descriptors
+ JETTY-1102 Wrong usage of deliver() in private chat messages
+ JETTY-1108 SSL EOF detection
+ JETTY-1109 Improper handling of cookies in Terracotta tests
+ JETTY-1112 Response fails if header exceeds buffer size
+ JETTY-1113 IllegalStateException when adding servlet filters programmatically
+ JETTY-1114 Unsynchronize webapp classloader getResource
+ 282543 HttpClient SSL buffer size fix
+ 288055 fix jetty-client for failed listener state machine
+ 288153 reset exchange when resending
+ 288182 PUT request fails during retry
+ Fix DefaultServletTest for windows
+ Update Jetty implementation of*
+ Include tmp directory sweeper in build
+ Streamline jetty-jboss build, update sar to QueuedThreadPool
jetty-6.1.20 27 August 2009
+ JETTY-838 Don't log and throw
+ JETTY-874 Better error on full header.
+ JETTY-960 Support ldaps
+ JETTY-1046 maven-jetty-jspc-plugin keepSources takes affect only in packageRo
+ JETTY-1057 XSS error page
+ JETTY-1065 Add RedirectRegexRule to provide match/replace/group redirect supp
+ JETTY-1066 Send 400 error for request URI parse exceptions
+ JETTY-1068 Avoid busy flush of async SSL
+ JETTY-1069 Adjust Bayeux Java client backoff algorithm
+ JETTY-1070 Java Bayeux Client not sending /meta/disconnect on stop
+ JETTY-1074 JMX thread manipulation
+ JETTY-1077 HashSSORealm shares Principals between UserRealms
+ JETTY-1078 Automatic JSON Pojo Conversion
+ JETTY-1079 ResourceCollection.toString() can throw IllegalStateException
+ JETTY-1080 Ignore files that would be extracted outside the destination direc
tory when unpacking WARs
+ JETTY-1081 Handle null content type in GzipFilter
+ JETTY-1084 Disable GzipFilter for HEAD requests


JETTY-1085 Allow url sessionID if cookie invalid

JETTY-1086 Added UncheckedPrintWriter to avoid ignored EOFs
JETTY-1087 Chunked SSL non blocking input
JETTY-1098 Upgrade jsp to SJSAS-9_1_1-B60F-07_Jan_2009
283513 Check endp.isOpen when blocking read
283818 fixed merge of forward parameters
285006 Fixed NPE in AbstractConnector during shutdown
286535 ContentExchange status code
286911 Clean out cache when recycling HTTP fields
COMETD-7 max latency config for lazy messages
Added getSubscriptions to cometd client
Made unSubscribeAll public on cometd client
Removed clearing of queue in unSubscribeAll for cometd client
Update test-jndi and test-annotation examples for atomikos 3.5.5
Clarified cometd interval timeout and allow per client intervals
Update Main.main method to call setWar
Added DebugHandler

jetty-6.1.19 1 July 2009

+ JETTY-799 shell script for jetty on cygwin
+ JETTY-863 Non blocking stats handler
+ JETTY-937 Further Improvements for sun JVM selector bugs
+ JETTY-970 BayeuxLoadGenerator latency handling
+ JETTY-1011 Grizzly uses queued thread pool
+ JETTY-1028 jetty:run plugin should check for the web.xml from the overlays if
not found in src/main/webapp/WEB-INF/
+ JETTY-1029 Handle quoted cookie paths
+ JETTY-1031 Handle large pipeline
+ JETTY-1033 jetty-plus compiled with jdk1.5
+ JETTY-1034 Cookie parsing
+ JETTY-1037 reimplemented channel doRemove
+ JETTY-1040 jetty.client.HttpConnection does not handle non IOExceptions
+ JETTY-1042 Avoid cookie reuse on shared connection
+ JETTY-1044 add commons-daemon support as contrib/start-daemon module
+ JETTY-1045 Handle the case where request.PathInfo() should be "/*"
+ JETTY-1046 maven-jetty-jspc-plugin keepSources takes affect only in packageRo
+ JETTY-1047 Cometd client can grow cookie headers
+ JETTY-1048 Default servlet can handle partially filtered large static content
+ JETTY-1049 Improved transparent proxy usability
+ JETTY-1054 Avoid double deploys
+ JETTY-1055 Cookie quoting
+ JETTY-1057 Error page stack trace XSS
+ JETTY-1058 Handle trailing / with aliases on
+ JETTY-1062 Don't filter cometd message without data
jetty-6.1.18 16 May 2009
+ JETTY-937 Improved work around sun JVM selector bugs
+ JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment
+ JETTY-1008 ContinuationBayeux destroy is called
+ JETTY-1013 MySql Error with JDBCUserRealm
+ JETTY-1014 Enable start-stop-daemon by default on (START_STOP_DAEMON
+ JETTY-1015 Reduce BayeuxClient and HttpClient lock contention
+ JETTY-1017 HttpDestination has too coarse locking
+ JETTY-1018 Denial of Service Filter
+ JETTY-1020 ZipException in org.mortbay.jetty.webapp.TagLibConfiguration preve
nts all contexts from being loaded
+ JETTY-1022 Removed several 1.5isms

Jetty-5.1.15 - 18 May 2009

+ JETTY-418 synchronized load class
+ JETTY-1004 CERT VU402580 Canonical path handling includes ? in path segment
+ Fixes for CERT438616-CERT237888-CERT21284
jetty-6.1.17 30 April 2009
+ JETTY-936 Make optional dispatching to welcome files as servlets
+ JETTY-937 Work around sun JVM selector bugs
+ JETTY-941 Linux chkconfig hint
+ JETTY-957 Reduce hardcoded versions
+ JETTY-980 Security / Directory Listing XSS present
+ JETTY-982 Make test-jaas-webapp run with jetty:run
+ JETTY-983 Default Servlet sets accept-ranges for cached/gzipped content
+ JETTY-988 X-Forwarded-Host has precedence over X-Forwarded-Server
+ JETTY-989 GzipFilter handles addHeader
+ JETTY-990 Async HttpClient connect
+ JETTY-992 URIUtil.encodePath encodes markup characters
+ JETTY-996 Make start-stop-daemon optional
+ JETTY-997 Remove jpackage-utils dependency on rpm install
+ JETTY-980 Fixed ResourceHandler ? handling, and bad URI creation in listings
+ JETTY-985 Allow listeners to implement both interfaces
+ JETTY-1000 Avoided needless 1.5 dependency
+ JETTY-1002 cometd-api to 1.0.beta8
+ JETTY-1003 java.lang.IllegalArgumentException: timeout can't be negative
+ JETTY-1004 CERT VU#402580 Canonical path handling includes ? in path segment
+ JETTY-1006 Resume meta connect on all XD messages
+ JETTY-702
+ JETTY-899
+ JETTY-936
+ JETTY-944
+ JETTY-946
+ JETTY-947
+ JETTY-948
+ JETTY-949
+ JETTY-953
+ JETTY-956
+ JETTY-959
+ JETTY-964
+ JETTY-972
+ JETTY-973

1 April 2009
Create "jetty-tasks.xml" for the Ant plugin
Standardize location for configuration files which go into etc
Allow dispatch to welcome files that are servlets
Lazy messages don't prevent long polls waiting
Redeploys with maven jetty plugin of webapps with overlays don't wo

+ JETTY-931
+ JETTY-934
+ JETTY-938
+ JETTY-939
+ JETTY-923
+ JETTY-924
+ JETTY-925
+ JETTY-926

4 March 2009
Fix issue with jetty-rewrite.xml
fixed stop/start of Bayeux Client
Deadlock in the TerracottaSessionManager
NPE in AbstractConfiguration.callPreDestroyCallbacks
BayeuxClient uses message pools to reduce memory footprint
Improved BayeuxClient disconnect handling
Lazy bayeux messages
default location for generatedClasses of jspc plugin is incorrect

Exception stops terracotta session scavenger

ConcurrentModificationException in TerracottaSessionManager scaveng
Move cometd source to project
SSL keystore file input stream is not being closed directly
SslSelectChannelConnector - password should be the default value of
if not specified
CGI servlet doesn't kill the CGI in case the client disconnects
Typo in Jetty 6.1.15 Manifest - Bundle-RequiredExcutionEnvironment
Move cometd code back from project (temporarily)
Deliver same message to a collection of cometd Clients

jetty-6.1.15.rc5 26 February 2009

+ JETTY-811 fixed @parameter
+ JETTY-915 Incorrect/Duplicate Logger implementation printed out on initializa

+ JETTY-917 Change for JETTY-811 breaks systemProperties config parameter in ma

+ JETTY-920 JETTY-921 Fixed cometd unsubscribeAll deadlock
+ JETTY-922 Fixed NPE on getRemoteHost when socket closed
jetty-6.1.15.rc4 19 February 2009
+ JETTY-496 Support inetd/xinetd through use of System.inheritedChannel()
+ JETTY-713 Expose additional AbstractConnector methods via MBean
+ JETTY-749 Improved ack extension
+ JETTY-811 Allow configuration of system properties for the maven plugin using
a file
+ JETTY-840 add default mime types to *.htc and *.pps
+ JETTY-848 Temporary folder not fully cleanup after stop (via Sweeper)
+ JETTY-872 Handshake handler calls wrong extension callback
+ JETTY-879 Support extra properties in jQuery comet implementation
+ JETTY-802 Modify the default error pages to make association with Jetty clear
+ JETTY-869 NCSARequestLog locale config
+ JETTY-870 NullPointerException in Response when performing redirect to wrong
relative URL
+ JETTY-878 Removed printStackTrace from WaitingContinuation
+ JETTY-882 ChannelBayeuxListener called too many times
+ JETTY-884 Use hashcode for threadpool ID
+ JETTY-815 Add comet support to jQuery javascript library
+ JETTY-887 Split configuration and handshaking in jquery comet
+ JETTY-888 Fix abort in case of multiple outstanding connections
+ JETTY-894 Add android .apk to mime types
+ JETTY-898 Allow jetty debs to start with custom java args provided by users
+ JETTY-909 Update useragents cache
jetty-6.1.15.rc3 28 January 2009
+ JETTY-691 System.getProperty() calls ... wrap them in doPrivileged
+ JETTY-844 Replace reflection with direct invocation in Slf4jLog
+ JETTY-861 switched buffer pools to ThreadLocal implementation
+ JETTY-866 jetty-client test case fix
jetty-6.1.15.rc2 23 January 2009
+ adjustment to jetty-client assembly packaging
+ JETTY-567 Delay in initial TLS Handshake With FireFox 3 beta5 and SslSelectCh
jetty-6.1.15.pre0 20 January 2009
+ JETTY-600 Automated tests of WADI integration + upgrade to WADI 2.0
+ JETTY-749 Reliable message delivery
+ JETTY-794 WADI integration tests fail intermittently.
+ JETTY-781 Add "mvn jetty:deploy-war" for deploying a pre-assembled war
+ JETTY-795 NullPointerException in
+ JETTY-798 Jboss session manager incompatible with LifeCycle.Listener
+ JETTY-801 Bring back 2 arg EnvEntry constructor
+ JETTY-802 Modify the default error pages to make association with Jetty very
+ JETTY-804 HttpClient timeout does not always work
+ JETTY-806 Timeout related Deadlocks in HTTP Client
+ JETTY-807 HttpTester to handle charsets
+ JETTY-808 cometd client demo
+ JETTY-809 Need a way to customize WEB-INF/lib file extensions that are added
to the classpath
+ JETTY-814 Add org.mortbay.jetty.client.Address.toString()
+ JETTY-816 Implement reconnect on java bayeux client
+ JETTY-817 Aborted SSL connections may cause jetty to hang with full cpu

+ JETTY-819 Jetty Plus no more jre 1.4

+ JETTY-821 Allow lazy loading of persistent sessions
+ JETTY-824 Access to inbound byte statistics
+ JETTY-825 URL decoding of spaces (+) fails for encoding not utf8
+ JETTY-827 Externalize servlet api
+ JETTY-830 Add ability to reserve connections on http client
+ JETTY-831 Add ability to stop java bayeux client
+ JETTY-832 More UrlDecoded handling in relation to JETTY-825
+ JETTY-833 Update debian and rpm packages for new jsp-2.1-glassfish jars and s
ervlet-api jar
+ JETTY-834 Configure DTD does not allow <Map> children
+ JETTY-837 Response headers set via filter are ignored for static resources
+ JETTY-841 Duplicate messages when sending private message to yourself with co
metd chat demo
+ JETTY-842 NPE in jetty client when no path component
+ JETTY-843 META-INF/MANIFEST.MF is not present in unpacked webapp
+ JETTY-852 Ensure handshake and connect retried on failure for jquery-cometd
+ JETTY-854 JNDI scope does not work with applications in a .war
+ JETTY-855 jetty-client uber assembly support
+ JETTY-858 ContentExchange provides bytes
+ JETTY-859 MultiPartFilter ignores the query string parameters
+ JETTY-862 EncodedHttpURI ignores given encoding in constructor
+ JETTY-630
+ JETTY-748
+ JETTY-765
+ JETTY-777
+ JETTY-778
+ JETTY-779
+ JETTY-782
+ JETTY-783
+ JETTY-784
+ JETTY-787
+ JETTY-788
+ JETTY-790
+ JETTY-791
+ JETTY-792
+ JETTY-793

14 November 2008
jetty6-plus rpm is missing the jetty6-plus jar
Reduced flushing of large content
ensure stop mojo works for all execution phases
include util5 on the jetty debs
handle granular windows timer in lifecycle test
Fixed line feed in request log
Implement interval advice for BayeuxClient
Update jetty self-signed certificate
TerracottaSessionManager leaks sessions scavenged in other nodes
Handle MSIE7 mixed encoding
Fix jotm for new scoped jndi
WaitingContinuations can change mutex if not pending
Ensure jdk1.4 compatibility for jetty-6
TerracottaSessionManager does not unlock new session with requested

+ JETTY-731
+ JETTY-772
+ JETTY-774
+ JETTY-775

4 November 2008
Completed DeliverListener for cometd
Increased default threadpool size to 250
Cached text/json content type
fix port of openspaces to jetty-6

Fixed DataCache millisecond rounding

jetty-6.1.12.rc5 30 October 2008

+ JETTY-703 maxStopTimeMs added to QueuedThreadPool
+ JETTY-762 improved QueuedThreadPool idle death handling
+ JETTY-763 Fixed AJP13 constructor
+ JETTY-766 Ensure SystemProperties set early on jetty-maven-plugin
+ JETTY-767 Fixed SSL Client no progress handshake bug
+ JETTY-768 Remove EnvEntry overloaded constructors
+ JETTY-771 Ensure NamingEntryUtil jdk1.4 compliant
jetty-6.1.12.rc4 21 October 2008
+ JETTY-319 improved passing of exception when webapp unavailable
+ JETTY-729 Backport Terracotta integration to Jetty6.1 branch
+ JETTY-744 Backport of JETTY-741: HttpClient connects slowly due to reverse ad

dress lookup
+ JETTY-747
+ JETTY-755
+ JETTY-758
+ JETTY-759
+ JETTY-760

by InetAddress.getHostName()
Handle exceptions better in HttpClient
Optimized HttpParser and buffers for few busy connections
Update JSP 2.1 to glassfish tag SJSAS-9_1_1-B51-18_Sept_2008
Fixed JSON small negative real numbers
Handle wildcard VirtualHost and normalize hostname in ContextHandle

jetty-6.1.12.rc3 10 October 2008

+ JETTY-241 Support for web application overlays in rapid application developme
nt (jetty:run)
+ JETTY-686 LifeCycle.Listener
+ JETTY-715 AJP key size
+ JETTY-716 NPE for empty cometd message
+ JETTY-718 during ssl unwrap, return true if some bytes were read, even if und
+ JETTY-720 fix HttpExchange.waitForStatus
+ JETTY-721 Support wildcard in VirtualHosts configuration
+ JETTY-722 jndi related threadlocal not cleared after deploying webapp
+ JETTY-723 does not check if TMP already is set
+ JETTY-725 port JETTY-708 (jndi scoping) to jetty-6
+ JETTY-730 set SAX parser features to defaults
+ JETTY-731 DeliverListener for cometd
+ JETTY-732 Case Sensitive Basic Authentication Response Header Implementations
+ JETTY-736 Client Specific cometd advice
+ JETTY-738 If finds a pid file is does not check to see if a process
with that pid is still running
+ JETTY-739 Race in QueuedThreadPool
+ JETTY-742 Private messages in cometd chat demo
jetty-6.1.12rc2 12 September 2008
+ JETTY-282 Support manually-triggered reloading
+ JETTY-331 SecureRandom hangs on systems with low entropy (connectors slow to
+ JETTY-591 No server classes for jetty-web.xml
+ JETTY-670 $JETTY_HOME/bin/ not worked in Solaris, because of /usr/bin
/which has no error-code
+ JETTY-671 Configure DTD does not allow <Property> children
+ JETTY-672 Utf8StringBuffer doesn't properly handle null characters (char with
byte value 0)
+ JETTY-676 ResourceHandler doesn't support HTTP HEAD requests
+ JETTY-677 GWT serialization issue
+ JETTY-680 Can't configure the ResourceCollection with maven
+ JETTY-681 JETTY-692 MultiPartFilter is slow for file uploads
+ JETTY-682 Added listeners and queue methods to cometd
+ JETTY-683 ResourceCollection works for jsp files but does not work for static
resources under DefaultServlet
+ JETTY-687 Issue with servlet-mapping in dynamic servlet invoker
+ JETTY-688 Cookie causes NumberFormatException
+ JETTY-692 JETTY-681 MultiPartFilter is slow for file uploads
+ JETTY-696 ./ restart not working
+ JETTY-698 org.mortbay.resource.JarResource.extract does not close JarInputStr
eam jin
+ JETTY-699 Optimize cometd sending of 1 message to many many clients
+ JETTY-709 Jetty plugin's WebAppConfig configured properties gets overridden b
y AbstractJettyRunMojo even when already set
+ JETTY-710 Worked around poor implementation of File.toURL()
+ JETTY-712 HttpClient does not handle request complete after response complete
jetty-6.1.12rc1 1 August 2008 + Upgrade jsp 2.1 to SJSAS-9_1_02-B04-11_Apr_2008



Get unavailable exception and added startWithUnavailable option

JETTY-622 Multiple Web Application Source Directory
Accessors for mimeType on ResourceHandler
forward of an include should hide include attributes
RewriteHandler support for virtual hosts
GWT OpenRemoteServiceServlet GWT1.5M2+
Consider optionally importing org.apache.jasper.servlet
SelectChannelConnector throws Exception on close on Windows
Proxy authorization support in HttpClient
handle buffers consistently handle invalid index for poke
Handle IPv6 in HttpURI
Added optional threadpool to BayeuxService
better writeTo impl for BIO
Add GigaSpaces session clustering
jetty.class.path not being interpreted
website module now generates site-component for jetty-site
scanner allocated hashmap on every scan
ServletContext.getServerInfo() non compliant
Null protect reading the dtd resource from classloader
Rewrite rule for rewriting scheme
Don't hold timeout lock during expiry call.
OSGi tags for Jetty client
Default form encoding 8859_1 rather than utf-8
Correctly merge request parameters when doing forward
empty date headers throw IllegalArgumentException
JDBC Realm purge cache problem
NPE in LdapLoginModule
LdapLoginModule uses proper filters when searching
Should set Cache-Control header when sending errors to avoid cachin

+ JETTY-647
+ JETTY-650
+ JETTY-651
+ JETTY-654
+ JETTY-655
tp PUT
+ JETTY-656
+ JETTY-657
+ JETTY-658
+ JETTY-659
+ JETTY-660
+ JETTY-663
+ JETTY-665
+ JETTY-666
+ JETTY-667
+ JETTY-669

suspended POSTs with binary data do too many resumes

Parse "*" URI for HTTP OPTIONS request
Release resources during destroy
Allow Cometd Bayeux object to be JMX manageable
Support parsing application/x-www-form-urlencoded parameters via ht

+ JETTY-336
+ JETTY-425
+ JETTY-580
+ JETTY-581
+ JETTY-582
+ JETTY-584
+ JETTY-588
+ JETTY-590
+ JETTY-592
+ JETTY-595

6 June 2008
413 error for full header buffer
race in stopping SelectManager
Fixed SSL shutdown
ContextPath constructor
final ISO_8859_1
handle null contextPath
handle Retry in ServletException
Digest auth domain for root context
expired timeout callback without synchronization
SessionHandler only deals with base request session

HttpClient defaults to async mode

Backport jetty-7 sslengine
backport latest HttpClient from jetty-7 to jetty-6
ContentExchange and missing headers in HttpClient
Backported QoSFilter
AbstractDatabaseLoginModule handle not found UserInfo and userName
Support merging class directories
scanTargetPatterns override the values already being set by scanTar
HttpClient handles chunked content
Http methods other than GET and POST should not have error page con

+ JETTY-596 Proxy support in HttpClient

+ JETTY-598 Added more reliable cometd message flush option
jetty-6.1.10 20 May 2008
+ Use QueuedThreadPool as default
+ JETTY-440 allow file name patterns for jsp compilation for jspc plugin
+ JETTY-529 CNFE when deserializing Array from session resolved
+ JETTY-537 JSON handles Locales
+ JETTY-547 Shutdown SocketEndpoint output before close
+ JETTY-550 Reading 0 bytes corrupts ServletInputStream
+ JETTY-551 Upgraded to Wadi 2.0-M10
+ JETTY-556 Encode all URI fragments
+ JETTY-557 Allow ServletContext.setAttribute before start
+ JETTY-558 optional handling of X-Forwarded-For/Host/Server
+ JETTY-566 allow for non-blocking behavior in jetty maven plugin
+ JETTY-572 unique cometd client ID
+ JETTY-579 osgi fixes with management and servlet resources
jetty-6.1.9 26 March 2008
+ Make javax.servlet.jsp optional osgi import for jetty module
+ Ensure Jotm tx mgr can be found in jetty-env.xml
+ JETTY-399 update OpenRemoteServiceServlet to gwt 1.4
+ JETTY-475 AJP connector in RPMs
+ JETTY-482 update to JETTY-399
+ JETTY-519 HttpClient does not recycle closed connection.
+ JETTY-522 Add build profile for macos for setuid
+ JETTY-525 Fixed decoding for long strings
+ JETTY-526 Fixed MMBean fields on JMX MBeans
+ JETTY-532 MBean properties for QueuedThreadPool
+ JETTY-535 Fixed Bayeux server side client memory leak
+ JETTY-538 test harness fix for windows
+ JETTY-541 Cometd per client timeouts
jetty-6.1.8 28 February 2008
+ Added QueuedThreadPool
+ Optimized QuotedStringTokenizer.quote()
+ further Optimizations and improvements of Cometd
+ Optimizations and improvements of Cometd, more pooled objects
+ Improved Cometd timeout handling
+ Added BayeuxService
+ Cookie support in BayeuxClient
+ Improved Bayeux API
+ add removeHandler(Handler) method to HandlerContainer interface
+ Added JSON.Convertor and non static JSON instances
+ Long cache for JSON
+ Fixed JSON negative numbers
+ JSON unquotes /
+ Add "mvn jetty:stop"
+ allow sessions to be periodically persisted to disk
+ grizzly fixed for posts
+ Add removeHandler(Handler) method to HandlerContainer interface
+ Remove duplicate commons-logging jars and include sslengine in jboss sar
+ Allow code ranges on ErrorPageErrorHandler
+ AJP handles bad mod_jk methods
+ JETTY-350 log ssl errors on SslSocketConnector
+ JETTY-417 JETTY_LOGS environment variable not queried by
+ JETTY-433 ContextDeployer constructor fails unnecessarily when using a securi
ty manager if jetty.home not set
+ JETTY-434 ContextDeployer scanning of sub-directories should be optional


JETTY-481 Handle empty Bayeux response

JETTY-489 Improve doco on the jetty.port property for plugin
JETTY-490 Fixed JSONEnumConvertor
JETTY-491 opendocument mime types
JETTY-492 Null pointer in HashSSORealm
JETTY-493 JSON handles BigDecimals
JETTY-498 Improved cookie parsing
JETTY-507 Fixed encoding from JETTY-388 and test case
JETTY-508 Extensible cometd handlers
JETTY-509 Fixed JSONP transport for changing callback names
JETTY-511 mishandled JETTY_HOME when launched from a relative path
JETTY-512 add slf4j as optional to manifest
JETTY-513 Terracotta session replication does not work when the initial page
each server does not set any attributes
JETTY-515 Timer is missing scavenging Task in HashSessionManager

jetty-6.1.7 - 22 December 2007

+ Added BayeuxService
+ Added JSON.Convertor and non static JSON instances
+ Add "mvn jetty:stop"
+ allow sessions to be periodically persisted to disk
+ Cookie support in BayeuxClient
+ grizzly fixed for posts
+ jetty-6.1 branch created from 6.1.6 and r593 of jetty-contrib trunk
+ Optimizations and improvements of Cometd, more pooled objects
+ Update java5 patch
+ JETTY-386 CERT-553235 backout fix and replaced with ContextHandler.setCompact
+ JETTY-467 allow URL rewriting to be disabled.
+ JETTY-468 unique holder names for addServletWithMapping
+ JETTY-474 Fixed case sensitivity issue with HttpFields
+ JETTY-486 Improved script
+ JETTY-487 Handle empty chunked request
jetty-6.1.6 - 18 November 2007
+ rudimentary debian packaging
+ updated grizzly connector to 1.6.1
+ JETTY-455 Optional cometd id
+ JETTY-459 Unable to deploy from Eclipse into the root context
+ JETTY-461 fixed cometd unknown channel
+ JETTY-464 typo in ErrorHandler
+ JETTY-465 System.exit() in constructor exception for MultiPartOutputStream
jetty-6.1.6rc1 - 5 November 2007
+ Upgrade jsp 2.1 to SJSAS-9_1-B58G-FCS-08_Sept_2007
+ Housekeeping on poms
+ CERT VU#38616 handle single quotes in cookie names.
+ Improved JSON parsing from Readers
+ Moved some impl classes from jsp-api-2.1 to jsp-2.1
+ Added configuration file for capturing stderr and stdout
+ Updated for dojo 1.0(rc) cometd
+ Give bayeux timer name
+ Give Terracotta session scavenger a name
+ Jetty Eclipse Plugin 1.0.1: force copy of context file on redeploy
+ JETTY-388 Handle utf-16 and other multibyte non-utf-8 form content.
+ JETTY-409 String params that denote files changed to File
+ JETTY-438 handle trailing . in vhosts
+ JETTY-439 Fixed 100 continues clash with Connection:close
+ JETTY-451 Concurrent modification of session during invalidate
+ JETTY-443 windows bug causes Acceptor thread to die



removed test code

added setReuseAddress on AbstractConnector
Bad request for response sent to server
CERT VU#237888 Dump Servlet - prevent cross site scripting
updated Wadi to 2.0-M7
handle exceptions with themselves as root cause
allow null keystore for osX
AJP certificate chains

jetty-6.1.6rc0 - 3 October 2007

+ Added jetty.lib system property to start.config
+ AJP13 Fix on chunked post
+ Fix cached header optimization for extra characters
+ SetUID option to support setgid
+ Make mx4j used only if runtime uses jdk<1.5
+ Moved Grizzly to contrib
+ Give deployment file Scanner threads a unique name
+ Fix Host header for async client
+ Fix typo in async client onResponsetHeader method name
+ Tweak OSGi manifests to remove unneeded imports
+ Allow scan interval to be set after Scanner started
+ Add system property
+ Allow properties files on the XmlConfiguration command line.
+ Prevent infinite loop on stopping with temp dir
+ Ensure session is completed only when leaving context.
+ Update terracotta to 2.4.1 and exclude ssl classes
+ Update jasper2.1 to tag SJSAS-9_1-B58C-FCS-22_Aug_2007
+ Removal of unneeded dependencies from management, maven-plugin, naming & plu
s poms
+ Adding setUsername,setGroupname to setuid and mavenizing native build
+ UTF-8 for bayeux client
+ CVE-2007-5615 Added protection for response splitting with bad headers.
+ Cached user agents strings in the /org/mortbay/jetty/useragents resource
+ Make default time format for RequestLog match NCSA default
+ Use terracotta repo for build; make jetty a terracotta module
+ Fix patch for java5 to include cometd module
+ Added ConcatServlet to combine javascript and css
+ Add ability to persist sessions with HashSessionManager
+ Avoid FULL exception in window between blockForOutput and remote close
+ Added JPackage RPM support
+ Added JSON.Convertable
+ Updated README, test index.html file and jetty-plus.xml file
+ JETTY-259 SystemRoot set for windows CGI
+ JETTY-311 avoid json keywords
+ JETTY-376 allow anything but CRLF in reason string
+ JETTY-398 Allow same WADI Dispatcher to be used across multiple web-app conte
+ JETTY-400 consume CGI stderr
+ JETTY-402 keep HashUserRealm in sync with file
+ JETTY-403 Allow long content length for range requests
+ JETTY-404 WebAppDeployer sometimes deploys duplicate webapp
+ JETTY-405 Default date formate for reqest log
+ JETTY-407 AJP handles unknown content length
+ JETTY-413 Make rolloveroutputstream timer daemon
+ JETTY-422 Allow <Property> values to be null in config files
+ JETTY-423 Ensure javax.servlet.forward parameters are latched on first forwar
+ JETTY-425 Handle duplicate stop calls better
+ JETTY-430 improved cometd logging
+ JETTY-431 HttpClient soTimeout

jetty-6.1.5 - 19 Jul 2007

+ Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007
+ Fixed GzipFilter for dispatchers
+ Fixed reset of reason
+ JETTY-392 - updated LikeJettyXml example
jetty-6.1.5rc0 - 15 Jul 200
+ update terracotta session clustering to terracotta 2.4
+ SetUID option to only open connectors before setUID.
+ Protect SslSelectChannelConnector from exceptions during close
+ Improved Request log configuration options
+ Added GzipFilter and UserAgentFilter
+ make OSGi manifests for jetty jars
+ update terracotta configs for tc 2.4 stable1
+ remove call to open connectors in jetty.xml
+ update links on website
+ make jetty plus example webapps use ContextDeployer
+ Dispatch SslEngine expiry (non atomic)
+ Make SLF4JLog impl public, add mbean descriptors
+ SPR-3682 - dont hide forward attr in include.
+ Upgrade to Jasper 2.1 tag SJSAS-9_1-B50G-BETA3-27_June_2007
+ JETTY-253 - Improved graceful shutdown
+ JETTY-373 - Stop all dependent lifecycles
+ JETTY-374 - HttpTesters handles large requests/responses
+ JETTY-375 - IllegalStateException when committed.
+ JETTY-376 - allow spaces in reason string
+ JETTY-377 - allow sessions to be wrapped with AbstractSesssionManager.Session
+ JETTY-378 - handle JVMs with non ISO/UTF default encodings
+ JETTY-380 - handle pipelines of more than 4 requests!
+ JETTY-385 - EncodeURL for new sessions from dispatch
+ JETTY-386 - Allow // in file resources
jetty-6.1.4 - 15 Jun 2007
+ fixed early open() call in NIO connectors
+ JETTY-370 ensure maxIdleTime<=0 means connections never expire
+ JETTY-371 Fixed chunked HEAD response
+ JETTY-372 make test for cookie caching more rigorous
jetty-6.1.4rc1 - 10 Jun 2007
+ Work around IBM JVM socket close issue
+ moved documentation for jetty and jspc maven plugins to wiki
+ async client improvements
+ fixed handling of large streamed files
+ Fixed synchronization conflict SslSelectChannel and SelectChannel
+ Optional static content cache
+ JETTY-310 better exception when no filter file for cometd servlet
+ JETTY-323 handle htaccess without a user realm
+ JETTY-346 add wildcard support to extra scan targets for maven plugin
+ JETTY-355 extensible SslSelectChannelConnector
+ JETTY-357 cleaned up ssl buffering
+ JETTY-360 allow connectors, userRealms to be added from a <jettyConfig> for m
aven plugin
+ JETTY-361 prevent url encoding of dir listings for non-link text
+ JETTY-362 More object locks
+ JETTY-365 make needClientAuth work on SslSelectChannelConnector
+ JETTY-366 JETTY-368 Improved bayeux disconnect

jetty-6.1.4rc0 - 1 Jun 2007

+ Reorganized import of contrib modules
+ Unified JMX configuration
+ Updated slf4j version to 1.3.1
+ Updated junit to 3.8.2
+ Allow XmlConfiguration properties to be configured
+ Add (commented out) jspc precompile to test-webapp
+ Add slf4j-api for upgraded version
+ Change scope of fields for Session
+ Add ability to run cometd webapps to maven plugin
+ Delay ssl handshake until after dispatch in sslSocketConnector
+ Set so_timeout during ssl handshake as an option on SslSocketConnector
+ Optional send Date header. Server.setSendDateHeader(boolean)
+ update etc/jetty-ssl.xml with new handshake timeout setting
+ fixed JSP close handling
+ improved date header handling
+ fixed waiting continuation reset
+ JETTY-257 fixed comet cross domain
+ JETTY-309 fix applied to sslEngine
+ JETTY-317 rollback inclusion of cometd jar for maven plugin
+ JETTY-318 Prevent meta channels being created
+ JETTY-330 Allow dependencies with scope provided for jspc plugin
+ JETTY-335 SslEngine overflow fix
+ JETTY-337 deprecated get/setCipherSuites and added get/setExcludeCipherSuites
+ JETTY-338 protect isMoreInBuffer from destroy
+ JETTY-339 MultiPartFiler deletes temp files on IOException
+ JETTY-340 FormAuthentication works with null response
+ JETTY-344 gready fill in ByteArrayBuffer.readFrom
+ JETTY-345 fixed lost content with blocked NIO.
+ JETTY-347 Fixed type util init
+ JETTY-352 Object locks
jetty-6.1.3 - 4 May 2007
+ Handle CRLF for content in header optimization
+ JETTY-309 don't clear writable status until dispatch
+ JETTY-315 suppressed warning
+ JETTY-322 AJP13 cping and keep alive
jetty-6.1.2 - 1 May 2007
+ Improved unavailabile handling
+ sendError resets output state
+ Fixed session invalidation error in WadiSessionManager
+ Updated Wadi to version 2.0-M3
+ Added static member definition in WadiSessionManager
+ JETTY-322 fix ajp cpong response and close handling
+ JETTY-324 fix ant plugin
+ JETTY-328 updated jboss
jetty-6.1.2rc5 - 24 April 2007
+ set default keystore for SslSocketConnector
+ removed some compile warnings
+ Allow jsp-file to be / or /*
+ JETTY-305 delayed connection destroy
+ JETTY-309 handle close in multivalue connection fields.
+ JETTY-309 force writable status of endpoints.
+ JETTY-314 fix for possible NPE in Request.isRequestedSessionIdValid
jetty-6.1.2rc4 - 19 April 2007
+ JETTY-294 Fixed authentication reset
+ JETTY-299 handle win32 paths for object naming



removed synchronized on dispatch

correctly parse quoted content encodings
fixed dual reset of generator
Fixed authentication reset

jetty-6.1.2rc3 - 16 April 2007

+ Improved performance and exclusions for TLD scanning
+ MBean properties assume writeable unless marked RO
+ refactor of SessionManager and SessionIdManager for clustering
+ Improvements to allow simple setting of Cache-Control headers
+ AJP redirects https requests correctly
+ Fixed writes of unencoded char arrays.
+ JETTY-283 Parse 206 and 304 responses in client
+ JETTY-285 enable jndi for mvn jetty:run-war and jetty:run-exploded
+ JETTY-289 fixed on binary file upload
+ JETTY-292 Fixed error page handler error pages
+ JETTY-293 fixed NPE on fast init
+ JETTY-294 Response.reset() resets headers as well as content
+ JETTY-295 Optional support of authenticated welcome files
+ JETTY-296 Close direct content inputstreams
+ JETTY-297 Recreate tmp dir on stop/start
+ JETTY-298 Names in JMX ObjectNames for context, servlets and filters
jetty-6.1.2rc2 - 27 March 2007
+ Enable the SharedStoreContextualiser for the WadiSessionManager(Database stor
e for clustering)
+ AJP13 CPING request and CPONG response implemented
+ AJP13 Shutdown Request from peer implemented
+ AJP13 remoteUser, contextPath, servletPath requests implemented
+ Change some JNDI logging to debug level instead of info
+ Update jasper to glassfish tag SJSAS-9_1-B39-RC-14_Mar_2007
+ Optimized multi threaded init on startup servlets
+ Removed unneeded specialized TagLibConfiguration class from maven plugin
+ Refactor Scanner to increase code reuse with maven/ant plugins
+ Added RestFilter for PUT and DELETE from Aleksi Kallio
+ Make annotations work for maven plugin
+ JETTY-125 maven plugin: ensure test dependencies on classpath for <useTestCla
+ JETTY-246 path encode cookies rather than quote
+ JETTY-254 prevent close of jar entry by bad JVMs
+ JETTY-256 fixed isResumed and work around JVM bug
+ JETTY-258 duplicate log message in ServletHandler
+ JETTY-260 Close connector before stop
+ JETTY-262 Allow acceptor thread priority to be adjusted
+ JETTY-263 Added implementation for authorizationType Packets
+ JETTY-265 Only quote cookie values if needed
+ JETTY-266 Fix deadlock with shutdown
+ JETTY-271 ResourceHandler uses resource for MimeType mapping
+ JETTY-272 Activate and Passivate events for sessions
+ JETTY-274 Improve flushing at end of request for blocking
+ JETTY-276 Partial fix for reset/close race
+ JETTY-277 Improved ContextHandlerCollection
+ JETTY-278 Session invalidation delay until no requests
+ JETTY-278 Only unwrap one layer of ServletExceptions
+ JETTY-280 Fixed deadlock with two flushing threads
+ JETTY-284 Fixed stop connector race
+ JETTY-286 isIntegral and isConfidential methods overridden in SslSelectChanne
jetty-6.1.2rc1 - 8 March 2007

+ TagLibConfiguration uses resource input stream

+ Improved handling of early close in AJP
+ add ajp connector jar to jetty-jboss sar
+ Improved Context setters for wadi support
+ fix Dump servlet to handle primitive array types
+ handle comma separated values for the Connection: header
+ Added option to allow null pathInfo within context
+ BoundedThreadPool queues rather than blocks excess jobs.
+ Support null pathInfo option for webservices deployed to jetty/jboss
+ Workaround to call SecurityAssocation.clear() for jboss webservices calls to
+ Ensure jetty/jboss uses servlet-spec classloading order
+ call preDestroy() after servlet/filter destroy()
+ Fix constructor for Constraint to detect wildcard role
+ Added support for lowResourcesIdleTime to SelectChannelConnector
+ JETTY-157 make CGI handle binary data
+ JETTY-175 JDBCUserRealm use getInt instead of getObject
+ JETTY-188 Use timer for session scavaging
+ JETTY-235 default realm name
+ JETTY-242 fix race condition with scavenging sessions when stopping
+ JETTY-244 Fixed UTF-8 buffer overflow
+ JETTY-245 Client API improvements
+ JETTY-246 spaces in cookies
+ JETTY-248 setContentLength after content written
+ JETTY-250 protect attribute enumerations from modification
+ JETTY-252 Fixed stats handling of close connection
+ JETTY-254 prevent close of jar file by bad JVMs
jetty-6.1.2rc0 - 15 February 2007
+ JETTY-223 Fix disassociate of UserPrincipal on dispatches
+ JETTY-226 Fixed SSLEngine close issue
+ JETTY-232 Fixed use of override web.xml
+ JETTY-236 Buffer leak
+ JETTY-237 AJPParser Buffer Data Handling
+ JETTY-238 prevent form truncation
+ Patches from sybase for ClientCertAuthenticator
+ Coma separated cookies
+ Cometd timeout clients
jetty-6.1.2pre1 5 Feb 2007
+ JETTY-224 run build up to process-test before invoking jetty:run
+ Added error handling for incorrect keystore/truststore password in SslSelectC
+ fixed bug with virtual host handling in ContextHandlerCollection
+ added win32service to standard build
+ refactored cometd to be continuation independent
+ allow ResourceHandler to use resource base from an enclosing ContextHandler
jetty-6.1.2pre0 1 Feb 2007
+ Fixed 1.4 method in jetty plus
+ Fixed generation of errors during jsp compilation for jsp-2.1
+ Added cometd jsonp transport from aabeling
+ Added terracotta cluster support for cometd
+ JETTY-213 request.isUserInRole(String) fixed
+ JETTY-215 exclude more transitive dependencies from tomcat jars for jsp-2.0
+ JETTY-216 handle AJP packet fragmentation
+ JETTY-218 handle AJP ssl key size and integer
+ JETTY-219 fixed trailing encoded chars in cookies
+ JETTY-220 fixed AJP content

+ JETTY-222 fix problem parsing faces-config.xml

+ add support for Annotations in servlet, filter and listener sources
+ improved writer buffering
+ moved JSON parser to util to support reuse
+ handle virtual hosts in ContextHandlerCollection
+ enable SslSelectChannelConnector to modify the SslEngine's client authenticat
ion settings
jetty-6.1.1 - 15 Jan 2007
jetty-6.1.1rc1 - 12 Jan 2007
+ Use timers for Rollover logs and scanner
+ JETTY-210 Build jsp-api-2.0 for java 1.4
jetty-6.1.1rc0 - 10 Jan 2007
+ Fixed unpacking WAR
+ extras/win32service download only if no JavaServiceWrapper exist
+ MultiPartFilter deleteFiles option
+ CGI servlet fails without exception
+ JETTY-209 Added ServletTester.createSocketConnector
+ JETTY-210 Build servlet-api-2.5 for java 1.4
+ JETTY-211 fixed jboss build
+ ensure response headers on AjaxFilter messsages turn off caching
+ start webapps on deployment with jboss, use isDistributed() method from WebAp
+ simplified chat demo
jetty-6.1.0 - 9 Jan 2007
+ Fixed unpacking WAR
jetty-6.1.0 - 5 Jan 2007
+ Improved config of java5 threadpool
+ Protect context deployer from Errors
+ Added WebAppContext.setCopyWebDir to avoid JVM jar caching issues.
+ GERONIMO-2677 refactor of session id handling for clustering
+ ServletTester sets content length
+ Added extras/win32service
+ JETTY-206 fixed AJP getServerPort and getRemotePort
jetty-6.1.0rc3 - 2 Jan 2007
+ JETTY-195 fixed ajp ssl_cert handling
+ JETTY-197 fixed getRemoteHost
+ JETTY-203 initialize ServletHandler if no Context instance
+ JETTY-204 setuid fix
+ setLocale does not use default content type
+ Use standard releases of servlet and jsp APIs.
+ implement resource injection and lifecycle callbacks declared in web.xml
+ extras/servlet-tester
jetty-6.1.0rc2 - 20 December 2006
+ AJP13Parser, throw IllegalStateException on unimplemented AJP13 Requests
+ ContextHandlerCollection is noop with no handlers
+ ensure servlets initialized if only using ServletHandler
+ fixed Jetty-197 AJP13 getRemoteHost()
+ Refactored AbstractSessionManager for ehcache
+ ensure classpath passed to jspc contains file paths not urls
+ JETTY-194 doubles slashes are significant in URIs
+ JETTY-167 cometd refactor
+ remove code to remove SecurityHandler if no constraints present
+ JETTY-201 make run-as work for both web container and ejb container in jboss
+ ensure included in jsp-2.1 jar

jetty-6.1.0rc1 - 14 December 2006

+ simplified idle timeout handling
+ JETTY-193 MailSessionReference without authentication
+ JETTY-199 newClassPathResource
+ ensure unique name for ServletHolder instances
+ added cache session manager(pre-alpha)
jetty-6.1.0rc0 - 8 December 2006
+ JETTY-181 Allow injection of a java:comp Context
+ JETTY-182 Optionally set JSP classpath initparameter
+ Dispatcher does not protect javax.servlet attributes
+ DefaultHandler links virtual hosts.
+ Fixed cachesize on invalidate
+ Optimization of writers
+ ServletHandler allows non REQUEST exceptions to propogate
+ TCK fixes from Sybase:
* Handle request content encodings
* forward query attribute fix
* session attribute listener
* Servlet role ref
* flush if content-length written
* 403 for BASIC authorization failure
* null for unknown named dispatches
+ JETTY-184 cometd connect non blocking
+ Support for RFC2518 102-processing response
+ JETTY-123 fix improved
+ Added org.mortbay.thread.concurrent.ThreadPool
+ Added extras/gwt
+ Fixed idle timeout
+ JETTY-189 ProxyConnection
+ Added spring ejb3 demo example
+ update jasper to glassfish SJSAS-9_1-B27-EA-07_Dec_2006
+ fixed JETTY-185 tmp filename generation
jetty-6.1.0pre3 - 22 November 2006
+ fixed NIO endpoint flush. Avoid duplicate sends
+ CVE-2006-6969 Upgraded session ID generation to use SecureRandom
+ updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006
+ JETTY-180 XBean support for context deploy
+ JETTY-154 Cookies are double quotes only
+ Expose isResumed on Continuations
+ Refactored AJP generator
jetty-6.0.2 - 22 November 2006
+ Moved all modules updates from 6.1pre2 to 6.0
+ Added concept of bufferred endpoint
+ Added conversion Object -> ObjectName for the result of method calls made on
+ Added DataFilter configuration to cometd
+ added examples/test-jaas-webapp
+ Added extraClassPath to WebAppContext
+ Added hierarchical destroy of mbeans
+ Added ID constructor to AbstractSessionManager.Session
+ added isStopped() in LifeCycle and AbstractLifeCycle
+ Added override descriptor for deployment of RO webapps
+ add <Property> replacement in jetty xml config files
+ alternate optimizations of writer (use -Dbuffer.writers=true)
+ Allow session cookie to be refreshed

+ Apply queryEncoding to getQueryString

+ CGI example in test webapp
+ change examples/test-jndi-webapp so it can be regularly built
+ Default soLinger is -1 (disabled)
+ ensure "" returned for ServletContext.getContextPath() for root context
+ ensure sessions nulled out on request recycle; ensure session null after inva
+ ensure setContextPath() works when invoked from jetty-web.xml
+ fixed NIO endpoint flush. Avoid duplicate sends
+ Fixed NPE in bio.SocketEndPoint.getRemoteAddr()
+ Fixed resource cache flushing
+ Fixed tld parsing for maven plugin
+ HttpGenerator can generate requests
+ Improved * files and specialized some MBean
+ JETTY-118 ignore extra content after close.
+ JETTY-119 cleanedup Security optimizatoin
+ JETTY-123 handle windows UNC paths
+ JETTY-126 handle content > Integer.MAX_VALUE
+ JETTY-129 ServletContextListeners called after servlets are initialized
+ JETTY-151 Idle timeout only applies to blocking operations
+ JETTY-151 refactored writers
+ JETTY-154 Cookies are double quotes only
+ JETTY-171 Fixed filter mapping
+ JETTY-172 use getName() instead of toString
+ JETTY-173 restore servletpath after dispatch
+ Major refactor of SelectChannel EndPoint for client selector
+ make .tag files work in packed wars
+ Plugin shutdown context before stopping it.
+ Refactored session lifecycle and additional tests
+ release resource lookup in Default servlet
+ (re)make JAAS classes available to webapp classloader
+ Reverted UnixCrypt to use coersions (that effected results)
+ Session IDs can change worker ID
+ Simplified ResourceCache and Default servlet
+ SocketConnector closes all connections in doStop
+ Upgraded session ID generation to use SecureRandom
+ updated glassfish jasper to tag SJSAS-9_1-B25-EA-08_Nov_2006
Jetty-5.1.14 - 9 Aug 2007
+ patched with correct version
+ JETTY-155 force close with content length.
+ JETTY-369 failed state in Container
+ Sourceforge 1648335: problem setting version for AJP13
Jetty-5.1.12 - 22 November 2006
+ Added support for TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ Upgraded session ID generation to use SecureRandom
+ Quote single quotes in cookies
+ AJP protected against bad requests from mod_jk
+ JETTY-154 Cookies ignore single quotes
Jetty-4.2.27 - 22 November 2006
+ Upgraded session ID generation to use SecureRandom
+ AJP protected against bad requests from mod_jk
jetty-6.1.0pre2 - 20 Nov 2006
+ Added extraClassPath to WebAppContext

+ Fixed resource cache flushing

+ Clean up jboss module licensing
jetty-6.1.0pre1 - 19 Nov 2006
+ Use ContextDeployer as main deployer in jetty.xml
+ Added extras/jboss
+ Major refactor of SelectChannel EndPoint for client selector
+ Fixed NPE in bio.SocketEndPoint.getRemoteAddr()
+ Reverted UnixCrypt to use coersions (that effected results)
+ JETTY-151 Idle timeout only applies to blocking operations
+ alternate optimizations of writer (use -Dbuffer.writers=true)
+ JETTY-171 Fixed filter mapping
+ JETTY-172 use getName() instead of toString
+ JETTY-173 restore servletpath after dispatch
+ release resource lookup in Default servlet
+ Simplified ResourceCache and Default servlet
+ Added override descriptor for deployment of RO webapps
+ Added hierarchical destroy of mbeans
+ JETTY-151 refactored writers
jetty-6.1.0pre0 - 21 Oct 2006
+ add <Property> replacement in jetty xml config files
+ make .tag files work in packed wars
+ add hot deployment capability
+ ensure setContextPath() works when invoked from jetty-web.xml
+ ensure sessions nulled out on request recycle; ensure session null after inva
+ ensure "" returned for ServletContext.getContextPath() for root context
+ Fixed tld parsing for maven plugin
+ Improved * files and specialized some MBean
+ Added conversion Object -> ObjectName for the result of method calls made on
+ JETTY-129 ServletContextListeners called after servlets are initialized
+ change examples/test-jndi-webapp so it can be regularly built
+ added isStopped() in LifeCycle and AbstractLifeCycle
+ fixed isUserInRole checking for JAASUserRealm
+ fixed ClassCastException in JAASUserRealm.setRoleClassNames(String[])
+ add a maven-jetty-jspc-plugin to do jspc precompilation
+ added examples/test-jaas-webapp
+ (re)make JAAS classes available to webapp classloader
+ CGI example in test webapp
+ Plugin shutdown context before stopping it.
+ Added concept of bufferred endpoint
+ Factored ErrorPageErrorHandler out of WebAppContext
+ Refactored ErrorHandler to avoid statics
+ Transforming classloader does not transform resources.
+ SocketConnector closes all connections in doStop
+ Improved charset handling in URLs
+ minor optimization of bytes to UTF8 strings
+ JETTY-112 ContextHandler checks if started
+ JETTY-113 support optional query char encoding on requests
+ JETTY-114 removed utf8 characters from code
+ JETTY-115 Fixed addHeader
+ added cometd chat demo
+ JETTY-119 cleanedup Security optimizatoin
+ Refactored session lifecycle and additional tests
+ JETTY-121 init not called on externally constructed servlets
+ JETTY-124 always initialize filter caches
+ JETTY-126 handle content > Integer.MAX_VALUE
+ JETTY-123 handle windows UNC paths


JETYY-120 SelectChannelConnector closes all connections on stop

Added ID constructor to AbstractSessionManager.Session
Allow session cookie to be refreshed
Added DataFilter configuration to cometd
Added extras/setuid to support start as root
Apply queryEncoding to getQueryString
JETTY-118 ignore extra content after close.
HttpGenerator can generate requests
Ported HtAccessHandler
Start of a client API
Session IDs can change worker ID
Default soLinger is -1 (disabled)
AJP Connector

Jetty-5.1.11 - 8 October 2006

+ fixed ByteBufferOutputStream capacity calculation
+ Fixed AJP handling of certificate length (1494939)
+ Fixed AJP chunk header (1507377)
+ Fixed order of destruction event calls
+ Fix to HttpOutputStream from M.Traverso
+ Default servlet only uses setContentLength on wrapped responses
Jetty-4.2.26 - 8 October 2006
+ Backport of AJP fixes
jetty-6.0.1 - 24 September 2006
+ fixed isUserInRole checking for JAASUserRealm
+ fixed ClassCastException in JAASUserRealm.setRoleClassNames(String[])
+ Improved charset handling in URLs
+ Factored ErrorPageErrorHandler out of WebAppContext
+ Refactored ErrorHandler to avoid statics
+ JETTY-112 ContextHandler checks if started
+ JETTY-114 removed utf8 characters from code
+ JETTY-115 Fixed addHeader
+ JETTY-121 init not called on externally constructed servlets
+ Improved charset handling in URLs
+ minor optimization of bytes to UTF8 strings
+ JETTY-113 support optional query char encoding on requests
+ JETTY-124 always initialize filter caches
+ JETYY-120 SelectChannelConnector closes all connections on stop
jetty-6.0.0 - 10 September 2006
+ SocketConnector closes all connections in doStop
+ Conveniance builder methods for listeners and filters
+ Transforming classloader does not transform resources.
+ Plugin shutdown context before stopping it.
jetty-6.0.0rc4 - 5 September 2006
+ bind jetty-env.xml entries to java:comp/env
+ Fix for JETTY-107. Poor cast in SessionDump demo.
+ Set charset on error pages
jetty-6.0.0rc3 - 1 September 2006
+ pulled 6.0.0 branch
+ turn URLConnection caching off when searching for tlds [JETTY-103]
+ Move MailSessionReference to org.mortbay.naming.factories
+ Less verbose handling of BadResources from bad URLs
+ Avoid double error handling of Bad requests
+ don't warn for content length on head requests
+ temp fix for JETTY-104 (raised glassfish ISSUE-1044) hide

JSP forced path attribute

+ Fixed JETTY-68. Complete request after sendRedirect
+ Transferred the sslengine patch from the patches directory to extras
jetty-6.0.0rc2 - 25 August 2006
+ use mvn -Dslf4j=false jetty:run to disable use of slf4j logging with jdk1.4/j
+ added org.apache.commons.logging package to system classes that can't be over
ridden by a webapp classloader
+ mvn -Djetty.port=x jetty:run uses port number given for the default connector
+ Fixed NPE when no resource cache
+ Refactored WebXmlConfiguration to allow custom web.xml resource
+ Moved more utility packagtes to the util jar
+ Direct buffer useage is optional
+ Destroy HttpConnection to improve buffer pooling
+ Timestamp in StdErrLog
jetty-6.0.0rc1 - 16 August 2006
+ Support for binding References and Referenceables and javax.mail.Sessions in
+ Added TransformingWebAppClassLoader for spring 2.0 byte code modification sup
+ Ensure classes come before dependencies for plugin [JETTY-90]
+ Fixed FD leak for bad TCP acks. JETTY-63
+ new Server().addHandler(handler) no longer throws NPE [JETTY-87]
+ Change path mapping so that a path spec of /foo/* does not match / : J
+ add <requestLog> config param to jetty plugin
+ Improve Ssl config JETTY-85 JETTY-86 (TrustManager and SecureRandom are now c
onfigurable; better handling of null/default values)
+ parse jsp-property-group in web.xml for additional JSP servlet mappings
+ protected setContentType from being set during include
+ added toString() on JAASUserPrincipal (JETTY-91)
+ added modules/spring with XmlBeanFactory configuration
+ removed support for lowResources from SelectChannelConnector
+ added start of cometd implementation (JSON only)
+ added start of grizzly connector
+ removed org.mortbay. from context system classes configuration
+ -DSTOP.PORT must be specified.
+ moved optional modules to extras
+ fixed bug that caused Response.setStatus to ignore the provided message
+ refactored resource cache
+ Allow direct filling of buffers for uncached static content.
+ Added simple ResourceHandler and FileServer example
jetty-6.0.0rc0 - 7 July 2006
+ change prefix from "jetty6" to just "jetty" for plugin: eg is now mvn jetty:r
+ allow <key> or <name> in <systemProperty> for plugin
+ simplified jetty.xml with new constructor injections
+ added setters and getters on SessionManager API for session related config: c
ookie name, url parameter name, domain, max age and path.
+ add ability to have a lib/ext dir from which to recursively add all jars and
zips to the classpath
+ patch to allow Jetty to use JSP2.1 from Glassfish instead of Jasper from Tomc
+ fixed classesDirectory param for maven plugin to be configurable
+ ensure explicitly set tmp directory called "work" is not deleted on exit
+ ensure war is only unpacked if war is newer than "work" directory
+ change name of generated tmp directory to be "Jetty_"+host+"_"+port+"_"+conte

+ Cleaned up idle expiry.
+ Ssl algorithm taken from system property
+ Added 8 random letters&digits to Jetty-generated tmp work dir name to ensure
+ Simplify runtime resolution of JSP library for plugin
+ Ensure mvn clean cleans the build
+ Do not wrap EofException with EofException
+ reverse order for destroy event listeners
+ added StatisticsHandler and statistics on Connector.
+ Simplified Servlet Context API
+ Added maximum limit to filter chain cache.
+ refactor HttpChannelEndPoint in preparation for SslEngine
+ ContextHandlerCollection addContext and setContextClass
+ Discard excess bytes in header buffer if connection is closing
+ Updated javax code from
+ Threadpool does not need to be a LifeCycle
+ support graceful shutdown
+ Added WebAppContextClassLoader.newInstance to better support exensible loader
+ immutable getParameterMap()
+ support <load-on-startup> for SingleThreadModel
+ changed ServletContext.getResourcePaths() to not return paths containing dou
ble slashes
+ fixed HttpGenerator convertion of non UTF-8: JETTY-82
+ added html module from jetty 5 - but deprecated until maintainer found
jetty-6.0.0beta17 - 1/6/2006
+ Added config to disable file memory mapped buffers for windows
+ Added Request.isHandled()
+ Refactored Synchronization of SelectChannelConnector
+ Recovered repository from Codehaus crash
+ ContextHandler.setConnectors replace setHosts
+ Connector lowResourceMaxIdleTime implemented.
+ Default servlet checks for aliases resources
+ Added clover reports and enough tests to get >50% coverage
+ Fixed IE SSL issue.
+ Implemented runAs on servlets
+ Flush will flush all bytes rather than just some.
+ Protected WEB-INF and META-INF
+ don't reset headers during forward
+ BoundedThreadPool.doStop waits for threads to complete
jetty-6.0.0beta16 - 12/5/2006
+ remove a couple of System.err.printlns
+ replace backwards compativle API in UrlEncoded
jetty-6.0.0beta15 - 11/5/2006
+ Added Server attribute org.mortbay.jetty.Request.maxFormContentSize
+ Renamed NotFoundHandler to DefaultHandler
+ Added automatic scan of all WEB-INF/jetty-*.xml files for plugin
+ Added <scanTargets> parameter to allow other locations to scan for plugin
+ Major refactor to simplify Server and handler hierarchy
+ setSendServerVersion method added to Server to control sending of Server: htt
p header
+ removed SelectBlockingChannelConnector (unmaintained)
+ Improved HttpException
+ Moved more resources to resources
+ Added ThrottlingFilter and fixed race in Continuations


Added taglib resources to 2.1 jsp api jar

Reset of timer task clears expiry
improved MBeanContainer object removal
ContextHandler.setContextPath can be called after start.
Fixed handling of params after forward
Added --version to start.jar
Added embedded examples
Simplified DefaultServlet static content buffering
readded BoundedThreadPool shrinking (and then fixed resulting deadlock)
improved MBean names
improved support for java5 jconsole
Session scavenger threads from threadpool
Thread names include URI if debug set
don't accept partial authority in request line.
enforce 204 and 304 have no content

jetty-6.0.0beta14 - 9/4/2006
+ ignore dirs and files that don't exist in plugin scanner
+ added support for stopping jetty using "java -jar start.jar --stop"
+ added configurability for webdefault.xml in maven plugin
+ adding InvokerServlet
+ added ProxyServlet
+ stop JDBCUserRealm coercing all credentials to String
+ Change tmp dir of plugin to work to be in line with jetty convention
+ Modify plugin to select JSP impl at runtime
+ Use start.config to select which JSP impl at runtime based on jdk version
+ Added JSP 2.1 APIs from apache
+ Added Jasper 2.1 as jesper (jasper without JCL)
+ Started readding logging to jesper using jdk logging
+ fixed priority of port from url over host header
+ implemented request.isUserInRole
+ securityHandler removed if not used.
+ moved test webapps to examples directory
+ improved contentType handling and test harness
+ fixed forward bug (treated as include)
+ fixed HttpField iterator
+ added jetty-util.jar module
+ added reset to Continuation
jetty-6.0.0beta12 - 16/3/2006
+ Fixed maven plugin JNDI for redeploys
+ Fixed tld discovery for plugin (search dependencies)
+ Fixed JettyPlus for root contexts
+ Fixed error handling in error page
+ Added JSP2.0 demos to test webapp
+ Upgraded jasper to 5.5.15
+ Added provider support to SslListener
+ Log ERROR for runtimeExceptions
jetty-6.0.0beta11 - 14/3/2006
+ added JAAS
+ added webapp-specific JNDI entries
+ added missing Configurations for maven plugin
+ fixed FORM authentication
+ moved dtd and xsd to standard javax location
+ added patch to use joda-time
+ refactored session ID management
+ refactored configuration files and start()
+ fixed ; decoding in URIs

+ Added HttpURI and improved UTF-8 parsing.

+ refactored writers and improved UTF-8 generation.
jetty-6.0.0beta10 25/2/2006
+ Added support for java:comp/env
+ Added support for pluggable transaction manager
+ Forward masks include attributes and vice versa
+ Fixed default servlet handling of includes
+ Additional accessors for request logging
+ added getLocalPort() to connector
+ Fixed content-type for range requests
+ Fix for sf1435795 30sec delay from c taylor
+ Fix for myfaces and include with close
+ Fix sf1431936 don't chunk the chunk
+ Fix hi byte reader
+ Updates javax to MR2 release
jetty-6.0.0beta9 9/2/2006
+ PathMap for direct context mapping.
+ Refactored chat demo and upgraded prototype.js
+ Continuation cleanup
+ Fixed unraw decoding of query string
+ Fixed dispatch of wrapped requests.
+ Fixed double flush of short content.
+ Added request log.
+ Added CGI servlet.
+ Force a tempdir to be set.
+ Force jasper scratch dir.
+ fixed setLocale bug sf1426940
+ Added TLD tag listener handling.
jetty-6.0.0beta8 24/1/2006
+ fixed dispatch of new session problem. sf:1407090
+ reinstated rfc2616 test harness
+ Handle pipeline requests without hangs
+ Removed queue from thread pool.
+ improved caching of content types
+ fixed bug in overloaded write method on HttpConnection (reported against Tape
+ hid org.apache.commons.logging and org.slf4j packages from webapp
+ maven-jetty6-plugin stopped transitive inclusion of log4j and
commons-logging from commons-el for jasper
+ patch to remove spurious ; in HttpFields
+ improve buffer return mechanism.
+ conveniance addHandler removeHandler methods
+ maven-jetty6-plugin: ensure compile is done before invoking jetty
+ maven-jetty6-plugin: support all types of artifact dependencies
+ Fixed infinite loop with chunk handling
+ Faster header name lookup
+ removed singleton Container
+ reduced info verbosity
+ null dispatch attributes not in names
+ maven-jetty6-plugin added tmpDirectory property
+ maven-jetty6-plugin stopped throwing an error if there is no target/classes d
+ Fixed issue with blocking reads

+ Fixed issue with unknown headers

+ optimizations
+ Moved to SVN
+ Fixed writer char[] creations
+ Added management module for mbeans
+ System property support in plugin
+ CVE-2006-2758 Fixed JSP visibility security issue.
+ Improved jetty-web.xml access to org.mortbay classes.
+ Jasper 5.5.12
+ Fixed error in block read
+ Named dispatch.
+ Fixed classloader issue with server classes
+ merged util jar back into jetty jar
+ Simpler continuation API
+ loosely coupled with JSP servlet
+ loosely coupled with SLF4J
+ Improved reuse of HttpField values and cookies.
+ Improved buffer return
+ Servlet 2.5 API
+ SSL connector
+ maven2 plugin
+ shutdown hook
+ refactored start/stop
+ Implemented all listeners
+ Error pages
+ Virtual hosts
+ Multiple select sets
+ Maven 2 build
+ Dispatcher parameters
+ UTF-8 encoding for URLs
+ Fixed blocking read
+ Added demo for Continuations
+ Jasper and associated libraries.
+ Continuations - way cool way to suspend a request and retry later.
+ Dispatchers
+ Security
+ Filters
+ web.xml handling
* Totally rearchitected and rebuilt, so 10 years of cruft could be removed!
* Improved "dependancy injection" and "inversion of control" design of componen

* Improved "interceptor" design of handlers
* Smart split buffer design allows large buffers to only be allocated to active
connections. The
resulting memory savings allow very large buffers to be used, which increases
the chance of efficient
asynchronous flushing and of avoiding chunking.
* Optional use of NIO Buffering so that efficient direct buffers and memory map
ped files can be
* Optional use of NIO non-blocking scheduling so that threads are not allocated
per connection.
* Optional use of NIO gather writes, so that for example a HTTP header and a me
mory mapped
* file may be sent as sent is a single operation.
- Missing Security
- Missing Request Dispatchers
- Missing web.xml based configuration
- Missing war support
Jetty-5.1.11RC0 - 5 April 2006
+ stop JDBCUserRealm forcing all credentials to be String
+ force close with shutdownOutput for win32
+ NPE protection if desirable client certificates
+ Added provider support to SslListener
+ logging improvements for servlet and runtime exceptions
+ Fixed AJP handling of ;jsessionid.
+ improved contentType param handling
Jetty-5.1.10 - 5 January 2006
+ Fixed path aliasing with // on windows.
+ Fix for AJP13 with multiple headers
+ Fix for AJP13 with encoded path
+ Remove null dispatch attributes from getAttributeNames
+ Put POST content default back to iso_8859_1. GET is UTF-8 still
Jetty-4.2.25 - 4 Jan 2006
+ Fixed aliasing of // for win32
Jetty-5.1.9 - 7 December 2005
+ Fixed wantClientAuth(false) overriding netClientAuth(true)
Jetty-6.0.0betaX + See for 6.0 releases
Jetty-5.1.8 - 7 December 2005
+ Fixed space in URL issued created in 5.1.6
Jetty-5.1.7 - 7 December 2005
Jetty-5.1.7rc0 - 6 December 2005
+ improved server stats
+ char encoding for MultiPartRequest
+ fixed merging of POST params in dispatch query string.
+ protect from NPE in dispatcher getValues
+ Updated to 2.6.2 xerces
+ JSP file servlet mappings copy JspServlet init params.
+ Prefix servlet context logs with org.mortbay.jetty.context
+ better support for URI character encodings
+ use commons logging jar instead of api jar.

Jetty-5.1.6 - 18 November 2005

+ CVE-2006-2758 Fixed JSP visibility security issue.
+ Improved jetty-web.xml access to org.mortbay classes.
+ Improved
+ Improved
+ Improved

- 10 November 2005
shutdown hook
URL Decoding
mapping of JSP files.

Jetty-5.1.5rc2 - 7 October 2005

+ Reverted dispatcher params to RI rather than spec behaviour.
+ ProxyHandler can handle chained proxies
+ unsynchronized ContextLoader
+ ReFixed merge of Dispatcher params
+ public ServerMBean constructor
+ UTF-8 encoding for URLs
+ Response.setLocale will set locale even if getWriter called.
Jetty-5.1.5rc1 - 23 August 2005
+ upgraded to commons logging 1.0.4
+ Release commons logging factories when stopping context.
+ Fixed illegal state with chunks and 100 continue - Tony Seebregts
+ Fixed PKCS12Import input string method
+ Fixed merge of Dispatcher parameters
+ Encoded full path in ResourceHandler directory listing
+ handle extra params after charset in header
+ Fixed 100-continues with chunking and early commit
Jetty-5.1.5rc0 - 16 August 2005
+ Fixed component remove memory leak for stop/start cycles
+ Facade over commons LogFactory so that discovery may be avoided.
+ Applied ciphersuite patch from tonyj
+ Authenticators use servlet sendError
+ HttpTunnel timeout
+ NPE protection for double stop in ThreadedServer
+ Expect continues only sent if input is read.
Jetty-5.1.4 - 5 June 2005
+ Fixed FTP close issue.
+ setup MX4J with JDK1.5 in start.config
+ set classloader during webapp doStop
+ NPE protection in ThreadedServer
+ ModelMBean handles null signatures
+ Change JAAS impl to be more flexible on finding roles
Jetty-5.1.4rc0 - 19 April 2005
+ ServletHttpContext correctly calls super.doStop.
+ HttpServer delegates component handling to Container.
+ Allow ServletHandler in normal HttpContext again.
+ Stop start.jar putting current directory on classpath.
+ More protection from null classloaders.
+ Turn off web.xml validation for JBoss.
Jetty-5.1.3 - 7 April 2005
+ Some minor code janitorial services
Jetty-4.2.24 - 7 April 2005

Jetty-5.1.3rc4 - 31 March 2005

+ Moved servlet request wrapping to enterContextScope for geronimo security
+ refixed / mapping for filters
+ Allow XmlConfiguration to start with no object.
+ updated to mx4j 3.0.1
+ rework InitialContextFactory to use static 'default' namespace
+ make java:comp/env immutable for webapps as per J2EE spec
Jetty-5.1.3rc3 - 20 March 2005
+ removed accidental enablement of DEBUG for JettyPlus jndi in
+ fixed "No getter or setter found" mbean errors
Jetty-5.1.3rc2 - 16 March 2005
+ Updated JSR154Filter for ERROR dispatch
+ Fixed context to _context refactory error
Jetty-5.1.3rc1 - 13 March 2005
+ Fixed typo in context-param handling.
+ update to demo site look and feel.
+ Fixed principal naming in FormAuthenticator
+ JettyPlus updated to JOTM 2.0.5, XAPool 1.4.2
+ Fixed principal naming in FormAuthenticator
Jetty-5.1.3rc0 - 8 March 2005
+ Flush filter chain caches on servlet/filter change
+ Fixed rollover filename format bug
+ Fixed JSR154 error dispatch with explicit pass of type.
+ Allow system and server classes to be configured for context loader.
+ IOException if EOF read during chunk.
+ Fixed HTAccess crypt salt handling.
+ Added simple xpath support to XmlParser
+ Added TagLibConfiguration to search for listeners in TLDs.
+ Added SslListener for 1.4 JSSE API.
+ Fixed moderate load preventing ThreadPool shrinking.
+ Added logCookie and logLatency support to NCSARequestLog
+ Added new JAAS callback to allow extra login form fields in authentication
Jetty-4.2.24rc0 - 8 March 2005
+ Back ported Jetty 5 ThreadedServer and ThreadPool
+ Added logCookie and logLatency support to NCSARequestLog
Jetty-5.1.2 - 18 January 2005
+ Added id and ref support to XmlConfiguration
+ Cleaned up AbstractSessionManager synchronization.
+ Fixed potential concurrent login problem with JAAS
+ Apply patch #1103953
Jetty-4.2.23 - 16 January 2005
+ Cleaned up AbstractSessionManager synchronization.
+ Fixed potential concurrent login problem with JAAS
Jetty-5.1.2pre0 - 22 December 2004
+ Fixed case of Cookie parameters
+ Support Secure and HttpOnly in session cookies
+ Modified useRequestedID handling to only use IDs from other contexts
+ Added global invalidation to AbstractSessionManager
+ UnavailableException handling from handle
+ Fixed suffix filters

Jetty-4.2.23RC0 - 17 December 2004

+ LineInput handles readers with small internal buffer
+ Added LogStream to capture stderr and stdout to logging
+ Support Secure and HttpOnly in session cookies
+ Build unsealed jars
Jetty-5.1.1 - 1 December 2004
+ Some minor findbugs code cleanups
+ Made more WebApplicationHandle configuration methods public.
+ Fixed ordering of filters with multiple interleaved mappings.
+ Allow double // within URIs
+ Applied patch for MD5 hashed credentials for MD5
Jetty-5.1.1RC0 - 17 November 2004
+ fix for adding recognized EventListeners
+ fix commons logging imports to IbmJsseListener
+ added new contributed shell start/stop script
+ excluded ErrorPageHandler from standard build in extra/jdk1.2 build
Jetty-5.1.0 - 14 November 2004
Jetty-5.1.RC1 - 24 October 2004
+ Allow JSSE listener to be just confidential or just integral.
+ Fixed NPE for null contenttype
+ improved clean targets
+ when committed setHeader is a noop rather than IllegalStateException
+ Partially flush writers on every write so content length can be detected.
+ Build unsealed jars
+ default / mapping does not apply to Filters
+ many minor cleanups suggested from figbug utility
+ Allow multiple accepting threads
Jetty-5.1.RC0 - 11 October 2004
+ Fixed many minor issues from J2EE 1.4 TCK testing
See bugs 1031520 - 1032205
+ Refactored, simplified and optimized HttpOutputStream
+ LineInput handles readers with small internal buffer
+ Added LogStream to capture stderr and stdout to logging
+ Added filter chain cache
+ Added JSR77 servlet statistic support
+ Refactored webapp context configurations
+ Added LifeCycle events and generic container.
+ Upgraded to ant-1.6 for jasper
+ Fixed HTAccessHandler
+ JBoss 4.0.0 support
Jetty-5.0.0 - 10 September 2004
Jetty-5.0.RC4 - 5 September 2004
+ Fixed configuration of URL alias checking
+ JettyJBoss: Use realm-name from web.xml if present, otherwise use security-do
main from jboss-web.xml
Jetty-5.0.RC3 - 28 August 2004
+ DIGEST auth handles qop, stale and maxNonceAge.
+ Less verbose warning for non validating xml parser.
+ fixed jaas logout for jetty-jboss


fixed deployment of ejb-link elements in web.xml with jboss

Update to jasper 5.0.27
Added parameters for acceptQueueSize and lowResources level.
Changed default URI encoding to UTF-8
Fixes to work with java 1.5
JettyPlus upgrade to XAPool 1.3.3. and HSQLDB 1.7.2
JettyPlus addition of pluggable DataSources
Always say close for HTTP/1.0 non keep alive.

Jetty-4.2.22 - 23 August
+ fixed jaas logout for jetty-jboss integration
+ fixed deployment of ejb-link elements in web.xml for jboss
+ Added parameters for acceptQueueSize and lowResources level.
Jetty-5.0.RC2 - 2 July 2004
+ Fixed DIGEST challenge delimiters
+ HTAccess calls UnixCrypt correctly
+ integrated jetty-jboss with jboss-3.2.4
+ Error dispatchers are always GET requests.
+ OPTIONS works for all URLs on default servlet
+ add JMX support for JettyPlus
+ add listing of java:comp/env for webapp with JMX
+ make choice of override of JNDI ENC entries: config.xml or web.xml
+ Default servlet may use only pathInfo for resource
+ Fixed session leak in j2ee
+ Fixed no-role security constraint combination.
+ Fix to use runas roles during servlet init and destroy
+ Fixed JAAS logout
+ HttpContext sendError for authentication errors
Jetty-4.2.21 - 2 July 2004
+ integrated jetty-jboss with jboss-3.2.4
+ add JMX support for JettyPlus
+ add listing of java:comp/env for webapp with JMX
+ make choice of override of JNDI ENC entries: config.xml or web.xml
+ Fixed JAAS logout
Jetty-5.0.RC1 - 24 May 2004
+ Changed to apache 2.0 license
+ added extra/etc/start-plus.config to set up main.class for jettyplus
+ maxFormContentLength may be unlimited with <0 value
+ Fixed HTTP tunnel timeout setting.
+ Improved handling of exception from servlet init.
+ FORM auth redirects to context on a re-auth
+ Handle multiple virutal hosts from JBoss 3.2.4RC2
Jetty-4.2.20 - 22 May 2004
+ maxFormContentLength may be unlimited with <0 value
+ Fixed HTTP tunnel timeout setting.
+ Improved handling of exception from servlet init.
+ FORM auth redirects to context on a re-auth
Jetty-5.0.0RC0 - 7 April 2004
+ Updated JettyPlus to JOTM 1.4.3 (carol-1.5.2, xapool-1.3.1)
+ ServletContext attributes wrap HttpContext attributes.
+ Factored out XML based config from WebApplicationContext
+ Improved RequestLog performance
+ Fixed j2se 1.3 problem with HttpFields
+ Default servlet respectes servlet path
+ Fixed setCharacterEncoding for parameters.


Fixed DOS problem

Worked around bad jboss URL handler in XMLParser
Forced close of connections over stop/start
ProxiedFor field support added to NCSARequestLog
Fixed Default servlet for non empty servlet paths
Updated mx4j to V2
Updated jasper to 5.0.19
Changed dist naming convention to lowercase

Jetty-4.2.20RC0 - 7 April 2004

+ Worked around bad jboss URL handler in XMLParser
+ Forced close of connections over stop/start
+ HttpFields protected headers
+ ProxiedFor field support added to NCSARequestLog
+ Fixed Default servlet for non empty servlet paths
+ Changed dist naming convention to lowercase
Jetty-4.2.19 - 19 Mar 2004
+ Fixed DOS attack problem
Jetty-5.0.beta2 - 12 Feb 2004
+ Added skeleton JMX MBean for jetty plus
+ Fixed HEAD with empty chunk bug.
+ Fixed jetty.home/work handling
+ Fixed setDate thread safety
+ Fixed SessionManager init
+ Improved low thread handling
+ FileResource better handles non sun JVM
+ Monitor closes socket before exit
+ Updated to Japser 5.0.16
+ RequestDispatcher uses request encoding for query params
+ Fixed busy loop in threadpool run
+ Reorganized ServletHolder init
+ Added log4j context repository to jettyplus
+ NPE guard for no-listener junit deployment
+ Added experimental NIO listeners again.
+ fixed filter dispatch configuration.
+ fixed lazy authentication with FORMs
Jetty-4.2.18 - 1 Mar 2004
+ Added log4j context repository to jettyplus
+ NPE guard for no-listener junit deployment
+ Improved log performance
+ Fixed j2se 1.3 problem with HttpFields
+ Suppress some more IOExceptions
+ Default servlet respectes servlet path
Jetty-4.2.17 - 1 Feb 2004
+ Fixed busy loop in threadpool run
+ Reorganized ServletHolder init
Jetty-4.2.16 - 30 Jan 2004
+ Fixed setDate multi-cpu race
+ Improved low thread handling
+ FileResource better handles non sun JVM
+ Fixed HttpTunnel for JDK 1.2
+ Monitor closes socket before exit
+ RequestDispatcher uses request encoding for query params
+ Update jasper to 4.1.29

Jetty-5.0.beta1 - 24 December 2003

+ SecurityConstraints not reset by stop() on custom context
+ Fixed UnixCrypt handling in HTAccessHandler
+ Added patch for JBoss realm single sign on
+ Reorganized FAQ
+ Env variables for CGI
+ Removed support for old JBoss clustering
Jetty-4.2.15 - 24 December 2003
+ SecurityConstraints not reset by stop() on custom context
+ Fixed UnixCrypt handling in HTAccessHandler
+ Added patch for JBoss realm single sign on
+ Environment variables for CGI
+ Removed support for old JBoss clustering
Jetty-5.0.beta0 - 22 November 2003
+ Removed support for HTTP trailers
+ PathMap uses own Map.Entry impl for IBM JVMs
+ Use ${jetty.home}/work or WEB-INF/work for temp directories if present
+ Protect from interrupted exceptions
+ Added org.mortbay.http.ErrorHandler for error pages.
+ Fixed init race in HttpFields cache
+ Allow per listener handlers
+ Added MsieSslHandler to handle browsers that don't grok persistent SSL (msie
+ Respect content length when decoding form content.
+ JBoss integration uses writer rather than stream for XML config handling
+ Expire pages that contain set-cookie as per RFC2109 recommendation
+ Updated jasper to 5.0.14beta
+ Removed the CMR/CMP distributed session implementation
Jetty-4.2.15rc0 - 22 November 2003
+ PathMap uses own Map.Entry impl for IBM JVMs
+ Race in HttpFields cache
+ Use ${jetty.home}/work or WEB-INF/work for temp directories if present
+ Protect from interrupted exceptions
+ Added org.mortbay.http.ErrorHandler for error pages.
+ JsseListener checks UserAgent for browsers that can't grok persistent SSL (ms
+ Removed the CMR/CMP distributed session implementation
Jetty-4.2.14 - 04 November 2003
+ respect content length when decoding form content.
+ JBoss integration uses writer rather than stream for XML config handling
+ Fixed NPE in SSO
+ Expire pages that contain set-cookie as per RFC2109 recommendation
Jetty-5.0.alpha3 - 19 October 2003
+ Reworked Dispatcher to better support cross context sessions.
+ Use File.toURI().toURL() when jdk 1.2 alternative is available.
+ Priority added to ThreadPool
+ replaced win32 service with
+ FileClassPath derived from walk of classloader hierarchy.
+ Implemented security constraint combinations
+ Set TransactionManager on JettyPlus datasources and pools
+ Fixed null pointer if no sevices configured for JettyPlus
+ Updated jasper and examples to 5.0.12
+ Lazy authentication if no auth constraint.
+ Restore servlet handler after dispatch
+ Allow customization of HttpConnections

+ Failed requests excluded from duration stats

Jetty-4.2.14RC1 - 19 October 2003
+ Reworked Dispatcher to better support cross context sessions.
+ Added UserRealm.logout and arrange for form auth
+ Allow customization of HttpConnections
+ Failed requests excluded from
Jetty-4.2.14RC0 - 7 October 2003
+ Correctly setup context classloader in cross context dispatch.
+ Put a semi busy loop into proxy tunnels for IE problems
+ Fixed handling of error pages for IO and Servlet exceptions
+ updated extra/j2ee to jboss 3.2.1+
+ Use File.toURI().toURL() when jdk 1.2 alternative is available.
+ cookie timestamps are in GMT
+ Priority on ThreadedServer
+ replaced win32 service with
+ Build fileclasspath from a walk of the classloaders
+ Set TransactionManager on JettyPlus datasources and pools
+ Fixed null pointer if no sevices configured for JettyPlus
+ Fixed comments with embedded double dashes on jettyplus.xml file
Jetty-5.0.alpha2 - 19 September 2003
+ Use commons logging.
+ Use log4j if extra is present.
+ Improved JMX start.
+ Update jakarta examples
+ Correctly setup context classloader in cross context dispatch.
+ Turn off validation without non-xerces errors
+ minor doco updates.
+ moved mailing lists to sourceforge.
+ Put a semi busy loop into proxy tunnels for IE problems
+ MultipartRequest supports multi value headers.
+ XML entity resolution uses URLs not Resources
+ Implemented ServletRequestListeners as optional filter.
+ Moved error page mechanism to be webapp only.
+ Fixed error page handling of IO and Servlet exceptions.
Jetty-5.0.alpha1 - 12 August 2003
+ Switched to mx4j
+ Improve combinations of Security Constraints
+ Implemented locale encoding mapping.
+ Synced with 4.2.12
+ Updated to Jasper 5.0.7
+ Server javadoc from war
Jetty-5.0.alpha0 - 16 Jul 2003
+ Compiled against 2.4 servlet spec.
+ Implemented remote/local addr/port methods
+ Updated authentication so that a normal Principal is used.
+ updated to jasper 5.0.3
+ Implemented setCharaterEncoding
+ Implemented filter-mapping <dispatcher> element
+ Implemented Dispatcher forward attributes.
Jetty-4.2.12 - 12 August 2003
+ Restore max inactive interval for session manager
+ Removed protection of org.mortbay.http attributes
+ Fixed parameter ordering for a forward request.
+ Fixed up HTAccessHandler


Improved error messages from ProxyHandler

Added missing S to some OPTIONS strings
Added open method to threaded server.
FORMAuthenticator does 403 with empty error page.
Fixed MIME types for chemicals
Padding for IE in RootNotFoundHandler

Jetty-4.2.11 - 12 July 2003

+ Fixed race in servlet initialization code.
+ Cookie params all in lower case.
+ Simplified AJP13 connection handling.
+ Prevent AJP13 from reordering query.
+ Support separate Monitor class for start
+ Branched for Jetty 5 development.
Jetty-4.2.10 - 7 July 2003
+ Updates to JettyPlus documentation
+ Updates to Jetty tutorial for start.jar, jmx etc
Jetty-4.2.10pre2 - 4 July 2003
+ Improvement to JettyPlus config of datasources and connection pools
+ Addition of mail service for JettyPlus
+ Move to Service-based architecture for JettyPlus features
+ Re-implementation of JNDI
+ Many improvements in JettyPlus java:comp handling
+ Allow multiple security-role-ref elements per servlet.
+ Handle Proxy-Connection better
+ Cleaned up alias handling.
+ Confidential redirection includes query
+ handle multiple security role references
+ Fixed cookie handling for old cookies and safari
+ Restricted ports in ProxyHandler.
+ URI always encodes %
+ Session statistics
+ XmlConfiguration can get/set fields.
Jetty-4.2.10pre1 - 2 June 2003
+ Fixed JSP code visibility problem introduced in Jetty-4.2.10pre0
+ Added stop.jar
+ Added SSO implementation for FORM authentication.
+ WebApplicationContext does not reassign defaults descriptor value.
+ Fixed AJP13 protocol so that request/response header enums are correct.
+ Fixed form auth success redirect after retry, introduced in 4.2.9rc1
+ Trace support is now optional (in AbstractHttpHandler).
+ Deprecated forced chunking.
+ Form authentication remembers URL over 403
+ ProxyHandler has improved test for request content
+ Removed support of org.mortbay.http.User role.
+ Fixed problem with shared session for inter context dispatching.
Jetty-4.2.10pre0 - 5 May 2003
+ Moved Log4JLogSink into JettyPlus
+ Added ability to override jetty startup class by using -Djetty.server on runl
+ Incorporate JettyPlus jotm etc into build.
+ Massive reorg of the CVS tree.
+ Incorporate jetty extra and plus into build
+ Integrate with JAAS
+ Apply the append flag of RolloverFileOutputStream constructor.
+ RolloverFileOutputStream manages Rollover thread.


New look and feel for www site.

Fixed table refs in JDBCUserRealm.
Allow params in form auth URLs
Updated to jasper jars from tomcat 4.1.24
Allow query params in error page URL.
ProxyHandler checks black and white lists for Connect.
Merge multivalued parameters in dispatcher.
Fixed CRLF bug in MultiPartRequest
Warn if max form content size is reached.
getAuthType returns CLIENT_CERT instead of CLIENT-CERT.
getAuthType maps the HttpServletRequest final strings.
FORM Authentication is serializable for session distribution.

Jetty-4.2.9 - 19 March 2003

+ Conditional headers check after /dir to /dir/ redirection.
Jetty-4.2.9rc2 - 16 March 2003
+ Fixed build.xml for source release
+ Made rfc2068 PUT/POST Continues support optional.
+ Defaults descriptor has context classloader set.
+ Allow dispatch to j_security_check
+ Added X-Forwarded-For header in ProxyHandler
+ Updated included jmx jars
Jetty-4.2.9rc1 - 6 March 2003
+ Work around URLClassloader not handling leading /
+ Dump servlet can load resources for testing now.
+ Added trust manager support to SunJsseListener.
+ Added support for client certs to AJP13.
+ Cleaned up includes
+ Removed checking for single valued headers.
+ Optional 2.4 behaviour for sessionDestroyed notification.
+ Stop proxy url from doing user interaction.
+ Turn request log buffering off by default.
+ Reduced default context cache sizes (Total 1MB file 100KB).
+ ProxyHandler has black and white host list.
+ Added requestlog to HttpContext.
+ Allow delegated creation of WebApplication derivations.
+ Check Data contraints before Auth constraints
Jetty-4.2.8_01 - 18 February 2003
+ Patched first release of 4.2.8 with correct version number
+ Fixed CGI servlet to handle multiple headers.
+ Added a SetResponseHeadersHandler, can set P3P headers etc.
+ ProxyHandler can handle multiple cookies.
+ Fixed AdminServlet to handle changed getServletPath better.
+ Default servlet can have own resourceBase.
+ Rolled back SocketChannelListener to 4.2.5 version
+ Added option to resolve remote hostnames. Defaults to off.
+ Added MBeans for Servlets and Filters
+ Moved ProxyHandler to the src1.4 tree
Jetty-4.2.7 - 4 February 2003
+ Upgraded to JSSE 1.0.3_01 to fix security problem.
+ Fixed proxy tunnel for non persistent connections.
+ Relative sendRedirect handles trailing / correctly.
+ Changed PathMap to conform to / getServletPath handling.
Jetty-4.2.6 - 24 January 2003
+ Improved synchronization on AbstractSessionManager.


Allow AJP13 buffers to be resized.

Fixed LineInput problem with expanded buffers.
ClientCertAuthentication updates request.
Fixed rel sendRedirects for root context.
Added HttpContext.setHosts to restrict context by real interface.
Added MBeans for session managers
Improved SocketChannelListener contributed.
Added version to HttpServerMBean.

Jetty-4.2.5 - 14 January 2003

+ Fixed pathParam bug for ;jsessionid
+ Don't process conditional headers and ranges for includes
+ Added Log4jSink in the contrib directory.
+ Fixed requestedSessionId null bug.
Jetty-4.2.4 - 4 January 2003
+ Fixed stop/start handling of servlet context
+ Reuse empty LogSink slots.
+ HTAccessHandler checks realm as well as htpassword.
+ Clear context listeners after stop.
+ Clear context attributes after stop.
+ Use requestedSessionId as default session ID.
+ Added MBeans for handlers
+ Upgraded jasper to 4.1.18
Jetty-4.2.4rc0 - 12 December 2002
+ Simplified ThreadedServer
+ Use ThreadLocals for ByteArrayPool to avoid synchronization.
+ Use Version to reset HttpFields
+ Cheap clear for HttpFields
+ Fixed setBufferSize NPE.
+ Cleaned up some unused listener throws.
+ Handle chunked form data.
+ Allow empty host header.
+ Avoid optional 100 continues.
+ Limit form content size.
+ Handle = in param values.
+ Added HttpContext.flushCache
+ Configurable root context.
+ RootNotFoundHandler to help when no context found.
+ Update jasper to 4.1.16beta
+ Fixed dir listing from jars.
+ Dir listings in UTF8
+ Character encoding handling for GET requests.
+ Removed container transfer encoding handling.
+ Improved setBufferSize handling
+ Code logs objects rather than strings.
+ Better access to session manager.
+ Fixed isSecure and getScheme for SSL over AJP13
+ Improved ProxyHandler to the point is works well for non SSL.
+ Implemented RFC2817 CONNECT in ProxyHandler
+ Added gzip content encoding support to Default and ResourceHandler
Jetty-4.2.3 - 2 December 2002
+ Removed aggressive threadpool shrinkage to avoid deadlock on SMP machines.
+ Fixed some typos
+ Added links to Jetty Powered page
+ Clean up of ThreadedServer.stop()
+ Updated bat scripts
+ Added PKCS12Import class to import PKCS12 key directly


removed old HttpContext.setDirAllowed()

added main() to org.mortbay.http.Version
Check form authentication config for leading /
Cleaner servlet stop to avoid extra synchronization on handle

Jetty-4.2.2 - 20 November 2002

+ Fixed sendRedirect for non http URLS
+ Fixed URI query recycling for persistent connections
+ Fixed handling of empty headers
+ Added EOFException to reduce log verbosity on closed connections.
+ Avoided bad buffer status after closed connection.
Jetty-4.2.1 - 18 November 2002
+ Fixed bad optimization in UrlEncoding
+ Re-enabled UrlEncoding test harnesses
Jetty-4.2.0 - 16 November 2002
+ Fixed AJP13 buffer size.
+ Fixed remove listener bug.
+ Fixed include of Invoker servlet.
+ Restrict 304 responses to seconds time resolution.
+ Use IE date formatting for speed.
+ Removed jasper source and just include jars from 4.1.12
+ Worked around JVM1.3 bug for JSPs
+ Lowercase jsessionid for URLs only.
+ Made NCSARequestLog easier to extend.
+ Added definitions for RFC2518 WebDav response codes.
+ Removed remaining non portable getBytes() calls
+ Added upload demo to dump servlet.
+ Many more optimizations.
Jetty-4.1.4 - 16 November
+ Fixed ContextLoader parent delegation bug
+ Fixed remove SocketListener bug.
+ Fixed Invoker servlet for RD.include
+ Use IE date formatting for last-modified efficiency
+ Last modified handling uses second resolution.
+ Made NCSARequestLog simpler to extend.
Jetty-4.2.0rc1 - 2 November 2002
+ Support default mime mapping defined by *
+ Recycling of HttpFields class.
+ Renamed Filter application methods.
+ Fixed firstWrite after commit.
+ Fixed ContextLoader parent delegation bug.
+ Fixed problem setting the size of chunked buffers.
+ Removed unused Servlet and Servlet-Engine headers.
+ Fixed servletpath on invoker for named servlets.
+ Fixed directory resource bug in JarFileResource.
+ Improved handling of 2 byte encoded characters within forms.
Jetty-4.2.0rc0 - 24 October 2002
+ Greg's birthday release!
+ Added embedded iso8859 writer to HttpOutputStream.
+ Removed duplicate classes from jar
+ Fixed RolloverFileOutputStream without date.
+ Fixed SessionManager initialization
+ Added authenticator to admin.xml
+ Fixed Session timeout NPE.

Jetty-4.1.3 - 24 October 2002

+ Fixed RolloverFileOutputStream without date.
+ Fixed SessionManager initialization
+ Added authenticator to admin.xml
+ Fixed Session timeout NPE.
Jetty-4.0.6 - 24 October 2002
+ Clear interrupted status in ThreadPool
+ Fixed forward query string handling
+ fixed forward attribute handling for jsp-file servlets
+ Fixed setCharacterEncoding to work with getReader
+ Fixed handling of relative sendRedirect after forward.
+ Fixed virtual hosts temp directories.
Jetty-4.2.0beta0 - 13 October 2002
+ New ThreadPool implementation.
+ New Buffering implementation.
+ New AJP13 implementation.
+ Removed Dispatcher dependancy on ServletHttpContext
+ getNamedDispatcher(null) returns containers default servlet.
+ unquote charset in content type
+ Stop/Start filters in declaration order.
+ Use "standard" names for default,jsp & invoker servlets.
+ Fixed caching of directories to avoid shared buffers.
+ Fixed bad log dir detection
+ Fix Session invalidation bug
+ Build without jmx
+ 404 instead of 403 for WEB-INF requests
+ FORM authentication sets 403 error page
+ Allow %3B encoded ; in URLs
+ Allow anonymous realm
+ Update jasper to 4.1.12 tag
Jetty-4.1.2 - 13 October 2002
+ Some AJP13 optimizations.
+ getNamedDispatcher(null) returns containers default servlet.
+ unquote charset in content type
+ Stop/Start filters in declaration order.
+ Use "standard" names for default,jsp & invoker servlets.
+ Fixed caching of directories to avoid shared buffers.
+ Fixed bad log dir detection
+ Fix Session invalidation bug
+ Build without jmx
+ 404 instead of 403 for WEB-INF requests
+ FORM authentication sets 403 error page
+ Allow %3B encoded ; in URLs
+ Allow anonymous realm
+ Update jasper to 4.1.12 tag
Jetty-4.1.1 - 30 September 2002
+ Fixed client scripting vulnerability with jasper2.
+ Merged LimitedNCSARequestLog into NCSARequestLog
+ Fixed space in resource name handling for jdk1.4
+ Moved launcher/src to src/org/mortbay/start
+ Fixed infinite recursion in JDBCUserRealm
+ Avoid setting sotimeout for optimization.
+ String comparison of If-Modified-Since headers.
+ Touch files when expanding jars
+ Deprecated maxReadTime.

+ Cache directory listings.

Jetty-4.1.0 - 22 September 2002
+ Fixed CGI+windows security hole.
+ Fixed AJP13 handling of mod_jk loadbalancing.
+ Stop servlets in opposite order to start.
+ NCSARequest log buffered default
+ WEB-INF/classes before WEB-INF/lib
+ Sorted directory listings.
+ Handle unremovable tempdir.
+ Context Initparams to control session cookie domain, path and age.
+ ClientCertAuthenticator protected from null subjectDN
+ Added LimitedNCSARequestLog
+ Use javac -target 1.2 for normal classes
Jetty-4.1.0RC6 - 14 September 2002
+ Don't URL encode FileURLS.
+ Improved HashUserRealm doco
+ FormAuthenticator uses normal redirections now.
+ Encode URLs of Authentication redirections.
+ Added logon.jsp for no cookie form authentication.
+ Extended Session API to pass request for jvmRoute handling
+ Fixed problem with AJP 304 responses.
+ Improved look and feel of demo
+ Cleaned up old debug.
+ Added redirect to welcome file option.
Jetty-4.1.0RC5 - 8 September 2002
+ AJP13Listener caught up with HttpConnection changes.
+ Added commandPrefix init param to CGI
+ More cleanup in ThreadPool for idle death.
+ Improved errors for misconfigured realms.
+ Implemented security-role-ref for isUserInRole.
Jetty-4.1.0RC4 - 30 August 2002
+ Included IbmJsseListener in the contrib directory.
+ Updated jasper2 to 4.1.10 tag.
+ Reverted to 302 for all redirections as all clients do not understand 303
+ Created statsLock sync objects to avoid deadlock when stopping.
Jetty-4.1.0RC3 - 28 August 2002
+ Fixed security problem for suffix matching with trailing "/"
+ addWebApplications encodes paths to allow for spaces in file names.
+ Improved handling of PUT,DELETE & MOVE.
+ Improved handling of path encoding in Resources for bad JVMs
+ Added buffering to request log
+ Created and integrated the Jetty Launcher
+ Made Resource canonicalize it's base path for directories
+ Allow WebApplicationHandler to be used with other handlers.
+ Added defaults descriptor to addWebApplications.
+ Allow FORM auth pages to be within security constraint.
Jetty-4.1.0RC2 - 20 August 2002
+ Conveninace setClassLoaderJava2Compliant method.
+ Clear interrupted status in ThreadPool
+ Fixed HttpFields cache overflow
+ Improved ByteArrayPool to handle multiple sizes.
+ Added HttpListener.bufferReserve
+ Use system line separator for log files.
+ Updated to Jasper2 (4_1_9 tag)

+ Build ant, src and zip versions with the release

Jetty-4.1.0RC1 - 11 August 2002
+ Fixed forward query string handling
+ Fixed setCharacterEncoding to work with getReader
+ Fixed getContext to use canonical contextPathSpec
+ Improved the return codes for PUT
+ Made HttpServer serializable
+ Updated international URI doco
+ Updated jasper to CVS snapshot 200208011920
+ Fixed forward to jsp-file servlet
+ Fixed handling of relative sendRedirect after forward.
Jetty-4.1.0RC0 - 31 July 2002
+ Fixed getRealPath for packed war files.
+ Changed URI default charset back to ISO_8859_1
+ Restructured Password into Password and Credentials
+ Added DigestAuthenticator
+ Added link to a Jetty page in Korean.
+ Added ExpiryHandler which can set a default Expires header.
Jetty-4.0.5 - 31 July 2002
+ Fixed getRealPath for packed war files.
+ Reversed order of ServletContextListener.contextDestroyed calls
+ Fixed getRequestURI for RD.forward to return new URI.
Jetty-4.1.B1 - 19 July 2002
+ Updated mini.http.jar target
+ CGI Servlet, pass all HTTP headers through.
+ CGI Servlet, catch and report program invocation failure status.
+ CGI Servlet, fixed suffix mapping problem.
+ CGI Servlet, set working directory for exec
+ Support HTTP/0.9 requests again
+ Reversed order of ServletContextListener.contextDestroyed calls
+ Moved dynamic servlet handling to Invoker servlet.
+ Moved webapp resource handling to Default servlet.
+ Sessions create attribute map lazily.
+ Added PUT,DELETE,MOVE support to webapps.
+ Added 2.4 Filter dispatching support.
Jetty-3.1.9 - 15 July 2002
+ Allow doHead requests to be forwarded.
+ Fixed race in ThreadPool for minThreads <= CPUs
Jetty-4.1.B0 - 13 July 2002
+ Added work around of JDK1.4 bug with NIO listener
+ Moved 3rd party jars to $JETTY_HOME/ext
+ Fixed ThreadPool bug when minThreads <= CPUs
+ close rather than disable stream after forward
+ Allow filter init to access servlet context methods.
+ Keep notFoundContext out of context mapping lists.
+ mod_jk FAQ
+ Fixed close problem with load balancer.
+ Stopped RD.includes closing response.
+ RD.forward changes getRequestURI.
+ NCSARequestLog can log to stderr
Jetty-4.1.D2 - 24 June 2002
+ Support trusted external authenticators.
+ Moved jmx classes from JettyExtra to here.


Set contextloader during webapplicationcontext.start

Added AJP13 listener for apache integration.
Fixed ChunkableOutputStream close propagation
Better recycling of HttpRequests.
Protect session.getAttributeNames from concurrent modifications.
Allow comma separated cookies and headers
Back out Don't chunk 30x empty responses.
Conditional header tested against welcome file not directory.
Improved ThreadedServer stopping on bad networks
Use ThreadLocals to avoid unwrapping in Dispatcher.

Jetty-4.0.4 - 23 June 2002

+ Back out change: Don't chunk 30x empty responses.
+ Conditional header tested against welcome file not directory.
+ Improved ThreadedServer stopping on bad networks
Jetty-4.0.3 - 20 June 2002
+ WebapplicationContext.start sets context loader
+ Fixed close propagation of on-chunked output streams
+ Force security disassociation.
+ Better recycling of HttpRequests.
+ Protect session.getAttributeNames from concurrent modifications.
+ Allow session manager to be initialized when set.
+ Fixed japanese locale
+ Allow comma separated cookies and headers
Jetty-4.1.D1 - 8 June 2002
+ Recycle servlet requests and responses
+ Added simple buffer pool.
+ Reworked output buffering to keep constant sized buffers.
+ Don't chunk 30x empty responses.
+ Fixed "" contextPaths in Dispatcher.
+ Removed race for the starting of session scavaging
+ Fixed /foo/../bar// bug in canonical path.
+ Merged ResourceBase and SecurityBase into HttpContext
Jetty-4.0.2 - 6 June 2002
+ Fixed web.dtd references.
+ Fixed handler/context start order.
+ Added OptimizeIt plug
+ Fixed /foo/../bar// bug in canonical path.
+ Don't chunk 30x empty responses.
+ Fixed "" contextPaths in Dispatcher.
+ Removed race for the starting of session scavaging
Jetty-3.1.8 - 6 June 2002
+ Made SecurityConstraint.addRole() require authentication.
+ Fixed singled threaded dynamic servlets
+ Fixed no slash context redirection.
+ Fixed /foo/../bar// bug in canonical path.
Jetty-4.1.D0 - 5 June 2002
+ The 4.1 Series started looking for even more performance
within the 2.3 specification.
+ Removed the HttpMessage facade mechanism
+ BRAND NEW WebApplicationHandler & WebApplicationContext
+ Added TypeUtil to reduce Integer creation.
+ General clean up of the API for for MBean getters/setters.
+ Experimental CLIENT-CERT Authenticator
+ Restructured ResourceHandler into ResourceBase

+ Fixed web.dtd references.

+ Fixed handler/context start order.
+ Added OptimizeIt plug.
Jetty-4.0.1 - 22 May 2002
+ Fixed contextclassloader on ServletContextEvents.
+ Support graceful stopping of context and server.
+ Fixed "null" return from getRealPath
+ OutputStreamLogSink config improvements
+ Updated jasper to 16 May snapshot
Jetty-4.0.1RC2 - 14 May 2002
+ Better error for jre1.3 with 1.4 classes
+ Cleaned up RD query string regeneration.
+ 3DES Keylength was being reported as 0. Now reports 168 bits.
+ Implemented the run-as servlet tag.
+ Added confidential and integral redirections to HttpListener
+ Fixed ServletResponse.reset() to resetBuffer.
Jetty-4.0.1RC1 - 29 April 2002
+ Improved flushing of chunked responses
+ Better handling if no realm configured.
+ Expand ByteBuffer full limit with capacity.
+ Fixed double filtering of welcome files.
+ Fixed FORM authentication auth of login page bug.
+ Fixed setTempDirectory creation bug
+ Avoid flushes during RequestDispatcher.includes
Jetty-4.0.1RC0 - 18 April 2002
+ Updated Jasper to CVS snapshot from Apr 18 18:50:59 BST 2002
+ Pass pathParams via welcome file forward for jsessionid
+ Extended facade interfaces to HttpResponse.sendError
+ Moved basic auth handling to HttpRequest
+ AbstractSessionManager sets contextClassLoader for scavanging
+ Set thread context classloader for webapp load-on-startup inits
+ Added extract arg to addWebApplications
+ Fixed delayed response bug:
Stopped HttpConnection consuming input from timedout connection.
+ DTD allows static "Get" and "Set" methods to be invoked.
Jetty-4.0.0 - 22 March 2002
+ Updated tutorial configure version
+ Added IPAddressHandler for IP restrictions
+ Updated contributors.
+ Minor documentation updates.
+ cygwin support
Jetty-4.0.RC3 - 20 March 2002
+ Fixed ZZZ offset format to +/-HHMM
+ Updated history
+ JDBCUserRealm instantiates JDBC driver
+ ContextInitialized notified before load-on-startup servlets.
+ Suppress WriterOutputStream warning.
+ Changed html attribute order for mozilla quirk.
Jetty-4.0.RC2 - 12 March 2002
+ Fixed security constraint problem with //
+ Fixed version for String XmlConfigurations
+ Fixed empty referrer in NCSA log.
+ Dont try to extract directories


Added experimental nio SocketChannelListener

Added skeleton load balancer
Fixed column name in JDBCUserRealm
Remove last of the Class.forName calls.
Removed redundant sessionID check.
Security FAQ
Disabled the Password EXEC mechanism by default

Jetty-3.1.7 - 12 Mar 2002

+ Fixed security problem with constraints being bypassed with //
in URLs
Jetty-4.0.RC1 - 06 March 2002
+ Added ContentEncodingHandler for compression.
+ Fixed filter vs forward bug.
+ Improved efficiency of quality list handling
+ Simplified filter API to chunkable streams
+ XmlParser is validating by default. use o.m.x.XmlParser.NotValidating propert
y to change.
+ contextDestroyed event sent before destruction.
+ Minor changes to make HttpServer work on J2ME CVM
+ Warn if jdk 1.4 classes used on JVM <1.4
+ WebApplication will use ContextLoader even without WEB-INF directory.
+ FileResource depends less on FilePermissions.
+ Call response.flushBuffer after service to flush wrappers.
+ Empty suffix for temp directory.
+ Contributors list as an image to prevent SPAM!
+ Fixed recursive DEBUG loop in Logging.
+ Updated to always respect arguments.
Jetty-3.1.6 - 28 Feb 2002
+ Implemented 2.3 clarifications to security constraint semantics
+ Empty suffix for temp directory.
+ Fixed HttpFields remove bug
+ Set Listeners default scheme
+ LineInput can handle any sized marks
+ HttpResponse.sendError makes a better attempt at finding an error page.
+ Dispatcher.forward dispatches directly to ServletHolder to avoid
premature exception handling.
Jetty-4.0.B2 - 25 Feb 2002
+ Minor Jasper updates
+ Improve handling of unknown URL protocols.
+ Improved default jetty.xml
+ Adjust servlet facades for welcome redirection
+ User / mapping rather than /* for servlet requests to static content
+ Accept jetty-web.xml or web-jetty.xml in WEB-INF
+ Added optional JDK 1.4 src tree
+ o.m.u.Frame uses JDK1.4 stack frame handling
+ Added LoggerLogSink to direct Jetty Logs to JDK1.4 Log.
+ Start ServletHandler as part of the FilterHandler start.
+ Simplified addWebApplication
+ Added String constructor to XmlConfiguration.
+ Added org.mortbay.http.JDBCUserRealm
+ Init classloader for JspServlet
+ Slightly more agressive eating unused input from non persistent connection.
Jetty-4.0.B1 - 13 Feb 2002
+ WriterOutputStream so JSPs can include static resources.


Suppress error only for IOExceptions not derivitives.

HttpConnection always eats unused bodies
Merged HttpMessage and Message
LineInput waits for LF after CF if seen CRLF before.
Added setClassLoader and moved getFileClassPath to HttpContext
Updated examples webapp from tomcat
getRequestURI returns encoded path
Servlet request destined for static content returns paths as default servlet

Jetty-4.0.B0 - 4 Feb 2002

+ Implemented 2.3 security constraint semantics
+ Stop and remove NotFound context for HttpServer
+ HttpContext destroy
+ Release process builds JettyExtra
+ Welcome files may be relative
+ Fixed HttpFields remove bug
+ Added Array element to XMLConfiguration
+ Allow listener schemes to be set.
+ Added index links to tutorial
+ Renamed getHttpServers and added setAnonymous
+ Updated crimson to 1.1.3
+ Added hack for compat tests in watchdog for old tomcat stuff
+ Added AbstractSessionManager
+ Support Random Session IDs in HashSessionManager.
+ Common handling of TRACE
+ Updated tutorial and FAQ
+ Reduce object count and add hash width to StringMap
+ Factor out RolloverFileOutputStream from OutputStreamLogSink
+ Remove request logSink and replace with RequestLog using
+ Handle special characters in resource file names better.
+ Welcome file dispatch sets requestURI.
+ Removed triggers from Code.
Jetty-4.0.D4 - 14 Jan 2002
+ Prevent output after forward
+ Handle ServletRequestWrappers for Generic Servlets
+ Improved handling of UnavailableException
+ Extract WAR files to standard temp directory
+ URI uses UTF8 for % encodings.
+ Added BlueRibbon campaign.
+ RequestDispatcher uses cached resources for include
+ Improved HttpResponsse.sendError error page matching.
+ Fixed noaccess auth demo.
+ FORM auth caches UserPrincipal
+ Added isAuthenticated to UserPrincipal
Jetty-4.0.D3 - 31 Dec 2001
+ Fixed cached filter wrapping.
+ Fixed getLocale again
+ Patch jasper to 20011229101000
+ Removed limits on mark in LineInput.
+ Corrected name to HTTP_REFERER in CGI Servlet.
+ Fixed UrlEncoding for % + combination.
+ Generalized temp file handling
+ Fixed ContextLoader lib handling.
+ DateCache handles misses better.
+ HttpFields uses DateCache more.
+ Moved admin port to 8081 to avoid JBuilder

+ Made Frame members private and fixed test harness

+ cookies with maxAge==0 expire on 1 jan 1970
+ setCookie always has equals
Jetty-3.1.5 - 11 Dec 2001
+ setCookie always has equals for cookie value
+ cookies with maxage==0 expired 1 jan 1970
+ Fixed formatting of redirectURLs for NS4.08
+ Fixed ChunableInputStream.resetStream bug.
+ Ignore IO errors when trying to persist connections.
+ Allow POSTs to static resources.
+ stopJob/killStop in ThreadPool to improve stopping
ThreadedServer on some platforms.
+ Branched at Jetty_3_1
Jetty-4.0.D2 - 2 Dec 2001
+ Removed most of the old doco, which needs to be
rewritten and added again.
+ Restructured for demo and test hierarchies
+ Fixed formatting of redirect URLs.
+ Removed ForwardHandler.
+ Removed (until updated).
+ Made the root context a webapplication.
+ Moved demo docroot/servlets to demo directory
+ added addWebApplications auto discovery
+ Disabled last forwarding by setPath()
+ Removed Request set methods (will be replaced)
+ New event model to decouple from beans container.
+ Better handling of charset in form encoding.
+ Allow POSTs to static resources.
+ Fixed ChunableInputStream.resetStream bug.
+ Ignore IO errors when trying to persist connections.
+ Allow POSTs to static resources.
+ stopJob/killStop in ThreadPool to improve stopping
ThreadedServer on some platforms.
Jetty-4.0.D1 - 14 Nov 2001
+ Fixed ServletHandler with no servlets
+ Fixed bug with request dispatcher parameters
+ New ContextLoader implementation.
+ New Dispatcher implementation
+ Added Context and Session Event Handling
+ Added FilterHolder
+ Added FilterHandler
+ Changed HandlerContext to HttpContext
+ Simplified ServletHandler
+ Removed destroy methods
+ Simplified MultiMap
Jetty-4.0.D0 - 06 Nov 2001
+ Branched from Jetty_3_1 == Jetty_3_1_4
+ 2.3 Servlet API
+ 1.2 JSP API
+ Jasper from tomcat4
+ Start SessionManager abstraction.
+ Added examples webapp from tomcat4
+ Branched at Jetty_3_1
Jetty-3.1.4 - 06 Nov 2001
+ Added RequestLogFormat to allow extensible request logs.


Support the ZZZ timezone offset format in DateCache

HTAccessHandler made stricter on misconfiguration
Generate session unbind events on a context.stop()
Default PathMap separator changed to ":,"
PathMap now ignores paths after ; or ? characters.
Remove old stuff from contrib that had been moved to extra
getRealPath accepts \ URI separator on platforms using \ file separator.

Jetty-3.1.3 - 26 Oct 2001

+ Fix security problem with trailing special characters.
Trailing %00 enabled JSP source to be viewed or other
servlets to be bypassed.
+ Fixed several problems with external role authentication.
Role authentication in JBoss was not working correctly and
there were possible object leaks. The fix required an API
change to UserPrinciple and UserRealm.
+ Allow a per context UserRealm instance.
+ Upgraded JSSE to 1.0.2
+ Improved FORM auth handling of role failure.
+ Improved Jasper debug output.
+ Improved ThreadedServer timeout defaults
+ Fixed binary files in CVS
+ Fixed Virtual hosts to case insensitive.
+ PathMap spec separator changed from ',' to ':'. May be set with
org.mortbay.http.PathMap.separators system property.
+ Correct dispatch to error pages with javax attributes set.
Jetty-3.1.2 - 13 Oct 2001
+ Fixed double entry on PathMap.getMatches
+ Fixed servlet handling of non session url params.
+ Fixed attr handling in XmlParser.toString
+ Fixed request log date formatting
+ Fixed NotFoundHandler handling of unknown methods
+ Fixed FORM Authentication username.
+ Fixed authentication role handling in FORM auth.
+ FORM authentication passes query params.
+ Added short delay to shutdown hook for JVM bug.
+ Added ServletHandler.sessionCount()
+ Added run target to ant
+ Changed 304 responses for Opera browser.
+ Changed JSESSIONID to jsessionid
+ Log OK state after thread low warnings.
+ Changed unsatisfiable range warnings to debug.
+ Further improvements in handling of shutdown.
Jetty-3.1.1 - 27 Sep 2001
+ Fixed jar manifest format - patched 28 Sep 2001
+ Removed JDK 1.3 dependancy
+ Fixed ServletRequest.getLocale().
+ Removed incorrect warning for WEB-INF/lib jar files.
+ Handle requestdispatcher during init.
+ Use lowercase tags in html package to be XHTML-like.
+ Correctly ignore auth-constraint descriptions.
+ Reduced verbosity of bad URL errors from IIS virus attacks
Jetty-3.1.0 - 21 Sep 2001
+ Added long overdue Tutorial documentation.
+ Improved some other documentation.
+ Fix ResourceHandler cache invalidate.
+ Fix ServletResponse.setLocale()


Fix reuse of Resource

Fix Jetty.bat for spaces.
Fix .. handling in URI
Fix FORM authentication on exact patterns
Fix flush on stop bug in logs.
Fix param reading on CGI servlet
New simplified jetty.bat
Improved closing of listeners.
Optimized List creation
Removed win32 service.exe
Added HandlerContext.registerHost

Jetty-3.1.rc9 - 02 Sep 2001

+ Added bin/ script to change package names.
+ Changed to org.mortbay domain names.
+ Form auth login and error pages relative to context path.
+ Fixed handling of rel form authentication URLs
+ Added support for Nonblocking listener.
+ Added lowResourcePersistTimeMs for more graceful degradation when
we run out of threads.
+ Patched Jasper to 3.2.3.
+ Added handlerContext.setClassPaths
+ Fixed bug with non cookie sessions.
+ Format cookies in HttpFields.
Jetty-3.1.rc8 - 22 Aug 2001
+ Support WEB-INF/web-jetty.xml configuration extension for webapps
+ Allow per context log files.
+ Updated sponsors page
+ Added HttpServer statistics
+ Don't add notfound context.
+ Many major and minor optimizations:
* ISO8859 conversion
* Buffer allocation
* URI pathAdd
* StringMap
* URI canonicalPath
* OutputStreamLogSink replaces WriterLogSink
+ Separation of URL params in HttpHandler API.
+ Fixed handling of default mime types
+ Allow contextpaths without leading /
+ Removed race from dynamic servlet initialization.
Jetty-3.1.rc7 - 9 Aug 2001
+ Fix bug in sendRedirect for HTTP/1.1
+ Added doco for Linux port redirection.
+ Don't persist connections if low on threads.
+ Added shutdown hooks to Jetty.Server to trap Ctl-C
+ Fixed bug with session ID generation.
+ Added FORM authentication.
+ Remove old context path specs
+ Added UML diagrams to Jetty architecture documentation.
+ Use Enumerations to reduce conversions for servlet API.
+ Optimized HttpField handling to reduce object creatiyon.
+ ServletRequest SSL attributes in line with 2.2 and 2.3 specs.
+ Dump Servlet displays cert chains
+ Fixed redirect handling by the CGI Servlet.
+ Fixed request.getPort for redirections from 80
+ Added utility methods to ServletHandler for wrapping req/res pairs.

+ Added method handling to HTAccessHandler.

+ ServletResponse.sendRedirect puts URLs into absolute format.
Jetty-3.1.rc6 - 10 Jul 2001
+ Avoid script vulnerability in error pages.
+ Close persistent HTTP/1.0 connections on missing Content-Length
+ Use exec for run
+ Improved SSL debugging information.
+ KeyPairTool can now load cert chains.
+ KeyPairTool is more robust to provider setup.
+ Fixed bug in B64Code. Optimised B64Code.
+ Added Client authentication to the JsseListener
+ Fixed a problem with Netscape and the acrobat plugin.
+ Improved debug output for IOExceptions.
+ Updated to JSSE-1.0.2, giving full strength crypto.
+ Win32 Service uses Jetty.Server instead of HttpServer.
+ Added getResource to HandleContext.
+ WebApps initialize resourceBase before start.
+ Fixed XmlParser to handle xerces1.3 OK
+ Added Get element to the XmlConfiguration class.
+ Added Static calls to the XmlConfiguration class.
+ Added debug and logging config example to demo.xml
+ Moved mime types and encodings to property bundles.
+ RequestDispatch.forward() uses normal HandlerContext.handle()
path if possible.
+ Cleaned up destroy handling of listeners and contexts.
+ Removed getConfiguration from LifeCycleThread to avoid JMX clash.
+ Cleaned up Win32 Service server creation.
+ Moved gimp image files to Jetty3Extra
Jetty-3.1.rc5 - 1 May 2001
+ Added build target for mini.jetty.jar - see README.
+ Major restructing of packages to separate servlet dependancies.
c.m.XML - moved XML dependant classes from c.m.Util
c.m.HTTP - No servlet or XML dependant classes:
c.m.Jetty.Servlet - moved from c.m.HTTP.Handler.Servlet
c.m.Servlet - received some servlet dependant classes from HTTP.
+ Added UnixCrypt support to c.m.U.Password
+ Added HTaccessHandler to authenitcate against apache .htaccess files.
+ Added query param handling to ForwardHandler
+ Added ServletHandler().setUsingCookies().
+ Optimized canonical path calculations.
+ Warn and close connections if content-length is incorrectly set.
+ Request log contains bytes actually returned.
+ Fixed handling of empty responses at header commit.
+ Fixed ResourceHandler handling of ;JSESSIONID
+ Fixed forwarding to null pathInfo requests.
+ Fixed handling of multiple cookies.
+ Fixed EOF handling in MultiPartRequest.
+ Fixed sync of ThreadPool idleSet.
+ Fixed jetty.bat classpath problems.
Jetty-3.0.6 - 26 Apr 2001
+ Fixed handling of empty responses at header commit.
+ Fixed ResourceHandler handling of ;JSESSIONID
+ Fixed forwarding to null pathInfo requests.
+ Fixed EOF handlding in MultiPartRequest.
+ Fixed sync of ThreadPool idleSet.
+ Load-on-startup the JspServlet so that precompiled servlets work.

Jetty-3.1.rc4 - 14 April 2001

+ Include full versions of JAXP and Crimson
+ Added idle thread getter to ThreadPool.
+ Load-on-startup the JspServlet so that precompiled servlets work.
+ Removed stray debug println from the Frame class.
Jetty-3.0.5 - 14 Apr 2001
+ Branched from 3.1 trunk to fix major errors
+ Fixed LineInput bug EOF
+ Improved flush ordering for forwarded requests.
+ Turned off range handling by default until bugs resolved
+ Don't chunk if content length is known.
+ fixed getLocales handling of quality params
+ Created better random session ID
+ Resource handler strips URL params like JSESSION.
+ Fixed session invalidation unbind notification to conform with spec
+ Load-on-startup the JspServlet so that precompiled servlets work.
Jetty-3.1.rc3 - 9 April 2001
+ Implemented multi-part ranges so that acrobat is happy.
+ Simplified multipart response class.
+ Improved flush ordering for forwarded requests.
+ Improved ThreadPool stop handling
+ Frame handles more JIT stacks.
+ Cleaned up handling of exceptions thrown by servlets.
+ Handle zero length POSTs
+ Start session scavenger if needed.
+ Added ContentHandler Observer to XmlParser.
+ Allow webapp XmlParser to be observed for ejb-ref tags etc.
+ Created better random session ID
Jetty-3.1.rc2 - 30 Mar 2001
+ Lifecycle.start() may throw Exception
+ Added MultiException to throw multiple nested exceptions.
+ Improved logging of nested exceptions.
+ Only one instance of default MIME map.
+ Use reference JAXP1.1 for XML parsing.y
+ Version 1.1 of configuration dtd supports New objects.
+ Improved handling of Primitive classes in XmlConfig
+ Renamed getConnection to getHttpConnection
+ fixed getLocales handling of quality params
+ fixed getParameter(name) handling for multiple values.
+ added options to turn off ranges and chunking to support acrobat requests.
Jetty-3.1.rc1 - 18 Mar 2001
+ Moved JMX and SASL handling to Jetty3Extra release
+ Fixed problem with ServletContext.getContext(uri)
+ Added Jetty documentation pages from JettyWiki
+ Cleaned up build.xml script
+ Minimal handling of Servlet.log before initialization.
+ Various SSL cleanups
+ Resource handler strips URL params like JSESSION.
Jetty-3.1.rc0 - 23 Feb 2001
+ Added JMX management framework.
+ Use Thread context classloader as default context loader parent.
+ Fixed init order for unnamed servlets.
+ Fixed session invalidation unbind notification to conform with spec
+ Improved handling of primitives in utilities.
+ Socket made available via HttpConnection.


Improved InetAddrPort and ThreadedServer to reduce DNS lookups.

Dynamic servlets may be restricted to Context classloader.
Reoganized packages to allowed sealed Jars
Changed getter and setter methods that did not conform to beans API.

Jetty-3.0.4 - 23 Feb 2001

+ Fixed LineInput bug with split CRLF.
Jetty-3.0.3 - 3 Feb 2001
+ Fixed pipelined request buffer bug.
+ Handle empty form content without exception.
+ Allow Log to be disabled before initialization.
+ Included new Jetty Logo
+ Implemented web.xml servlet mapping to a JSP
+ Fixed handling of directories without trailing /
Jetty-3.0.2 - 13 Jan 2001
+ Replaced ResourceHandler FIFO cache with LRU cache.
+ Greatly improved buffering in ChunkableOutputStream
+ Padded error bodies for IE bug.
+ Improved HTML.Block efficiency
+ Improved jetty.bat
+ Improved
+ Handle unknown status reasons in HttpResponse
+ Ignore included response updates rather than IllegalStateException
+ Removed classloading stats which were causing circular class loading problems
+ Allow '+' in path portion of a URL.
+ Try ISO8859_1 encoding if can't find ISO-8859-1
+ Restructured demo site pages.
+ Context specific security permissions.
+ Added etc/jetty.policy as example policy file.
Jetty-3.0.1 - 20 Dec 2000
+ Fixed value unbind notification for session invalidation.
+ Removed double null check possibility from ServletHolder
Jetty-3.0.0 - 17 Dec 2000
+ Improved logging
+ Improved dtd resolution in XML parser.
+ Fixed taglib parsing
+ Fixed rel path handling in default configurations.
+ Optional extract war files.
+ Fixed WriterLogSink init bug
+ Use inner class to avoid double null check sync problems
+ Fixed rollover bug in WriterLogSink
Jetty-3.0.0.rc8 - 13 Dec 2000
+ Optional alias checking added to FileResource. Turned on by default
on all platforms without the "/" file separator.
+ Mapped *.jsp,*.jsP,*.jSp,*.jSP,*.Jsp,*.JsP,*.JSp,*.JSP
+ Tidied handling of ".", ".." and "//" in resource paths
+ Protected META-INF as well as WEB-INF in web applications.
+ Jetty.Server catches init exceptions per server
+ getSecurityHandler creates handler at position 0.
+ SysV unix init script
+ Improved exit admin handling
+ Change PathMap handling of /* to give precedence over suffix mapping.
+ Forward to welcome pages rather than redirect.
+ Removed special characters from source.


Default log options changed if in debug mode.

Removed some unused variables.
Added ForwardHandler
Removed security constraint on demo admin server.
Patched jasper to tomcat 3.2.1

Jetty-3.0.0.rc7 - 02 Dec 2000

+ Fixed security problem with lowercase WEB-INF uris on windows.
+ Extended security constraints (see README and WebApp Demo).
+ Set thread context classloader during handler start/stop calls.
+ Don't set MIME-Version in response.
+ Allow dynamic servlets to be served from /
+ Handle multiple inits of same servlet class.
+ Auto add a NotFoundHandler if needed.
+ Added NotFoundServlet
+ Added range handling to ResourceHandler.
+ CGI servlet handles not found better.
+ WEB-INF protected by NotFoundServlet rather than security constraint.
+ PUT, MOVE disabled in WebApplication unless defaults file is passed.
+ Conditionals apply to puts, dels and moves in ResourceHandler.
+ URIs accept all characters < 0xff.
+ Set the AcceptRanges header.
+ Depreciated RollOverLogSink and moved functionality to an
improved WriterLogSink.
+ Changed log options to less verbose defaults.
+ ThreadedServer.forceStop() now makes a connection to itself to handle non-pre
mptive close.
+ Double null lock checks use ThreadPool.__nullLockChecks.
+ Split Debug servlet out of Admin Servlet.
+ Added Com.mortbay.HTTP.Handler.Servlet.Context.LogSink attribute
to Servlet Context. If set, it is used in preference to the system log.
Jetty-3.0.0.rc6 - 20 Nov 2000
+ RequestDispatcher.forward() only resets buffer, not headers.
+ Added ServletWriter that can be disabled.
+ Resource gets systemresources from it's own classloader.
+ don't include classes in release.
+ Allow load-on-startup with no content.
+ Fixed RollOverFileLogSink bug with extra log files.
+ Improved Log defaults
+ Don't start HttpServer log sink on add.
+ Admin servlet uses unique links for IE.
+ Added Win32 service support
+ Reduced risk of double null check sync problem.
+ Don't set connection:close for normal HTTP/1.0 responses.
+ RequestDispatcher new queries params replace old.
+ Servlet init order may be negative.
+ Corrected a few of the many spelling mistakes.
+ Javadoc improvements.
+ Webapps serve dynamics servlets by default.
+ Warn for missing WEB-INF or web.xml
+ Sessions try version 1 cookies in set-cookie2 header.
+ Session cookies are given context path
+ Put extra server and servlet info in header.
+ Version details in header can be suppressed with System property
+ Prevent reloading dynamic servlets at different paths.
+ Implemented resource aliases in HandlerContext - used by Servlet Context
+ Map tablib configuration to resource aliases.
+ Implemented customizable error pages.

+ Simple stats in ContextLoader.

+ Allow HttpMessage state to be manipulated.
+ Allow multiple set cookies.
Jetty-3.0.0.rc5 - 12 Nov 2000
+ Default writer encoding set by mime type if not explicitly set.
+ Relax webapp rules, accept no web.xml or no WEB-INF
+ Pass flush through ServletOut
+ Avoid jprobe race warnings in DateCache
+ Allow null cookie values
+ Servlet exceptions cause 503 unavailable rather than 500 server error
+ RequestDispatcher can dispatch static resources.
+ Merged DynamicHandler into ServletHandler.
+ Added debug form to Admin servlet.
+ Implemented servlet load ordering.
+ Moved JSP classpath hack to ServletHolder
+ Removed Makefile build system.
+ Many javadoc cleanups.
Jetty-2.4.9 - 12 Nov 2000
+ HttpListener ignore InterruptedIOExceptions
+ HttpListener default max idle time = 20s
+ HtmlFilter handles non default encodings
+ Writing HttpRequests encodes path
+ HttpRequest.write uses ISO8859_1 encoding.
Jetty-3.0.0.rc4 - 6 Nov 2000
+ Provide default
+ Fixed mis-synchronization in ThreadPool.stop()
+ Fixed mime type mapping bug introduced in RC3
+ Ignore more IOExceptions (still visible with debug).
Jetty-3.0.0.rc3 - 5 Nov 2000
+ Changed ThreadPool.stop for IBM 1.3 JVM
+ Added bin/ run script.
+ upgraded build.xml to ant v1.2
+ Set MaxReadTimeMs in all examples
+ Further clean up of the connection close actions
+ Moved unused classes from com.mortbay.Util to com.mortbay.Tools in
new distribution package.
+ Handle mime suffixes containing dots.
+ Added gz tgz tar.gz .z mime mappings.
+ Fixed default mimemap initialization bug
+ Optimized persistent connections by recycling objects
+ Added HandlerContext.setHttpServerAccess for trusted contexts.
+ Set the thread context class loader in HandlerContext.handle
+ Prevent servlet setAttribute calls to protected context attributes.
+ Removed redundant context attributes.
+ Implemented mime mapping in webapplications.
+ Strip ./ from relative resources.
+ Added context class path dynamic servlet demo
Jetty-3.0.0.rc2 - 29 Oct 2000
+ Replaced ISO-8859-1 literals with StringUtil static
+ Pass file based classpath to JspServlet (see README).
+ Prevented multiple init of ServletHolder
+ ErlEncoding treats params without values as empty rather than null.
+ Accept public DTD for XmlConfiguration (old style still supported).
+ Cleaned up non persistent connection close.
+ Accept HTTP/1. as HTTP/1.0 (for netscape bug).

+ Fixed thread name problem in ThreadPool

Jetty-3.0.0.rc1 - 22 Oct 2000
+ Added simple admin servlet.
+ Added CGI to demo
+ Added HashUserRealm and cleaned up security constraints
+ Added Multipart request and response classes from Jetty2
+ Moved and simplified ServletLoader to ContextLoader.
+ Initialize JSP with classloader.
+ All attributes in javax. java. and com.mortbay. name spaces to be set.
+ Partial handling of 0.9 requests.
+ removed Thread.destroy() calls.
+ Cleaned up exception handling.
Jetty-2.4.8 23 Oct 2000
+ Fixed bug with 304 replies with bodies.
+ Improved win32 make files.
+ Fixed closing socket problem
Jetty-3.0.B05 - 18 Oct 2000
+ Improved null returns to get almost clean watchdog test.
+ Cleaned up response committing and flushing
+ Handler RFC2109 cookies (like any browser handles them!)
+ Added default webapp servlet mapping /servlet/name/*
+ Improved path spec interpretation by looking at 2.3 spec
+ Implemented security-role-ref for servlets
+ Protected servletConfig from downcast security problems
+ Made test harnesses work with ant.
+ improved ant documentation.
+ Removed most deprecation warnings
+ Fixed JarFileResource to handle jar files without directories.
+ Implemented war file support
+ Java2 style classloading
+ Improved default log format for clarity.
+ Separated context attributes and initParams.
Jetty-3.0.B04 - 12 Oct 2000
+ Restricted context mapping to simple model for servlets.
+ Fixed problem with session ID in paths
+ Added modified version of JasperB3.2 for JSP
+ Moved FileBase to docroot
+ Merged and renamed third party jars.
+ Do not try multiple servlets for a request.
+ Implemented Context.getContext(uri)
+ Added webdefault.xml for web applications.
+ Redirect to index files, so index.jsp works.
+ Filthy hack to teach jasper JspServer Jetty classpath
Jetty-3.0.B03 - 9th Oct 2000
+ Expanded import package.*; lines
+ Expanded leading tabs to spaces
+ Improved Context to Handler contract.
+ Parse but not handler startup ordering in web applications.
+ Send request log via a LogSink
+ Added append mode in RolloverFileLogSink
+ Made LogSink a Lifecycle interface
+ Improved handler toString
+ Redirect context only paths.
+ Pass object to LogSink
+ Implemented request dispatching.


Redo dynamic servlets handling

Improved Log rollover.
Simplified path translation and real path calculation.
Catch stop and destroy exceptions in HttpServer.stop()
Handle ignorable spaces in XmlConfiguration
Handle ignorable spaces in WebApplication
Warn about explicit sets of WebApplication
Remove 411 checks as IE breaks this rule after redirect.
Removed last remnants JDK 1.1 support
Added release script

Jetty-2.4.7 - 6th Oct 2000

+ Allow Objects to be passed to LogSink
+ Set content length on errors for keep alive.
+ Added encode methods to URI
+ Improved win32 build
+ fixes to SSL doco
+ Support key and keystore passwords
+ Various improvements to ServletDispatch, PropertyTree and
associated classes.
Jetty-3.0.B02 - 24st Aug 2000
+ Fixed LineInput bug with SSL giving CR pause LF.
+ Fixed HTTP/1.0 input close bug
+ Fixed bug in TestRFC2616
+ Improved ThreadedServer stop and destroy
+ Use resources in WebApplication
+ Added CGI servlet
Jetty-3.0.B01 - 21st Aug 2000
+ SSL implemented with JsseListener
+ Partial implementation of webapp securitycontraints
+ Implemented more webapp configuration
+ Switched to the aelfred XML parser from microstar, which is
only partially validating, but small and lightweight
Jetty-2.4.6 - 16th Aug 2000
+ Turn Linger off before closing sockets, to allow restart.
+ JsseListener & SunJsseListener added and documented
+ com.mortbay.Util.KeyPairTool added to handle openSSL SSL keys.
+ Minor changes to compile with jikes.
+ Added passive mode methods to FTP
Jetty-3.0.A99 - 10 Aug 2000
+ Implemented jetty.xml configuration
+ Added Xmlconfiguration utility
+ ServletLoader simplied and uses ResourcePath
+ Replaced FileHandler with ResourceHandler
+ Use SAX XML parsing instead of DOM for space saving.
+ Removed FileBase. Now use ResourceBase instead
+ Added Resource abstraction
+ Make it compile cleanly with jikes.
+ Re-added commented out imports for JDK-1.1 compile
Jetty-3.0.A98 - 20 July 2000
+ Implemented Jetty demos and Site as Web Application.
+ Implemented WebApplicationContext
+ Switched to JDK1.2 only
+ ServletRequest.getServerPort() returns 80 rather than 0
+ Fixed constructor to RolloverFileLogSink

+ Improved synchronization on LogSink

+ Allow HttpRequest.toString() handles bad requests.
Jetty-3.0.A97 - 13 July 2000
+ Tempory request log implementation
+ Less verbose debug
+ Better tuned SocketListener parameters
+ Started RequestDispatcher implementation.
+ Added WML mappings
+ Fixed makefiles for BSD ls
+ Fixed persistent commits with no content (eg redirect+keep-alive).
+ Implemented servlet isSecure().
+ Implemented servlet getLocale(s).
+ Formatted version in server info string.
+ Protect setContentLength from a late set in default servlet
HEAD handling.
+ Added error handling to LifeCycleThread
+ implemented removeAttribute on requests
Jetty-2.4.5 - 9th July 2000
+ Don't mark a session invalid until after values unbound.
+ Formatted version in server info.
+ Added HtmlExpireFilter and removed response cache
revention from HtmlFilter.
+ Fixed transaction handling in JDBC wrappers
Jetty-3.0.A96 - 27 June 2000
+ Fixed bug with HTTP/1.1 Head reqests to servlets.
+ Supressed un-needed chunking EOF indicators.
Jetty-3.0.A95 - 24 June 2000
+ Fixed getServletPath for default "/"
+ Handle spaces in file names in FileHandler.
Jetty-3.0.A94 - 19 June 2000
+ Implemented Sessions.
+ PathMap exact matches can terminate with ; or # for
URL sessions and targets.
+ Added HandlerContext to allow grouping of handlers into
units with the same file, resource and class configurations.
+ Cleaned up commit() and added complete() to HttpResponse
+ Updated license to clarify that commercial usage IS OK!
Jetty-3.0.A93 - 14 June 2000
+ Major rethink! Moved to 2.2 servlet API
+ Lots of changes and probably unstable
Jetty-3.0.A92 - 7 June 2000
+ Added HTML classes to jar
+ Fixed redirection bug in FileHandler
Jetty-2.4.4 - 3rd June 2000
+ Many debug call optimizations
+ Added RolloverFileLogSink
+ Improved LogSink configuration
+ Support expansions in PropertyTrees.
+ Added to contrib
+ HttpRequest.setRequestPath does not null pathInfo.
+ BasicAuthHandler uses getResourcePath so it can be used
behind request dispatching

+ Added HTML.Composite.replace
+ FileHandler implements IfModifiedSince on index files.
+ Added build-win32.mak
Jetty-3.0.A91 - 3 June 2000
+ Improved LogSink mechanism
+ Implemented realPath and getResource methods for servlets.
+ Abstracted ServletHandler
+ Simplified HttpServer configuration methods and arguments
+ Simplified class loading
+ Added HTML classes from Jetty2
Jetty-3.0.A9 - 7 May 2000
+ Improvided finally handling of output end game.
+ Fixed double chunking bug in SocketListener.
+ File handler checks modified headers on directory indexes.
+ ServletLoader tries unix then platform separator for zip separator.
Jetty-3.0.A8 4th May 2000
+ Servlet2_1 class loading re-acrchitected. See README.
+ Moved Sevlet2_1 handler to com.mortbay.Servlet2_1
+ addCookie takes an int maxAge rather than a expires date.
+ Added LogSink extensible log architecture.
+ Code.ignore only outputs when debug is verbose.
+ Added Tenlet class for reverse telnet.
Jetty-2.4.3 - 4th May 2000 STABLE
+ Pass Cookies with 0 max age to browser.
+ Allow CRLF in UrlEncoded
Jetty-2.4.2 - 23rd April 2000
+ Added LogSink and FileLogSink classes to allow extensible
Log handling.
+ Handle nested RequestDispatcher includes.
+ Modified GNUJSP to prevent close in nested requests.
+ Added GNUJSP to JettyServer.prp file.
Jetty-3.0.A7 - 15 Apr 2000
+ Include java 1.2 source hierarchy
+ removed excess ';' from source
+ fixed flush problem with chunked output for IE5
+ Added InetGateway to help debug IE5 problems
+ added removeValue method to MultiMap
Jetty-2.4.1 - 9th April 2000
+ Removed debug println from ServletHolder.
+ Set encoding before exception in FileHandler.
+ Fixed bug in HtmlFilter for tags split between writes.
Jetty-3.0.A6 - 9 Apr 2000
+ Integrated skeleton 2.1 Servlet container
+ Improved portability of Frame and Debug.
+ Dates forced to use US locale
+ Removed Converter utilities and InetGateway.
+ added bin/useJava2Collections to convert to JDK1.2
Jetty-2.4.0 - 24th March 2000
+ Upgraded to gnujsp 1.0.0
+ Added per servlet resourceBase configuration.
+ Absolute URIs are returned by getRequestURI (if sent by browser).


Improved parsing of stack trace in debug mode.

Implemented full handling of cookie max age.
Moved SetUID native code to contrib hierarchy
Form parameters only decoded for POSTs
RequestDispatcher handles URI parameters
Fixed bug with RequestDispatcher.include()
Fixed caste problem in UrlEncoded
Fixed null pointer in ThreadedServer with stopAll
Added VirtualHostHandler for virtual host handling
Added doc directory with a small start

Jetty-2.3.5 - 25th January 2000

+ Fixed nasty bug with HTTP/1.1 redirects.
+ ProxyHandler sends content for POSTs etc.
+ Force locale of date formats to US.
+ Fixed expires bug in Cookies
+ Added configuration option to turn off Keep-Alive in HTTP/1.0
+ Allow configured servlets to be auto reloaded.
+ Allow properties to be configured for dynamic servlets.
+ Added contrib/com/kiwiconsulting/jetty JSSE SSL adaptor to release.
Jetty-2.3.4 - 18th January 2000
+ include from linux rather than genunix for native builds
+ Fixed IllegalStateException handling in DefaultExceptionHandler
+ MethodTag.invoke() is now public.
+ Improved HtmlFilter.activate header modifications.
+ Cookie map keyed on domain as well as name and path.
+ DictionaryConverter handles null values.
+ URI decodes applies URL decoding to the path.
+ Servlet properties allow objects to be stored.
+ Fixed interaction with resourcePaths and proxy demo.
Jetty-3.0.A5 - 19 Oct 1999
+ Use ISO8859_1 instead of UTF8 for headers etc.
+ Use char array in UrlEncoded.decode
+ Do our own URL string encoding with 8859-1
+ Replaced LF wait in LineInput with state boolean.
Jetty-2.3.3 - 19th October 1999 STABLE
+ Replaced UTF8 encoding with ISO-8859-1 for headers.
+ Use UrlEncoded for form parameters.
+ Do our own URL encoding with ISO-8859-1
+ HTTP.HTML.EmbedUrl uses contents encoding.
Jetty-2.3.2 - 17th October 1999
+ Fixed getReader bug with HttpRequest.
+ Updated UrlEncoded with Jetty3 version.
Jetty-3.0.A4 - 16 Oct 1999
+ Request attributes
+ Basic Authentication Handler.
+ Added LF wait after CR to LineInput.
+ UTF8 in UrlDecoded.decodeString.
Jetty-2.3.1 - 14th October 1999
+ Force UTF8 for FTP commands
+ Force UTF8 for HTML
+ Changed demo servlets to use writers in preference to outputstreams
+ NullHandler/Server default to load

+ Use UTF8 in HTTP headers

+ Added Oracle DB adapter
+ Added assert with no message to Code
+ ThreadedServer calls setSoTimeout(_maxThreadIdleMs) on
accepted sockets. Idle reads will timeout.
+ Prevented thread churn on idle server.
+ HTTP/1.0 Keep-Alive (about time!).
+ Fixed GNUJSP 1.0 resource bug.
Jetty-3.0.A3 - 14 Oct 1999
+ Added LifeCycle interface to Utils implemented by
ThreadPool, ThreadedServer, HttpListener & HttpHandler
+ StartAll, stopAll and destroyAll methods added to HttpServer.
+ MaxReadTimeMs added to ThreadedServer.
+ Added service method to HttpConnection for specialization.
Jetty-3.0.A2 - 13 Oct 1999
+ UTF8 handling on raw output stream.
+ Reduced flushing on writing response.
+ Fixed LineInput problem with repeated CRs
+ Cleaned up Util TestHarness.
+ Prevent entity content for responses 100-199,203,304
+ Added cookie support and demo.
+ HTTP/1.0 Keep-alive (about time!)
+ Virtual Hosts.
+ NotFound Handler
+ OPTION * Handling.
+ TRACE handling.
+ HEAD handling.
Jetty-3.0.A1 - 12 Oct 1999
+ LineInput uses own buffering and uses character encodings.
+ Added MultiMap for common handling of multiple valued parameters.
+ Added parameters to HttpRequest
+ Quick port of FileHandler
+ Setup demo pages.
+ Added PathMap implementing mapping as defined in the 2.2 API
specification (ie. /exact, /prefix/*, *.extention & default ).
+ Added HttpHandler interface with start/stop/destroy lifecycle
+ Updated HttpListener is start/stop/destroy lifecycle.
+ Implemented simple extension architecture in HttpServer.
Jetty-3.0.A0 - 9 Oct 1999
+ Started fresh repository in CVS
+ Moved com.mortbay.Base classes to com.mortbay.Util
+ Cleanup of UrlEncoded, using 1.2 Collections.
+ Cleanup of URI, using 1.2 Collections.
+ Extended URI to handle absolute URLs
+ Cleanup of LineInput, using 1.2 Collections.
+ Moved HttpInput/OutputStream to ChunkableInput/OutputStream.
+ Cleaned up chunking code to use LineInput and reduce buffering.
+ Added support for transfer and content encoding filters.
+ Added support for servlet 2.2 outbut buffer control.
+ Generalized notification of outputStream events.
+ Split HttpHeader into HttpFields and HttpMessage.
+ HttpMessage supports chunked trailers.
+ HttpMessage supports message states.
+ Added generalized HTTP Connection.
+ Cleanup of HttpRequest and decoupled from Servlet API
+ Cleanup and abstraction of ThreadPool.


ThreadedServer based on ThreadPool.

Cleanup of HttpResponse and decoupled from Servlet API
Created RFC2616 test harness.
gzip and deflate request transfer encodings
TE field coding and trailer handler
HttpExceptions now produce error pages with specific detail
the exception.

Jetty-2.3.0 - 5th October 1999

+ Added SetUID class with native Unix call to set the
effective User ID.
+ FTP closes files after put/get.
+ FTP uses InetAddress of command socket for data socket.
Jetty-2.3.0A - 22 Sep 1999
+ Added GNUJSP 1.0 for the JSP 1.0 API.
+ Use javax.servlet classes from JWSDK1.0
+ Added "Powered by Jetty" button.
+ ServerContext available to HtmlFilters via context param
+ Made session IDs less predictable and removed race.
+ Added file.
+ Expanded tabs to spaces in source.
Jetty-2.2.8 - 15 Sep 1999
+ Fixed bug in Element.attribute with empty string values.
+ Made translation of getRequestURI() optional.
+ Removed recursion from TranslationHandler
+ Added disableLog() to turn off logging.
+ Allow default table attributes to be overriden.
+ Improved quoting in HTML element values
Jetty-2.2.7 - 9 Sep 1999
+ Reverted semantics of getRequestURI() to return untranslated URI.
+ Added GzipFilter for content encoding.
+ Added default row, head and cell elements to Table.
+ FileHandler passes POST request through if the file does not exist.
Jetty-2.2.6 - 5 Sep 1999
+ New implementation of ThreadPool, avoids a thread leak problem.
+ Fixed Cookie max age order of magnitude bug.
+ Cookies always available from getCookies.
+ Cookies parameter renamed to CookiesAsParameters
+ HttpRequest.getSession() always returns a session as per
the latest API spec.
+ Added destroy() method on all HttpHandlers.
+ ServletHandler.destroy destroys all servlets.
+ FileHandler does not server files ending in '/'
+ Ignore duplicate single valued headers, rather than
reply with bad request, as IE4 breaks the rules.
+ Allow the handling of getPathTranslated to
be configured in ServletHandler.
+ Removed JRUN options from ServletHandler configuration.
+ Added ServletRunnerHandler to the contrib directories.
+ Updated HTML package to better support CSS:
- cssClass, cssID and style methods added to element.
- SPAN added to Block
- media added to Style
- class StyleLink added.
Jetty-2.2.5 - 19 Aug 1999

+ Fixed bug with closing connections in ThreadedServer

+ Made start and stop non final in ThreadedServer
+ Better default handling of ServletExceptions
+ Always close connection after a bad request.
+ Set Expires header in HtmlFilter.
+ Don't override the cookie as parameter option.
+ Limited growth in MultiPartResponse boundary.
+ Improved error messages from Jetty.Server.
+ Close loaded class files so Win32 can overwrite
them before GC (what a silly file system!).
Jetty-2.2.4 - 2 Aug 1999
+ ThreadedServer can use subclasses of Thread.
+ Better help on Jetty.Server
+ HttpRequests may be passed to HttpFilter constructors.
+ HtmlFilter blanks IfModifiedSince headers on construction
+ Fixed bugs in HtmlFilter parser and added TestHarness.
+ Improved cfg RCS script.
Jetty-2.2.3 - 27 July 1999
+ Fixed parser bug in HtmlFilter
+ Made setInitialize public in ServletHolder
+ Improved performance of com.mortbay.HTML.Heading
+ Added stop call to HttpServer, used by Exit Servlet.
+ Simplified JDBC connection handling so that it works
with Java1.2 - albeit less efficiently.
+ FileHandler defaults to allowing directory access.
+ JDBC tests modified to use cloudscape as DB.
Jetty-2.2.2 - 22 July 1999
+ Fixed bug in HtmlFilter that prevented single char buffers
from being written.
+ Implemented getResourceAsStream in FileJarServletLoader
+ Fixed bug with CLASSPATH in FileJarServletLoader after attempt
to load from a jar.
+ Fixed bug in com.mortbay.Util.IO with thread routines.
+ Moved more test harnesses out of classes.
+ File handler passes through not allowed options for
non existant files.
+ NotFoundHandler can repond with SC_METHOD_NOT_ALLOWED.
+ Improved com.mortbay.Base.Log handling of different JVMs
+ Minor fixes to README
Jetty-2.2.1 - 18 July 1999
+ Comma separate header fields.
+ Protect against duplicate single valued headers.
+ Less verbose debug in PropertyTree
+ Ignore IOException in when closing.
+ Limit maximum line length in HttpInputStream.
+ Response with SC_BAD_REQUEST rather than close in more
+ Handle continuation lines in HttpHeader.
+ HtmlFilter resets last-modified and content-length headers.
+ Implemented com.mortbay.Util.IO as a ThreadPool
+ Decoupled ExceptionHandler configuration from Handler stacks.
Old config style will produce warning and Default behavior.
See new config file format for changes.
+ Added TerseExceptionHandler
+ Added optional resourceBase property to HttpConfiguration. This
is used as a URL prefix in the getResource API and was suggested

by the JSERV and Tomcat implementors.

Jetty-2.2.0 - 1 July 1999
+ Improved feature description page.
+ Added Protekt SSL HttpListener
+ Moved GNUJSP and Protekt listener to a contrib hierarchy.
+ ThreadedServer.stop() closes socket before interrupting threads.
+ Exit servlet improved (a little).
+ Fixed some of the javadoc formatting.
Jetty-2.2.Beta4 - 29 June 1999
+ FileHandler flushes files from cache in DELETE method.
+ ThreadedServer.stop() now waits until all threads are stopped.
+ Options "allowDir" added to FileHandler.
+ Added getGlobalProperty to Jetty.Server and used this to
configure default page type.
+ Updated README.txt
+ Restructured com.mortbay.Jetty.Server for better clarity and
+ Added comments to configuration files.
+ Made ServerSocket and accept call generic in ThreadedServer for
SSL listeners.
+ Altered meaning of * in PropertyTree to assist in abbreviated
configuration files.
+ Added JettyMinimalDemo.prp as an example of an abbreviated
+ Expanded Mime.prp file
+ Added property handling to ServletHandler to read JRUN
servlet configuration files.
Jetty-2.2.Beta3 - 22 June 1999
+ Re-implemented ThreadedServer to improve and balance performance.
+ Added file cache to FileHandler
+ Implemented efficient version of
ServletContext.getResourceAsStream() that does not open a
new socket connection (as does getResource()).
+ LookAndFeelServlet uses getResourceAsStream to get the file
to wrap. This allows it to benefit from any caching done and
to wrap arbitrary content (not just files).
+ Restructure demo so that LookAndFeel content comes from simple
handler stack.
+ Fixed file and socket leaks in Include and Embed tags.
+ Ran dos2unix on all text files
+ Applied contributed patch of spelling and typo corrections
+ Added alternate constructors to HTML.Include for InputStream.
+ Server.shutdown() clears configuration so that server may
be restarted in same virtual machine.
+ Improved Block.write.
+ Fixed bug in HttpResponse flush.
Jetty-2.2.Beta2 - 12 June 1999
+ Added all write methods to HttpOutputStream$SwitchOutputStream
+ Added com.mortbay.Jetty.Server.shutdown() for gentler shutdown
of server. Called from Exit servlet
+ HttpRequest.getParameterNames() no longer alters the order
returned by getQueryString().
+ Handle path info of a dynamic loaded servlets and
correctly set the servlet path.
+ Standardized date format in persistent cookies.

Jetty-2.2.Beta1 - 7 June 1999

+ Defined abstract ServletLoader, derivations of which can be
specified in HttpConfiguration properties.
+ Implemented all HttpServer attribute methods by mapping to the
HttpConfiguration properties. Dynamic reconfiguration is NOT
supported by these methods (but we are thinking about it).
+ Close files after use to avoid "file leak" under heavy load.
+ Fixed missing copyright messages from some contributions
+ Fixed incorrect version numbers in a few places.
+ Improved ThreadPool synchronization and added minThreads.
+ Allow configuration of MinListenerThreads, MaxListenerThreads,
+ HtmlFilter optimized for being called by a buffered writer.
+ Don't warn about IOExceptions unless Debug is on.
+ Limit the job queue only grow to the max number of threads.
+ Included GNUJSP 0.9.9
+ Optional use of DateCache in log file format
+ Fixed cache in FileJarServletLoader
+ Destroy requests and responses to help garbage collector.
+ Restructure ThreadedServer to reduce object creation.
Jetty-2.2.Beta0 - 31 May 1999
+ Servlet loader handles jar files with different files separator.
+ ThreadedServer gently shuts down.
+ Handle malformed % characters in URLs.
+ Included and improved version of ThreadPool for significant
performance improvement under high load.
+ HttpRequest.getCookies returns empty array rather than null for no
+ Added HttpResponse.requestHandled() method to avoid bug with
servlet doHead method.
+ Added Page.rewind() method to allow a page to be written multiple
+ Added "Initialize" attribute to servlet configuration to allow
servlet to be initialized when loaded.
+ LogHandler changed to support only a single outfile and optional
+ Included contributed com.mortbay.Jetty.StressTester class
+ Token effort to keep test files out of the jar
+ Removed support for STF
Jetty-2.2.Alpha1 - 7 May 1999
+ ServletHolder can auto reload servlets
+ Dynamic servlets can have autoReload configured
+ Wait for requests to complete before reloading.
+ Call destroy on old servlets when reloading.
+ Made capitalization of config file more consistent(ish)
+ Fixed bug in SessionDump
Jetty-2.2.Alpha0 - 6 May 1999
+ Improved PropertyTree implementation
+ Old Jetty.Server class renamed to Jetty.Server21
+ New Server class using PropertyTree for configuration
+ HttpHandlers given setProperties method to configure via Properties.
+ HttpListener class can be configured
+ Mime suffix mapping can be configured.
+ Removed historic API from sessions
+ Improved SessionDump servlet
+ Fixed date overflow in Cookies
+ HttpResponse.sendError avoids IllegalStateException


Added ServletLoader implementation if ClassLoader.

Dynamic loading of servlets.
Added reload method to ServletHolder, but no way to call it yet.
Changed options for FileServer
Implemented ServletServer
Removed SimpleServletServer

Jetty-2.1.7 - 22 April 1999

+ Fixed showstopper bug with getReader and getWriter in
requests and responses.
+ HttpFilter uses package interface to get HttpOutputStream
Jetty-2.1.6 - 21 April 1999
+ Reduced initial size of most hashtables to reduce
default memory overheads.
+ Throw IllegalStateException as required from gets of
input/output/reader/writer in requests/responses.
+ New simpler version of PropertyTree
+ Updated PropertyTreeEditor
+ Return EOF from HttpInputStream that has a content length.
+ Added additional date formats for HttpHeader.getDateHeader
Jetty-2.1.5 - 15 April 1999
+ Session URL encoding fixed for relative URLs.
+ Reduced session memory overhead of sessions
+ Form parameters protected against multiple decodes when redirected.
+ Added setType methods to com.mortbay.FTP.Ftp
+ Fixed bugs with invalid sessions
+ Page factory requires response for session encoding
+ Moved SessionHandler to front of stacks
+ HtmlFilter now expands <!=SESSION> to the URL encoded session if
+ Instrumented most of the demo to support URL session encoding.
+ Implemented HttpRequest.getReader()
+ Servlet log has been diverted to com.mortbay.Base.Log.event()
Thus debug does not need to be turned on to see servlet logs.
+ Fixed alignment bug in TableForm
+ Removed RFCs from package
+ Fixed bug in ServletDispatch for null pathInfo
Jetty-2.1.4 - 26 March 1999
+ Fixed problem compiling PathMap under some JDKs.
+ Reduced HTML dependence in HTTP package to allow minimal configuration
+ Tightened license agreement so that binary distributions are required
to include the license file.
+ HttpRequest attributes implemented.
+ Session max idle time implemented.
+ pathInfo returns null for zero length pathInfo (as per spec).
Sorry if this breaks your servlets - it is a pain!
+ fixed bug in getRealPath
+ getPathTranslated now call getRealPath with pathInfo (as per spec).
Jetty-2.1.3 - 19 March 1999
+ Added support for suffixes to PathMap
+ Included GNUJSP implementation of Java Server Pages
+ Use Java2 javadoc
Jetty-2.1.2 - 9 March 1999
+ JSDK 2.1.1
+ API documentation for JSDK 2.1.1

+ Cascading style sheet HTML element added.

+ Fixed trailing / bug in FileHandler (again!).
+ Converted most servlets to HttpServlets using do Methods.
Jetty-2.1.1 - 5 March 1999
+ Reduced number of calls to getRemoteHost for optimization
+ Faster version of HttpInputStream.readLine().
+ com.mortbay.Base.DateCache class added and used to speed date handling.
+ Handle '.' in configured paths (temp fix until PropertyTrees)
+ Fast char buffer handling in HttpInputStream
+ Faster version of
+ Faster version of HttpRequest
+ Size all StringBuffers
Jetty-2.1.0 - 22 February 1999
+ Session URL Encoding
+ PropertyTrees (see new Demo page)
+ ServletDispatch (see new Demo page)
+ image/jpg -> image/jpeg
+ Deprecated com.mortbay.Util.STF
+ getServlet methods return null.
Jetty-2.1.B1 - 13 February 1999
+ Fixed bug with if-modified-since in FileHandler
+ Added video/quicktime to default MIME types.
+ Fixed bug with MultipartRequest.
+ Updated DefaultExceptionHandler.
+ Updated InetAddrPort.
+ Updated URI.
+ Implemented Handler translations and getRealPath.
+ Improved handling of File.separator in FileHandler.
+ Implemented RequestDispatcher (NOT Tested!).
+ Implemented getResource and getResourceAsStream (NOT Tested!).
+ Replace package com.mortbay.Util.Gateway with
class com.mortbay.Util.InetGateway
Jetty-2.1.B0 - 30 January 1999
+ Uses JSDK2.1 API, but not all methods implemented.
+ Added support for PUT, MOVE, DELETE in FileHandler
+ FileHandler now sets content length.
+ Added plug gateway classes com.mortbay.Util.Gateway
+ Fixed command line bug with SimpleServletConfig
+ Minor changes to support MS J++ and its non standard
language extensions - MMMmmm should have left it unchanged!
Jetty-2.0.5 - 15 December 1998
+ Temp fix to getCharacterEncoding
+ added getHeaderNoParams
Jetty-2.0.4 - 10 December 1998
+ Use real release of JSDK2.0 (rather than beta).
+ Portability issues solved for Apple's
+ Improved error code returns
+ Removed MORTBAY_HOME support from Makefiles
+ Improved default Makefile behaviour
+ Implement getCharacterEncoding
Jetty-2.0.3 - 13 November 1998
+ Limit threads in ThreadedServer and low priority listener option
greatly improve performance under worse case loads.

+ Fix bug with index files for Jetty.Server. Previously servers

configured with com.mortbay.Jetty.Server would not handle
index.html files. Need to make this configurable in the prp file.
+ Fixed errors in README file: com.mortbay.Jetty.Server was called
Jetty-2.0.2 - 1 November 1998
+ Use JETTY_HOME rather than MORTBAY_HOME for build environment
+ Add thread pool to threaded server for significant
performance improvement.
+ Buffer files during configuration
+ Buffer HTTP Response headers.
Jetty-2.0.1 - 27 October 1998
+ Released under an Open Source license.
Jetty-2.0.0 - 25 October 1998
+ Removed exceptional case from FileHandler redirect.
+ Removed Chat demo (too many netscape dependencies).
+ Fixed Code.formatObject handling of null objects.
+ Added multipart/form-data demo.
Jetty-2.0.Beta3 - 29 Sep 1998
+ Send 301 for directories without trailing / in FileHandler
+ Ignore exception from HttpListener
+ Properly implemented multiple listening addresses
+ Added com.mortbay.Jetty.Server (see README.Jetty)
+ Demo converted to an instance of com.mortbay.Jetty.Server
+ Fixed Log Handler again.
+ Added com.mortbay.HTTP.MultiPartRequest to handle file uploads
Jetty-2.0Beta2 - July 1998
+ Fixed Log Handler for HTTP/1.1
+ Slight improvement in READMEEs
Jetty-2.0Beta1 - June 1998
+ Improved performance of Code.debug() calls, significantly
in the case of non matching debug patterns.
+ Fixed bug with calls to service during initialization of servlet
+ Provided addSection on com.mortbay.HTML.Page
+ Provided reset on com.mortbay.HTML.Composite.
+ Proxy demo in different server instance
+ Handle full URLs in HTTP requests (to some extent)
+ Improved performance with special asciiToLowerCase
+ Warn if MSIE used for multi part MIME.
Jetty-2.0Alpha2 - May 1998
+ JDK1.2 javax.servlet API
+ Added date format to Log
+ Added timezone to Log
+ Handle params in getIntHeader and getDateHeader
+ Removed HttpRequest.getByteContent
+ Use javax.servlet.http.HttpUtils.parsePostData
+ Use javax.servlet.http.Cookie
+ Use javax.servlet.http.HttpSession
+ Handle Single Threaded servlets with servlet pool
Jetty-1.3.5 May 1998
+ Fixed socket inet bug in FTP
+ Debug triggers added to com.mortbay.Base.Code

+ Added date format to Log

+ Correct handling of multiple parameters
Jetty-2.0Alpha1 Wed 8 April 1998
+ Fixed forward bug with no port number
+ Removed HttpRequestHeader class
+ Debug triggers added to com.mortbay.Base.Code
+ Handle HTTP/1.1 Host: header
+ Correct formatting of Date HTTP headers
+ HttpTests test harness
+ Add HTTP/1.1 Date: header
+ Handle file requests with If-Modified-Since: or If-Unmodified-Since:
+ Handle HEAD properly
+ Send Connection: close
+ Requires Host: header for 1.1 requests
+ Sends chunked data for 1.1 responses of unknown length.
+ handle extra spaces in HTTP headers
+ Really fixed handling of multiple parameters
+ accept chunked data
+ Send 100 Continue for HTTP/1.1 requests (concerned about push???)
+ persistent connections
Jetty-1.3.4 - Sun 15 Mar 1998
+ Fixed handling of multiple parameters in query and form content.
"?A=1%2C2&A=C%2CD" now returns two values ("1,2" & "C,D") rather
than 4.
+ ServletHandler now takes an optional file base directory
name which is used to set the translated path for pathInfo in
servlet requests.
+ Dump servlet enhanced to exercise these changes.
+ Fixed TableForm.addButtonArea bug.
+ TableForm.extendRow() uses existing cell
+ Closed exception window in
+ Fixed proxy bug with no port number
+ Added per Table cell composite factories
+ Minor fixes in SmtpMail
+ ForwardHandler only forwards as http/1.0 (from Tobias.Miller)
+ Improved parsing of stack traces
+ Better handling of InvocationTargetException in debug
+ Minor release adjustments for Tracker
+ Added DbAdaptor to JDBC wrappers
+ Beta release of Tracker
+ Reintroduced STF
+ Fixed install bug for nested classes
+ Better Debug configuration
+ DebugServlet
+ Alternate look and feel for Jetty
+ Improved documentation

+ Improved connection caching in java.mortbay.JDBC
+ Moved HttpCode to com.mortbay.Util
+ Bug fixes
+ First release in com.mortbay package structure
+ Included Util, JDBC, HTML, HTTP, Jetty