Special Thanks to the following Eclipse Jetty community members

• @mmadoo (Nicolas)

Changelog

• This release addresses and resolves CVE-2020-27223
• #5966 - jetty-home should not have a webapps/ directory
• #5962 - Fix SampleStatistic.toString: mean dispay the max (@mmadoo)
• #5959 - Unify the handling of ServletContainerInitializers
• #5939 - Use unwrapped exception as exception type for error handling
• #5937 - Unnecessary blocking in ResourceService
• #5933 - ClientCertAuthenticator is not taking account SslContext configuration
• #5926 - Implementation of HttpServletRequest.upgrade
• #5902 - Grab Jetty startup output in documentation
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
• #5882 - Simplify ALPN modules
• #5880 - Move test-simple-webapp to demos
• #5872 - Improve JMX support for Jetty logging
• #5868 - Cleaning up request attributes after websocket upgrade in Jetty 10
• #5866 - Support Programmatic WebSocket upgrade in Jetty 10
• #5861 - Fix bad refactor of WebSocket getMappings method.
• #5850 - NPE at WebSocketSession.java, public Principal getUserPrincipal() method
• #5803 - Temporary fix for challenged TCK test
• #5784 - Apache 2.0 license incorrectly stated as "secondary license" to EPL 2.0
• #5779 - Include can set pathInContext
• #5757 - Review Inferred vs Assumed charsets
• #5736 - Tries improvements
• #5706 - The WebSocket ServerUpgradeResponse can produce NPE in jetty 10.
• #5229 - WebSocket documentation in Jetty 10
• #4515 - Validation extension should not downcast CoreSession
• #4275 - Path Normalization/Traversal - Context Matching
• #1673 - jetty-demo/etc/keystore should not be distributed