Visit Jetty Home Page
Jetty 9.4.x Release Notes
3 versions
Comprehensive release notes and changelog for Jetty 9.4.x, including security patches, bug fixes, and feature updates across all supported versions.
April 2026
9.4.61
Released Apr 10, 2026 Full Version:
9.4.61
Security Fixes
- JASPI access control escalation (CVE-2026-5795).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
9.4.58.
March 2026
9.4.60
Released Mar 6, 2026 Full Version:
9.4.60
Security Fixes
- HTTP Request Smuggling via Chunked Extension Quoted-String Parsing (CVE-2026-2332).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
9.4.58.
9.4.59
Released Mar 5, 2026 Full Version:
9.4.59
Security Fixes
- Fixed improper input validation in jetty-http where malformed URIs were parsed differently than other common parsers, potentially allowing blocklist bypass in multi-component systems (CVE-2025-11143).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
9.4.58.
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh