Hello I'd like to announce new minor releases of Pax Web: 8.0.23 and 9.0.12.
Current runtime versions are: - Jetty 9.4.53.v20231009 (8.0.x) and 10.0.17 (9.0.x) - Tomcat 9.0.82 - Undertow 2.2.28.Final These are important fixes related to recent CVE-2023-44487: HTTP/2 Rapid Reset Attack <https://nvd.nist.gov/vuln/detail/CVE-2023-44487>. There's also a minor QoL improvements/fixes: - OSGi security (ServletContextHelper.handleSecurity()) - user was not visible in access log (thanks François de Parscau!) - Keycloak 19+ (up to 22) integration was not complete - Additional Tomcat valves (from context.xml) were removed on restart (thanks Stephan Siano!) - ServletContext.getServletContextName() returned wrong value for WABs (thanks Amichai Rothman!) For completeness, the changelogs are available for 8.0.23[1] and 9.0.12[2]. kind regards Grzegorz Grzybek === [1]: https://github.com/ops4j/org.ops4j.pax.web/milestone/252?closed=1 [2]: https://github.com/ops4j/org.ops4j.pax.web/milestone/253?closed=1