Undertow 2.3.0.Final released!

[Flavia Rainone]

Hi all,

I have the pleasure to announce that Undertow 2.3.0.Final is released. From this version on, Undertow supports Jakarta EE10 WebSockets and Servlet specs.

I want to thank Richard Opalka, who took care of completing Jakarta migration. I also want to thank Bartosz Baranowski, Ricardo M. Camarero, Brad Wood and Carter Kozak, for all your fixes and feedback.

If you need to stick with Javax EE namespace for now, you can continue using 2.2.x releases. That branch is going to be maintained for a while, meaning fixes are still being backported to it.

Here follows the full list of Jiras included in 2.3.0.Final:

Sub-task

• [UNDERTOW-1818] - AbstractServletInputStreamTestCase.runTestParallel fails with bytes out of order
• [UNDERTOW-1945] - ServletOutputStreamTestCase fails with Premature end of chunk coded message body
• [UNDERTOW-2047] - WebSocketClient13TestCase seems to hang
• [UNDERTOW-2058] - Session.getRequestURI() must return full URI not just request path
• [UNDERTOW-2084] - Adjust ServletResponse.setCharacterEncoding() behavior after spec clarification
• [UNDERTOW-2085] - Implement fallback locale to charset mapping if such mapping wasn't specified in DD
• [UNDERTOW-2086] - ASYNC and REQUEST dispatch types must return redirected path -> servlet mapping
• [UNDERTOW-2087] - All ServletContext modification methods must throw UnsupportedOperationException
• [UNDERTOW-2088] - All SessionCookieConfig modification methods must throw IllegalStateException
• [UNDERTOW-2089] - RFC 6265 treats the attributes of an RFC 2109 cookie as a separate cookies

Feature Request

• [UNDERTOW-1593] - Track processing time of in flight requests
• [UNDERTOW-2051] - Upgrade WebSocket API to 2.1.0
• [UNDERTOW-2052] - Upgrade Servlet API to 6.0

Bug

• [UNDERTOW-1357] - Difference between RequestProtocolAttribute and TransportProtocolAttribute
• [UNDERTOW-1902] - Undertow allows session creation and session ID change after response is committed.
• [UNDERTOW-1934] - onClose not called when network drops
• [UNDERTOW-1997] - SecurityPathMatches fails to match default path ('/')
• [UNDERTOW-2034] - Http2StreamSinkChannel.awaitWritable could throw "Out of control window" IOException before awaitWritable timeout has fully ellapsed
• [UNDERTOW-2035] - Http2StreamSinkChannel overrides awaitWritable() but does not override awaitWritable(long, TimeUnit)
• [UNDERTOW-2036] - AbstractFramedChannel.awaitWritable does not guard against spurious wakes
• [UNDERTOW-2048] - CVE-2022-2764 UndertowInputStream.close() blocks waiting to read= -1
• [UNDERTOW-2056] - CVE-2022-1259 Replace AbstractFramedStreamSinkChannel.awaitWritable by a timeout task
• [UNDERTOW-2060] - CVE-2022-1319 Double AJP response for 400 from EAP 7 results in CPING failures
• [UNDERTOW-2061] - IP address filter with netmask not working as expected
• [UNDERTOW-2066] - AbstractFramedChannel.freeNotifier checks for receivesSuspendedByUser instead of receivesSuspendedTooManyBuffers
• [UNDERTOW-2068] - AbstractFramedStreamSourceChannel read listener prevents read from running again
• [UNDERTOW-2069] - Filter.destroy can deadlock with running filter on shutdown
• [UNDERTOW-2070] - Empty reply from Undertow if sendRedirect is called after setting content length
• [UNDERTOW-2073] - JDK 8 / 11 updates breaking Undertow
• [UNDERTOW-2077] - ReferenceCountedPooled view close() is not truly idempotent
• [UNDERTOW-2079] - CPU spinning in AbstractFramedStreamSinkChannel
• [UNDERTOW-2080] - Use currentTimeMillis instead of nanoTime to measure times in awaitWritable
• [UNDERTOW-2082] - HTTP/2 doesn't reassemble cookie headers violating rfc7540 8.1.2.5
• [UNDERTOW-2083] - bad read timeout message
• [UNDERTOW-2091] - spotbugs-maven-plugin needs to be updated to work with JDK17
• [UNDERTOW-2092] - Update GitHub CI configuration to JDK11+
• [UNDERTOW-2093] - Fix spotbugs reported errors
• [UNDERTOW-2094] - Bad relative redirect is generated if app is mapped to trailing slash context
• [UNDERTOW-2095] - undertow-examples dependency duplicated in root pom.xml file
• [UNDERTOW-2097] - DMI_RANDOM_USED_ONLY_ONCE error reported by spotbugs
• [UNDERTOW-2098] - Update wildfly-openssl dependency
• [UNDERTOW-2102] - ServletPrintWriterDelegate throws exception using OpenJDK 19 EA
• [UNDERTOW-2111] - rewrite() handler doesn't guard against missing leading slash
• [UNDERTOW-2112] - Client Cert Renegotiation Test Case is failing
• [UNDERTOW-2113] - Read Timeout Test Case Fail on Windows with JDK17 due to different exception message
• [UNDERTOW-2116] - ServletOutputStreamImpl incorrectly sets Content-Length to 0
• [UNDERTOW-2122] - Javax imports in servlet tests
• [UNDERTOW-2124] - ProgramaticLazyEndpointTest and BinaryEndpointTest failures with JDK-17
• [UNDERTOW-2125] - ReadTimeoutStreamSourceConduit expires when connection is closed
• [UNDERTOW-2130] - Classes with annotation RunWith are triggered as TestCase.
• [UNDERTOW-2135] - Properly handle HTTP Continue with HTTP2 upgrade
• [UNDERTOW-2137] - Freed method can still create issues when queued max buffers are consumed
• [UNDERTOW-2140] - SSLSessionInfo.calculateKeySize(String cipherSuite) doesn't account for all cipher suits
• [UNDERTOW-2141] - NPE in ServletContextImpl after session timed out
• [UNDERTOW-2142] - ChunkedStreamSinkConduit write with a buffer array writes too few buffers
• [UNDERTOW-2147] - race condition between session invalidate and changeSessionId leads to UT000010
• [UNDERTOW-2159] - InMemorySessionManager#getSession - null check inconsistency
• [UNDERTOW-2160] - Enhance FileHandlerTestCase.testFileTransferLargeFile
• [UNDERTOW-2162] - Query parameters should not be canonicalized in servlet path when get request dispatcher
• [UNDERTOW-2163] - Predicate Language cannot set attribute to empty string
• [UNDERTOW-2166] - When both IDLE_TIMEOUT and READ_TIMEOUT are configured the minimum of both should be used
• [UNDERTOW-2168] - Fix OSGi build
• [UNDERTOW-2176] - ActiveRequestTrackerTest.testRequestTracking fails intermittently

Task

• [UNDERTOW-2049] - Move Undertow to JDK11
• [UNDERTOW-2050] - Move Undertow to Jakarta Specs by Default
• [UNDERTOW-2096] - Add Nexus repository to CI
• [UNDERTOW-2117] - Fix issues found by SonarQube
• [UNDERTOW-2174] - Remove batavia dependencies

Component Upgrade

• [UNDERTOW-2074] - Upgrade XNIO to 3.8.7.Final
• [UNDERTOW-2171] - Upgrade H2Database test dependency to 2.1.214
• [UNDERTOW-2172] - Upgrade Easymock to 4.3
• [UNDERTOW-2173] - Upgrade Jakarta Annotations API to 2.1.1
• [UNDERTOW-2175] - Upgrade JUnit to 4.13.2
• [UNDERTOW-2177] - Upgrade Netty to 4.1.82.final
• [UNDERTOW-2178] - Upgrade JBoss Class File Writer to 1.2.5.Final
• [UNDERTOW-2179] - Upgrade JBoss Logging to 3.4.3.Final
• [UNDERTOW-2180] - Upgrade JBoss LogManager to 2.1.19.Final
• [UNDERTOW-2181] - [CVE-2022-0084] Upgrade XNIO to 3.8.8.Final
• [UNDERTOW-2182] - Upgrade JBoss Threads to 3.5.0.Final
• [UNDERTOW-2183] - Upgrade WildFly Common to 1.6.0.Final

Enhancement

• [UNDERTOW-1771] - APIs deprecated in JDK 9+ are in use
• [UNDERTOW-1879] - Utilize o.w.common.Assert class for Null-Checks
• [UNDERTOW-1971] - Change in handling of concurrent session creation with id reuse
• [UNDERTOW-2067] - AbstractFramedChannel should hold from resuming reads immediately after max buffer queue is hit
• [UNDERTOW-2076] - Short circuit AbstractFramedChannel resume/suspendReceives operation
• [UNDERTOW-2109] - The large file is in unexpected location on JDK17
• [UNDERTOW-2131] - ContentEncodingRepository.getContentEncodings allocates many ArrayList iterators in hot path
• [UNDERTOW-2134] - Prevent testsuite from hanging forever when WebSocketClient13TestCase fails
• [UNDERTOW-2138] - Remove JDK8 support from ALPN providers
• [UNDERTOW-2145] - UndertowOutputStream and ServletOutputStreamImpl awaitWritable unnecessarily

Best regards,

Flavia Rainone

[Francisco A. Lozano]

Hi all, one question about this...Does it mean that there will be no Undertow version that will work with JEE 9 / Servlet 5.0 spec? 2.2.x works with JEE 8 / Servlet 4.0  if I understand correctly, and 2.3.0 jumps directly into Servlet 6.0. 

Francisco A. Lozano

--
You received this message because you are subscribed to the Google Groups "Undertow Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to undertow-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/undertow-dev/c501882b-b68e-4221-81ed-91d349b21d98n%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Richard Opalka]

Hello Francisco,

     Your understanding is correct. EE9 vs. EE8 was only about package renames from javax.* to jakarta.*.

Standard WildFly is using the same approach. Older WildFly supported EE8 and newer supports EE 10.

Richard

To view this discussion on the web visit https://groups.google.com/d/msgid/undertow-dev/CAP%2BgH5YCGa1cnDME8HDDwKTMZyrVaWN7nu4AUOxygWa1%3Du1-AA%40mail.gmail.com.