Update to 3.10.00.

This fixes some potential XSS in the included jquery, but there is no information if bastillion is vulnerable in some place or not. As all the action in bastillion happens after authentication, and is limited to what you enter yourself, it looks like the impact or attack surface of the jquery XSS on bastillion is low. ChangeLog: https://github.com/bastillion-io/Bastillion/releases/tag/v3.10.00 CVE: CVE-2020-11022 CVE: CVE-2020-11023
svn path=/head/; revision=536365
2020-05-24 07:37:51 +00:00 · 2020-05-24 07:37:51 +00:00 · 8c2bd809c9 · 2021-03-31 03:12:20 +00:00
commit 8c2bd809c9
parent ed5e8472a9
3 changed files with 84 additions and 119 deletions
--- a/security/bastillion/Makefile
+++ b/security/bastillion/Makefile
@ -2,7 +2,7 @@

 PORTNAME=		bastillion
 DISTVERSIONPREFIX=	jetty-v
-DISTVERSION=		3.09_00
+DISTVERSION=		3.10_00
 DISTFILES=		${DISTNAME}${EXTRACT_SUFX} \
 			${PORTNAME}-upgrade-3.08.00.jar
 PORTREVISION=		0
--- a/security/bastillion/distinfo
+++ b/security/bastillion/distinfo
@ -1,5 +1,5 @@
-TIMESTAMP = 1576156349
-SHA256 (bastillion-jetty-v3.09_00.tar.gz) = cd9f8d4f259bbf4cd6acdce137e8e618bc3d8f8cbf71c3f1e88199555da6c14c
-SIZE (bastillion-jetty-v3.09_00.tar.gz) = 19013323
+TIMESTAMP = 1590304775
+SHA256 (bastillion-jetty-v3.10_00.tar.gz) = 7ab85fa9d642163ff7c566f012d96a3f5e6dc8437efe9d80b856d1cc8037f013
+SIZE (bastillion-jetty-v3.10_00.tar.gz) = 19633616
 SHA256 (bastillion-upgrade-3.08.00.jar) = 8d18adc90d258b9a9de5e5865c9f632c563d0557ad9458b9f1082ede15ed074b
 SIZE (bastillion-upgrade-3.08.00.jar) = 3557485
--- a/security/bastillion/pkg-plist
+++ b/security/bastillion/pkg-plist
@ -74,26 +74,26 @@ jetty_bastillion/bastillion/WEB-INF/classes/jaas.conf
 jetty_bastillion/bastillion/WEB-INF/classes/log4j2.xml
 jetty_bastillion/bastillion/WEB-INF/jetty-env.xml
 jetty_bastillion/bastillion/WEB-INF/lib/attoparser-2.0.5.RELEASE.jar
-jetty_bastillion/bastillion/WEB-INF/lib/commons-codec-1.11.jar
+jetty_bastillion/bastillion/WEB-INF/lib/commons-codec-1.14.jar
 jetty_bastillion/bastillion/WEB-INF/lib/commons-configuration-1.10.jar
-jetty_bastillion/bastillion/WEB-INF/lib/commons-dbcp2-2.5.0.jar
-jetty_bastillion/bastillion/WEB-INF/lib/commons-fileupload-1.3.3.jar
+jetty_bastillion/bastillion/WEB-INF/lib/commons-dbcp2-2.7.0.jar
+jetty_bastillion/bastillion/WEB-INF/lib/commons-fileupload-1.4.jar
 jetty_bastillion/bastillion/WEB-INF/lib/commons-io-2.2.jar
 jetty_bastillion/bastillion/WEB-INF/lib/commons-lang-2.6.jar
-jetty_bastillion/bastillion/WEB-INF/lib/commons-lang3-3.8.1.jar
+jetty_bastillion/bastillion/WEB-INF/lib/commons-lang3-3.10.jar
 jetty_bastillion/bastillion/WEB-INF/lib/commons-logging-1.2.jar
-jetty_bastillion/bastillion/WEB-INF/lib/commons-pool2-2.6.0.jar
-jetty_bastillion/bastillion/WEB-INF/lib/core-3.3.3.jar
-jetty_bastillion/bastillion/WEB-INF/lib/gson-2.8.5.jar
-jetty_bastillion/bastillion/WEB-INF/lib/h2-1.4.199.jar
+jetty_bastillion/bastillion/WEB-INF/lib/commons-pool2-2.7.0.jar
+jetty_bastillion/bastillion/WEB-INF/lib/core-3.4.0.jar
+jetty_bastillion/bastillion/WEB-INF/lib/gson-2.8.6.jar
+jetty_bastillion/bastillion/WEB-INF/lib/h2-1.4.200.jar
 jetty_bastillion/bastillion/WEB-INF/lib/javassist-3.20.0-GA.jar
 jetty_bastillion/bastillion/WEB-INF/lib/jsch-0.1.55.jar
-jetty_bastillion/bastillion/WEB-INF/lib/lmvc-1.04.00.jar
-jetty_bastillion/bastillion/WEB-INF/lib/log4j-api-2.11.1.jar
-jetty_bastillion/bastillion/WEB-INF/lib/log4j-core-2.11.1.jar
-jetty_bastillion/bastillion/WEB-INF/lib/log4j-slf4j-impl-2.11.1.jar
+jetty_bastillion/bastillion/WEB-INF/lib/lmvc-1.06.00.jar
+jetty_bastillion/bastillion/WEB-INF/lib/log4j-api-2.13.3.jar
+jetty_bastillion/bastillion/WEB-INF/lib/log4j-core-2.13.3.jar
+jetty_bastillion/bastillion/WEB-INF/lib/log4j-slf4j-impl-2.13.3.jar
 jetty_bastillion/bastillion/WEB-INF/lib/ognl-3.1.12.jar
-jetty_bastillion/bastillion/WEB-INF/lib/slf4j-api-1.7.25.jar
+jetty_bastillion/bastillion/WEB-INF/lib/slf4j-api-1.7.30.jar
 jetty_bastillion/bastillion/WEB-INF/lib/thymeleaf-3.0.11.RELEASE.jar
 jetty_bastillion/bastillion/WEB-INF/lib/unbescape-1.1.6.RELEASE.jar
 jetty_bastillion/bastillion/WEB-INF/web.xml
@ -121,11 +121,11 @@ jetty_bastillion/bastillion/_res/inc/errors.html
 jetty_bastillion/bastillion/_res/inc/header.html
 jetty_bastillion/bastillion/_res/inc/navigation.html
 jetty_bastillion/bastillion/_res/js/bootstrap.js
-jetty_bastillion/bastillion/_res/js/jquery-3.4.1.js
+jetty_bastillion/bastillion/_res/js/jquery-3.5.1.js
 jetty_bastillion/bastillion/_res/js/jquery-ui.js
 jetty_bastillion/bastillion/_res/js/jquery.floatThead.js
-jetty_bastillion/bastillion/_res/js/tty/addons/fit/fit.js
-jetty_bastillion/bastillion/_res/js/tty/addons/fit/fit.js.map
+jetty_bastillion/bastillion/_res/js/tty/addons/fit/xterm-addon-fit.js
+jetty_bastillion/bastillion/_res/js/tty/addons/fit/xterm-addon-fit.js.map
 jetty_bastillion/bastillion/_res/js/tty/xterm.js
 jetty_bastillion/bastillion/_res/js/tty/xterm.js.map
 jetty_bastillion/bastillion/admin/menu.html
@ -156,128 +156,89 @@ jetty_bastillion/bastillion/manage/view_sessions.html
 jetty_bastillion/bastillion/manage/view_systems.html
 jetty_bastillion/bastillion/manage/view_terms.html
 jetty_bastillion/bastillion/manage/view_users.html
+jetty_bastillion/bin/jetty.service
 jetty_bastillion/bin/jetty.sh
-jetty_bastillion/lib/alpn-api-1.1.3.v20160715.jar
-jetty_bastillion/lib/annotations/asm-7.1.jar
-jetty_bastillion/lib/annotations/asm-analysis-7.1.jar
-jetty_bastillion/lib/annotations/asm-commons-7.1.jar
-jetty_bastillion/lib/annotations/asm-tree-7.1.jar
+jetty_bastillion/lib/annotations/asm-7.3.1.jar
+jetty_bastillion/lib/annotations/asm-analysis-7.3.1.jar
+jetty_bastillion/lib/annotations/asm-commons-7.3.1.jar
+jetty_bastillion/lib/annotations/asm-tree-7.3.1.jar
 jetty_bastillion/lib/annotations/javax.annotation-api-1.3.jar
-jetty_bastillion/lib/apache-jsp/org.eclipse.jdt.ecj-3.17.0.jar
-jetty_bastillion/lib/apache-jsp/org.eclipse.jetty.apache-jsp-9.4.20.v20190813.jar
-jetty_bastillion/lib/apache-jsp/org.mortbay.jasper.apache-el-8.5.40.jar
-jetty_bastillion/lib/apache-jsp/org.mortbay.jasper.apache-jsp-8.5.40.jar
+jetty_bastillion/lib/apache-jsp/org.eclipse.jdt.ecj-3.19.0.jar
+jetty_bastillion/lib/apache-jsp/org.eclipse.jetty.apache-jsp-9.4.29.v20200521.jar
+jetty_bastillion/lib/apache-jsp/org.mortbay.jasper.apache-el-8.5.49.jar
+jetty_bastillion/lib/apache-jsp/org.mortbay.jasper.apache-jsp-8.5.49.jar
 jetty_bastillion/lib/apache-jstl/org.apache.taglibs.taglibs-standard-impl-1.2.5.jar
 jetty_bastillion/lib/apache-jstl/org.apache.taglibs.taglibs-standard-spec-1.2.5.jar
 jetty_bastillion/lib/ext/.donotdelete
-jetty_bastillion/lib/fcgi/fcgi-client-9.4.20.v20190813.jar
-jetty_bastillion/lib/fcgi/fcgi-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/http2/http2-common-9.4.20.v20190813.jar
-jetty_bastillion/lib/http2/http2-hpack-9.4.20.v20190813.jar
-jetty_bastillion/lib/http2/http2-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/infinispan-common-9.4.20.v20190813.jar
-jetty_bastillion/lib/infinispan-embedded-query-9.4.20.v20190813.jar
-jetty_bastillion/lib/infinispan-remote-query-9.4.20.v20190813.jar
+jetty_bastillion/lib/fcgi/fcgi-client-9.4.29.v20200521.jar
+jetty_bastillion/lib/fcgi/fcgi-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/http2/http2-common-9.4.29.v20200521.jar
+jetty_bastillion/lib/http2/http2-hpack-9.4.29.v20200521.jar
+jetty_bastillion/lib/http2/http2-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/infinispan-common-9.4.29.v20200521.jar
+jetty_bastillion/lib/infinispan-embedded-query-9.4.29.v20200521.jar
+jetty_bastillion/lib/infinispan-remote-query-9.4.29.v20200521.jar
 jetty_bastillion/lib/jaspi/javax.security.auth.message-1.0.0.v201108011116.jar
-jetty_bastillion/lib/jetty-alpn-conscrypt-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-alpn-java-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-alpn-openjdk8-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-alpn-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-annotations-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-cdi-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-client-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-continuation-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-deploy-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-gcloud-session-manager-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-hazelcast-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-http-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-io-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-jaas-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-jaspi-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-jmx-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-jndi-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-memcached-sessions-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-nosql-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-plus-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-proxy-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-quickstart-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-rewrite-9.4.20.v20190813.jar
+jetty_bastillion/lib/jetty-alpn-conscrypt-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-alpn-java-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-alpn-openjdk8-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-alpn-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-annotations-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-cdi-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-client-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-continuation-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-deploy-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-gcloud-session-manager-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-hazelcast-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-http-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-io-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-jaas-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-jaspi-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-jmx-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-jndi-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-memcached-sessions-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-nosql-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-openid-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-plus-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-proxy-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-quickstart-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-rewrite-9.4.29.v20200521.jar
 jetty_bastillion/lib/jetty-schemas-3.1.jar
-jetty_bastillion/lib/jetty-security-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-servlet-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-servlets-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-unixsocket-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-util-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-webapp-9.4.20.v20190813.jar
-jetty_bastillion/lib/jetty-xml-9.4.20.v20190813.jar
+jetty_bastillion/lib/jetty-security-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-servlet-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-servlets-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-unixsocket-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-util-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-util-ajax-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-webapp-9.4.29.v20200521.jar
+jetty_bastillion/lib/jetty-xml-9.4.29.v20200521.jar
 jetty_bastillion/lib/mail/javax.mail.glassfish-1.4.1.v201005082020.jar
 jetty_bastillion/lib/servlet-api-3.1.jar
-jetty_bastillion/lib/setuid/jetty-setuid-java-1.0.3.jar
+jetty_bastillion/lib/setuid/jetty-setuid-java-1.0.4.jar
 jetty_bastillion/lib/setuid/libsetuid-linux.so
 jetty_bastillion/lib/setuid/libsetuid-osx.so
-jetty_bastillion/lib/spring/jetty-spring-9.4.20.v20190813.jar
+jetty_bastillion/lib/spring/jetty-spring-9.4.29.v20200521.jar
 jetty_bastillion/lib/transactions/javax.transaction-api-1.3.jar
-jetty_bastillion/lib/websocket/javax-websocket-client-impl-9.4.20.v20190813.jar
-jetty_bastillion/lib/websocket/javax-websocket-server-impl-9.4.20.v20190813.jar
+jetty_bastillion/lib/websocket/javax-websocket-client-impl-9.4.29.v20200521.jar
+jetty_bastillion/lib/websocket/javax-websocket-server-impl-9.4.29.v20200521.jar
 jetty_bastillion/lib/websocket/javax.websocket-api-1.0.jar
-jetty_bastillion/lib/websocket/websocket-api-9.4.20.v20190813.jar
-jetty_bastillion/lib/websocket/websocket-client-9.4.20.v20190813.jar
-jetty_bastillion/lib/websocket/websocket-common-9.4.20.v20190813.jar
-jetty_bastillion/lib/websocket/websocket-server-9.4.20.v20190813.jar
-jetty_bastillion/lib/websocket/websocket-servlet-9.4.20.v20190813.jar
+jetty_bastillion/lib/websocket/websocket-api-9.4.29.v20200521.jar
+jetty_bastillion/lib/websocket/websocket-client-9.4.29.v20200521.jar
+jetty_bastillion/lib/websocket/websocket-common-9.4.29.v20200521.jar
+jetty_bastillion/lib/websocket/websocket-server-9.4.29.v20200521.jar
+jetty_bastillion/lib/websocket/websocket-servlet-9.4.29.v20200521.jar
 jetty_bastillion/license-eplv10-aslv20.html
 jetty_bastillion/logs/.donotdelete
 jetty_bastillion/modules/.donotdelete
 jetty_bastillion/modules/acceptratelimit.mod
 jetty_bastillion/modules/alpn-impl.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_05.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_101.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_102.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_11.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_111.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_112.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_121.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_131.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_141.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_144.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_151.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_152.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_161.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_162.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_171.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_172.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_181.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_191.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_192.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_20.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_201.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_202.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_211.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_212.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_221.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_222.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_25.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_31.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_40.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_45.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_51.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_60.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_65.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_66.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_71.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_72.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_73.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_74.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_77.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_91.mod
-jetty_bastillion/modules/alpn-impl/alpn-1.8.0_92.mod
 jetty_bastillion/modules/alpn-impl/alpn-10.mod
 jetty_bastillion/modules/alpn-impl/alpn-11.mod
 jetty_bastillion/modules/alpn-impl/alpn-12.mod
 jetty_bastillion/modules/alpn-impl/alpn-13.mod
 jetty_bastillion/modules/alpn-impl/alpn-14.mod
+jetty_bastillion/modules/alpn-impl/alpn-15.mod
 jetty_bastillion/modules/alpn-impl/alpn-8.mod
 jetty_bastillion/modules/alpn-impl/alpn-9.mod
 jetty_bastillion/modules/alpn.mod
@ -331,6 +292,7 @@ jetty_bastillion/modules/jamon.mod
 jetty_bastillion/modules/jamon/jamon.xml
 jetty_bastillion/modules/jaspi.mod
 jetty_bastillion/modules/jcl-slf4j.mod
+jetty_bastillion/modules/jdbc.mod
 jetty_bastillion/modules/jminix.mod
 jetty_bastillion/modules/jminix/jminix.xml
 jetty_bastillion/modules/jmx-remote.mod
@ -365,6 +327,8 @@ jetty_bastillion/modules/logging-logback.mod
 jetty_bastillion/modules/logging-slf4j.mod
 jetty_bastillion/modules/lowresources.mod
 jetty_bastillion/modules/mail.mod
+jetty_bastillion/modules/openid.mod
+jetty_bastillion/modules/openid/openid-baseloginservice.xml
 jetty_bastillion/modules/plus.mod
 jetty_bastillion/modules/proxy-protocol-ssl.mod
 jetty_bastillion/modules/proxy-protocol.mod
@ -471,6 +435,7 @@ jetty_bastillion/upgrade/bastillion-upgrade-3.08.00.jar
 %%WWWDIR%%/etc/jetty-jmx-remote.xml
 %%WWWDIR%%/etc/jetty-jmx.xml
 %%WWWDIR%%/etc/jetty-lowresources.xml
+%%WWWDIR%%/etc/jetty-openid.xml
 %%WWWDIR%%/etc/jetty-plus.xml
 %%WWWDIR%%/etc/jetty-proxy-protocol-ssl.xml
 %%WWWDIR%%/etc/jetty-proxy-protocol.xml