Register | Log in

jetty9

Java servlet engine and webserver

Choose email to subscribe with

general

source: jetty9 (main)
version: 9.4.15-1
maintainer: Debian Java Maintainers (archive) [DMD]
uploaders: Emmanuel Bourg [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 9.2.21-1+deb9u1
stable-sec: 9.2.21-1+deb9u1
stable-bpo: 9.2.26-1~bpo9+1
testing: 9.4.15-1
unstable: 9.4.15-1

versioned links

9.2.21-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.2.26-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.4.15-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jetty9
libjetty9-extra-java
libjetty9-java

action needed

A new upstream version is available: 9.4.17 high

A new upstream version 9.4.17 is available, you should consider packaging it.

Created: 2019-04-13 Last update: 2019-04-24 21:07

lintian reports 1 error and 2 warnings high

Lintian reports 1 error and 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-14 Last update: 2019-03-14 13:03

Depends on packages which need a new maintainer normal

The packages that jetty9 depends on which need a new maintainer are:

apache2 (#910917)
- Depends: apache2-utils
lsb (#924519)
- Depends: lsb-base
dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2019-04-24 21:35

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-9735: Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2018-12536: In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.

Please fix them.

Created: 2017-06-16 Last update: 2019-04-06 12:41

news

[2019-03-07] jetty9 9.4.15-1 MIGRATED to testing (Debian testing watch)
[2019-02-25] Accepted jetty9 9.4.15-1 (source) into unstable (Emmanuel Bourg)
[2018-12-16] jetty9 9.4.14-1 MIGRATED to testing (Debian testing watch)
[2018-12-10] Accepted jetty9 9.4.14-1 (source) into unstable (Emmanuel Bourg)
[2018-12-04] Accepted jetty9 9.2.26-1~bpo9+1 (source all) into stretch-backports (Emmanuel Bourg)
[2018-09-10] jetty9 9.2.26-1 MIGRATED to testing (Debian testing watch)
[2018-09-05] Accepted jetty9 9.2.26-1 (source) into unstable (Emmanuel Bourg)
[2018-08-24] Accepted jetty9 9.2.21-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2018-08-19] Accepted jetty9 9.2.21-1+deb9u1 (source all) into stable->embargoed, stable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2018-07-09] jetty9 9.2.25-1 MIGRATED to testing (Debian testing watch)
[2018-07-03] Accepted jetty9 9.2.25-1 (source) into unstable (Emmanuel Bourg)
[2018-05-30] Accepted jetty9 9.2.24-1~bpo9+1 (source all) into stretch-backports (Emmanuel Bourg)
[2018-05-23] jetty9 9.2.24-1 MIGRATED to testing (Debian testing watch)
[2018-05-17] Accepted jetty9 9.2.24-1 (source) into unstable (Emmanuel Bourg)
[2018-03-06] Accepted jetty9 9.2.23-1~bpo8+1 (source all) into jessie-backports-sloppy, jessie-backports-sloppy (Emmanuel Bourg)
[2018-01-24] Accepted jetty9 9.2.23-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Emmanuel Bourg)
[2018-01-11] jetty9 9.2.23-1 MIGRATED to testing (Debian testing watch)
[2018-01-11] jetty9 9.2.23-1 MIGRATED to testing (Debian testing watch)
[2018-01-05] Accepted jetty9 9.2.23-1 (source) into unstable (Emmanuel Bourg)
[2017-12-20] jetty9 9.2.22-3 MIGRATED to testing (Debian testing watch)
[2017-12-14] Accepted jetty9 9.2.22-3 (source) into unstable (Emmanuel Bourg)
[2017-07-10] jetty9 9.2.22-2 MIGRATED to testing (Debian testing watch)
[2017-07-04] Accepted jetty9 9.2.22-2 (source) into unstable (Emmanuel Bourg)
[2017-06-25] jetty9 9.2.22-1 MIGRATED to testing (Debian testing watch)
[2017-06-19] Accepted jetty9 9.2.22-1 (source) into unstable (Emmanuel Bourg)
[2017-04-22] Accepted jetty9 9.2.21-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Emmanuel Bourg)
[2017-02-05] jetty9 9.2.21-1 MIGRATED to testing (Debian testing watch)
[2017-02-05] jetty9 9.2.21-1 MIGRATED to testing (Debian testing watch)
[2017-01-25] Accepted jetty9 9.2.21-1 (source all) into unstable (Emmanuel Bourg)
[2017-01-18] jetty9 9.2.20-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 6
RC: 1
I&N: 5
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 2)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 9.4.15-1
4 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing