File: CHANGELOG.md

package info (click to toggle)
trapperkeeper-webserver-jetty9-clojure 1.7.0-2
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 1,100 kB
  • sloc: xml: 531; java: 120; makefile: 24; sh: 10
file content (414 lines) | stat: -rw-r--r-- 15,373 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
## 2.0.0

The is a major release

* [TK-369](https://tickets.puppetlabs.com/browse/TK-369) Move Jetty dependency to 9.4.1

## 1.7.0

This is a feature and bugfix release.

* [SERVER-1695](https://tickets.puppetlabs.com/browse/SERVER-1695) Add an
optional `request-body-max-size` setting for restricting the maximum
`Content-Length` allowed for requests.
* [TK-429](https://tickets.puppetlabs.com/browse/TK-429) Fix for the ability
to gzip-encode response bodies when an access log is configured.

## 1.6.0

This is a "feature" release.

* Added a new function `request-path` to the WebsocketProtocol
* [TK-410](https://tickets.puppetlabs.com/browse/TK-410) Add the i18n library
as a dependency and use it to externalize strings.

## 1.5.10

This is a maintenance release.

* Remove unneeded logback-access dependency

## 1.5.9

This is a maintenance release.

* Upgrade ring-servlet and related dependencies to 1.4.0

## 1.5.8

This is a maintenance release.

* Upgrade java.jmx dependency to 0.3.1

## 1.5.7

This is a bugfix release.

* [TK-372](https://tickets.puppetlabs.com/browse/TK-372) Fix a memory leak that
  occurred when a SIGHUP was used to restart services and at least one webserver
  has Jetty's JMX metrics enabled.

## 1.5.6

This is a security release.

* [TK-343](https://tickets.puppetlabs.com/browse/TK-343) Support a new
  option for handler registrations, `normalize-request-uri`, which can be
  used to request that the URI path component is sanitized before the
  handler is invoked for a request and that `.getRequestURI` calls made by
  the handler return a path that has been percent-decoded.

## 1.5.5

This is a bugfix and maintenance release.

* [TK-333](https://tickets.puppetlabs.com/browse/TK-333) Tolerate multiple
  calls to `stop` by ensuring that the server shuts down and cleans up mbeans in
  an idempotent way.
* Upgrade Trapperkeeper dependency to 1.3.1
* Upgrade Clojure dependency to 1.7.0

## 1.5.4

This is a bugfix release.

* [TK-338](https://tickets.puppetlabs.com/browse/TK-338) Handle the
  `TimeoutException` that Jetty throws if its `stopTimeout` is reached
  before it can gracefully complete all of the open requests.  Ensures
  that the server will be restarted during a HUP even if the timeout
  occurs.

## 1.5.3

This version number was burned due to an error during the release/deploy
process.

## 1.5.2

This is a maintenance release.

* Make `org.clojure/java.jmx` a top-level dependency so that it can be
  pulled in automatically via a transitive dependency by consumers of the
  testutils jar.

## 1.5.1

This is a bugfix release.

* [TK-301](https://tickets.puppetlabs.com/TK-301) Fix a memory leak related
  to Jetty's JMX metrics; this leak is only relevant if using the recent
  HUP support released in Trapperkeeper 1.3.0.

## 1.5.0

This is a "feature" release.

* Added new function `get-server` to web routing service.

## 1.4.1

This is a bugfix release.

* [TK-270](https://tickets.puppetlabs.com/TK-270) Fix a bug that prevented
  the use of 1-arity WebsocketProtocol/close!.

## 1.4.0

This is a feature and maintenance release.

* [TK-247](https://tickets.puppetlabs.com/TK-247) Added tests for Path
  Traversal Attacks.
* Add experimental support for websockets via the `add-websockets-handler`
  function in the WebserverService and WebroutingService and corresponding
  client protocol WebsocketProtocol.
* Updated ssl-utils dependency to 0.8.1

## 1.3.1

This is a maintenance release.

* [TK-195](https://tickets.puppetlabs.com/browse/TK-195) Update prismatic
  dependencies to the latest versions

## 1.3.0

This is a "feature" and security release.

* [TK-178](https://tickets.puppetlabs.com/browse/TK-178) Upgraded Jetty version
  dependency to v9.2.10.  Jetty v9.2.10 includes changes made in the Jetty
  v9.2.9 release to address a critical security vulnerability with data
  potentially being leaked across requests.  See https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
  for more information.  For a rollup of changes included in the Jetty v9.2.10
  release, see https://github.com/eclipse/jetty.project/blob/jetty-9.2.10.v20150310/VERSION.txt.

* [TK-168](https://tickets.puppetlabs.com/browse/TK-168) Default values for
  several settings will now derive from the underlying defaults that Jetty would
  use.  This effectively changes the defaults for the following settings:

  - `shutdown-timeout-seconds` in `webserver` section - 60 seconds -> 30 seconds

  - `:idle-timeout` for `add-proxy-route` - 60 seconds -> 30 seconds

* [TK-148](https://tickets.puppetlabs.com/browse/TK-148) Several related
  changes:

  - Default for `max-threads` in `webserver` section changed from 100 to
    200.

  - Exposed new settings for configuring the number of `acceptor-threads`
    and `selector-threads` that a Jetty webserver will use.

  - Removed work which would automatically bump the server's `max-threads` up
    to the minimum needed for the server to boot for the case that `max-threads`
    had not been configured but the server's minimum needed threads had
    exceeded the default `max-threads`.  The original work which enabled the
    automatic bump had been done in [TK-130](https://tickets.puppetlabs.com/browse/TK-130).

## 1.2.0

This is a feature release.

* Upgrade to version 9.2.8 of upstream Jetty.  We were previously at
  v9.1.0, which was over a year old.  The newer version contains some
  performance improvements and bug fixes for potential networking
  issues.
* [TK-140](https://tickets.puppetlabs.com/browse/TK-140)
  Expose new `so-linger-seconds` setting, which can be used to adjust the TCP
  SO_LINGER time.
* [TK-144](https://tickets.puppetlabs.com/browse/TK-144)
  Expose new `post-config-script` setting; this is for advanced / edge-case
  configuration needs.  If you need to modify a Jetty setting that we don't
  expose in our own config, you can provide a snippet of Java code to access
  the Jetty Server object directly and modify additional settings.
* [TK-133](https://tickets.puppetlabs.com/browse/TK-133)
  Support comma-delimited strings for the config value for `ssl-protocols`
  and `cipher-suites`.  This allows these settings to be used with older
  config file formats, such as ini.
* [TK-151](https://tickets.puppetlabs.com/browse/TK-151)
  Expose new `idle-timeout-milliseconds` setting, which can be used to tell
  Jetty to forcefully close a client connection if it is idle for a specified
  amount of time.

## 1.1.1

* [TK-82](https://tickets.puppetlabs.com/browse/TK-82)
  Add configuration option to control maximum number of
  open HTTP connections that Jetty will maintain.
* Upgrade trapperkeeper dependency to 1.0.1.
* Upgrade jvm-ssl-utils (previously known as jvm-certificate-authority)
  dependency to 0.7.0.

## 1.1.0

* [TK-130](https://tickets.puppetlabs.com/browse/TK-130)
  The default value for Jetty's maximum threadpool size is now
  calculated to ensure it can start up on a box with a large
  number of cores.

## 1.0.1

* This release adds an additional configuration option to
  `add-proxy-route` ([TK-110](https://tickets.puppetlabs.com/browse/TK-110)).

## 1.0.0

* Promoting previous version to 1.0.0 so that we can begin to
  be more deliberate about adhering to semver in the future.

## 0.9.0

This is a security release.

* [TK-96](https://tickets.puppetlabs.com/browse/TK-96): Define
  a default set of SSL protocols that the server should allow
  (TLSv1, TLSv1.1, TLSv1.2) and use them if the user doesn't
  explicitly set the `ssl-protocols` setting.

## 0.8.1

This is a minor bugfix release.

* Fix an issue wherein the default graceful shutdown
  timeout was not being set to 60 seconds.

## 0.8.0

* Adds a new option, `:redirect-if-no-trailing-slash`,
  that determines whether or not a 302 response will be
  returned when making requests to endpoints with registered
  handlers without a trailing slash on the end.
* By default, requests will now route through to a handler
  when no trailing slash is present on the request URL rather
  than returning a 302 response (which was the behavior in
  previous versions).
* Adds graceful shutdown support and a new option to the
  webserver config, `shutdown-timeout-seconds`, that allows
  users to set the stop timeout of the Jetty server.

## 0.7.7

This is a minor feature and bugfix release.

* Improves various error messages thrown by the
  Webrouting and Webserver services.
* Changes the data structure output by the
  `get-registered-endpoints` and `log-registered-endpoints`
  functions. Now, a map will be output where each key is
  an endpoint, with its value being an array containing
  information on every handler registered at that endpoint.
* Adds a new option to the webserver configuration,
  `access-log-config`, that allows configuration of request
  logging.
* [TK-84](https://tickets.puppetlabs.com/browse/TK-84)
  Query parameters were not being decoded when the URI was
  being rewritten in the reified ProxyServlet class, meaning
  they would get double encoded.
* Adds a new option to `add-proxy-route`,
  `failure-callback-fn`, which allows customization of
  HTTP Error Responses.

## 0.7.6

This is a dead release.

## 0.7.5

This is a minor feature release.

* [TK-75](https://tickets.puppetlabs.com/browse/TK-75)
  Adds a new option `gzip-enable` that can be used to
  enable/disable support for gzipping responses to
  requests that include an appropriate `Accept-Encoding`
  header.

## 0.7.4

This is a minor feature release.

* Adds a new option to both the `static-content` configuration
  setting in the webserver config and to the add-context-handler
  service function that allows symlinks to be followed when serving
  static content.

## 0.7.3

This is a minor feature release.

* Adds a new, optional `static-content` configuration setting to the
  webserver config.  This setting allows you to serve files on disk
  or resources in a jar as static assets at a given URL prefix,
  all via configuration.

## 0.7.2

This is a minor, backward-compatible feature and bugfix release.

* [TK-58](https://tickets.puppetlabs.com/browse/TK-58):
  `default-server` support did not work for some functions, such as
  `get-registered-endpoints`.
* Add support for SSL certificate chains, and new setting `ssl-cert-chain`
* Upgrade to Trapperkeeper 0.5.1

## 0.7.1

* [TK-53](https://tickets.puppetlabs.com/browse/TK-53):
  Add a `get-route` function to web routing service.
* [TK-33](https://tickets.puppetlabs.com/browse/TK-33):
  Add support for configuring proxy routes to automatically
  follow redirects from the remote server.
* In proxy configuration, add support for a callback function that
  can rewrite the URI before the request is proxied.
* [TK-45](https://tickets.puppetlabs.com/browse/TK-45):
  Add support for strings in addition to keywords when specifying the
  URI scheme for proxy requests.

## 0.7.0

* [TK-50](https://tickets.puppetlabs.com/browse/TK-50):
  Changes to "default" server handling in a multi-server configuration:
  * It is no longer required to specify a default server.  If a service function
    is called without specifying a `server-id` when there are multiple servers
    configured, an error will be thrown.
  * It is no longer required that the default server be named `default`;
    instead it is configured by specifying `default-server: true`
    in the configuration for the given server.
* [TK-51](https://tickets.puppetlabs.com/browse/TK-51):
  Added the ability to the specify `server-id` in the `WebroutingService`
  configuration, instead of forcing it to be done in code.
* Minor bug fixes and improvements:
    * [TK-48](https://tickets.puppetlabs.com/browse/TK-48),
      [TK-44](https://tickets.puppetlabs.com/browse/TK-44)


## 0.6.1
* Add configuration option `request-header-max-size`
* Increase default buffer sizes for request and response
* Update test dependencies to latest version of puppetlabs/http-client (0.2.1)

## 0.6.0
* The `WebserverService` can now run multiple Jetty servers, on different ports.
* Added a new `WebroutingService` to provide a centralized, configuration-based
  way to configure all of the URL paths at which services will register web applications
  (Ring handlers, Servlets, etc.)
* Added JMX reporting to the `jetty9-service`
* Added `get-registered-endpoints` and `log-registered-endpoints` functions
  to the `WebserverService`
* Minor bug fixes and improvements:
  * [TK-21](https://tickets.puppetlabs.com/browse/TK-21),
    [TK-22](https://tickets.puppetlabs.com/browse/TK-22),
    [TK-31](https://tickets.puppetlabs.com/browse/TK-31),
    [TK-43](https://tickets.puppetlabs.com/browse/TK-43)
* Upgraded trapperkeeper dependency to version 0.4.3
* Upgraded kitchensink dependency to version 0.7.2

## 0.5.2
 * Update trapperkeeper dependency to version 0.4.2.
 * Update kitchensink dependency to version 0.7.1.
 * Update certificate-authority dependency to 0.1.5.
 * Update http-client dev dependency to 0.1.7.
 * Stop is now called on the Jetty Server instance if an error occurs in Jetty
   code while the server is starting up.  This allows the process running
   Trapperkeeper to shut down properly after such an error has occurred.
 * Validation of the webserver configuration is now done via the use of
   Prismatic Schema.
 * A new webserver option, `ssl-crl-path`, can be used to configure a
   Certificate Revocation List that Jetty would use to validate client
   certificates for incoming SSL connections.

## 0.5.1
 * Upgrade trapperkeeper dependency to version 0.3.12
 * Upgrade kitchensink dependency to version 0.7.0
 * Replace clj-http dependency with [puppetlabs/http-client](https://github.com/puppetlabs/clj-http-client)
 * Update test/example configuration files to use HOCON instead of .ini files

## 0.5.0
 * Added new function `override-webserver-settings!`, which allows another
   service to provide overridden values for the webserver configuration.
 * Update to latest version of puppetlabs/kitchensink
 * Use puppetlabs/certificate-authority for all SSL-related tasks

## 0.4.0
 * Added new function `add-proxy-route`, which supports configuring the server to
   work as a reverse proxy for certain routes

## 0.3.5
 * Added a new service function, `add-context-handler`, which supports registering
   a context handler for static content, with optional support for context listeners
   via the `javax.servlet.ServletContextListener` interface.

## 0.3.4
 * Added support for registering WAR files via the `add-war-handler` service function.
 * Moved server creation from the `init` life cycle to the `start` life cycles.

## 0.3.3
 * Fix bug where even if no http `port` was specified in the webserver config,
   the Jetty webserver was still opening an http binding on port 8080.  An
   http port binding will now be opened only if a `port` is specified in the
   config file.
 * A config file can now optionally include a `client-auth` webserver setting.
   The setting specifies how the server validates the client certificate
   during the setup of an SSL connection.  The default behavior if the setting
   is not specified is the same as with prior releases; the server will
   require that the SSL client provide a certificate and that the certificate
   be valid.  For more information, refer to the [jetty-config.md]
   (doc/jetty-config.md) document.