The Jetty team is happy to announce the immediate availability new releases for both the Jetty 9.3.x and 9.4 branches.

Jetty 9.3.12.v20160915

This a maintenance release which includes several bug fixes and enhancements and it is recommended that users upgrade.

Highlights for this release include:

Documentation is now included as part of the distribution



Added a new Thread Limit handler

Fixed an issue causing MIMETypes to load incorrectly with OSGi

IPv6 support has been added in the InetAddressSet class as an alternative to IPAddressMap





Jetty 9.4.0.RC0

This is the first release candidate for the upcoming 9.4 branch and we encourage users to download the distribution for testing, compatibility, and for a preview of new functionality.







Highlights for this release include:

Several improvements to session management

Added support for SETTINGS_MAX_HEADER_LIST_SIZE in HTTP/2

Improved performance of HTTP/2 to avoid thread starvation





Both releases are available on the Eclipse Jetty project download page or from the Maven Central repository:



Documentation for these releases can be found on the Eclipse Jetty project site:

If you find any issues with either release, or if you want to suggest future enhancements, please file an issue on the Jetty GitHub page:

Commercial production and development support for Jetty are offered through Webtide ( www.webtide.com ). Please contact us for more information or email jesse@xxxxxxxxxxx to learn more.





Change logs for these releases are listed below.





Best Regards,

The Jetty Development Team





jetty-9.3.12.v20160915 - 15 September 2016

+ 56 Fix authn issues in LdapLoginModule

+ 131 Improve Connector Statistic names and values

+ 185 Implement RFC 7239 (Forwarded header)

+ 700 Bundle org.eclipse.jetty.http.spi not available via p2 repository

+ 725 Provide a private way to report security issues

+ 752 Implement support for HTTP2 SETTINGS_MAX_HEADER_LIST_SIZE

+ 759 Ensure wrapped Responses will close and commit outputstream or writer

+ 780 The moved websocket PathSpec is incompatible with cometd 3.0.x

+ 783 Report name of broken jar file

+ 784 JSP Session updated before sendRedirect() lose their information

+ 786 Buffering Response Handler

+ 790 AsyncContentListener semantic broken with HTTP/2 transport

+ 792 [HTTP/2] Socket seems to be not closed completely

+ 797 MimeTypes resource loading incorrect on OSGi

+ 798 async IO Write closed race

+ 804 setting default Url Encoding broken in Jetty >= 9.3

+ 806 Jetty HttpClient authentication - missing any realm option

+ 817 NPE in jndi Resource

+ 826 Better default for HTTP/2's max concurrent streams

+ 827 HTTPClient fails connecting to HTTPS host through an HTTP proxy

w/authentication

+ 830 Test webapp not properly copied to demo-base

+ 832 ServerWithJNDI example uses wrong webapp

+ 841 support reset in buffering interceptors

+ 844 Implement a Thread Limit Handler

+ 845 Improve blocking IO for data rate limiting.

+ 851 MBeanContainer no longer unregisters MBeans when "stopped"

+ 854 If container.destroy() is called, calling container.start() again should throw an IllegalStateException

+ 855 JMXify MBeanContainer

+ 860 Only TLS 1.2 Supported

+ 868 ClassLoader leak with Jetty and Karaf - static instances of java.lang.Throwable

+ 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class

+ 882 Add IPv6 support to IPAddressMap in jetty-util

+ 889 ConstantThrowable.name can be removed

+ 894 When adding servless class, preserve Class instead of going through String

+ 897 Remove GzipHandler interceptor when out of scope

+ 898 GzipHandler adds multiple Vary header

+ 902 Expect: 100-Continue does not work with HTTP/2

+ 909 Path and Domain not properly matched in addCookie()

+ 911 Request.getRequestURI() gets decoded after startAsync(req, resp) is invoked

+ 913 Unprotected debug in WebAppClassLoader

jetty-9.4.0.RC0 - 15 September 2016

+ 131 Improve Connector Statistic names and values

+ 572 Don't reject HTTP/2 requests without body in low threads mode

+ 725 Provide a private way to report security issues

+ 731 Update modules in Jetty 9.4

+ 806 Jetty HttpClient authentication - missing any realm option

+ 844 Implement a Thread Limit Handler

+ 845 Improve blocking IO for data rate limiting.

+ 851 MBeanContainer no longer unregisters MBeans when "stopped"

+ 854 If container.destroy() is called, calling container.start() again should throw an IllegalStateException

+ 855 JMXify MBeanContainer

+ 856 Add server/port and auth configuration for mongo sessions

+ 860 Only TLS 1.2 Supported

+ 868 ClassLoader leak with Jetty and Karaf - static instances of

java.lang.Throwable

+ 870 TLS protocol exclusion broken for SslContextFactory(String)

+ 880 Refactor jetty-http's HostPortHttpField logic into new jetty-util class

+ 882 Add IPv6 support to IPAddressMap in jetty-util

+ 889 ConstantThrowable.name can be removed

+ 890 Review MappedByteBufferPool

+ 894 When adding servless class, preserve Class instead of going through String

+ 897 Remove GzipHandler interceptor when out of scope

+ 898 GzipHandler adds multiple Vary header

+ 899 PathFinderTest fails in jetty-9.2.x

+ 902 Expect: 100-Continue does not work with HTTP/2

+ 906 Expose jetty juli log for jasper in osgi

+ 909 Path and Domain not properly matched in addCookie()

+ 911 Request.getRequestURI() gets decoded after startAsync(req, resp) is invoked

+ 913 Unprotected debug in WebAppClassLoader

+ 914 Regularize the naming of the session configuration properties

+ 922 Implements methods Connection.getBytes[In|Out]()