From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Mon, 16 Feb 2009 20:19:33 -0500

Hi,

I would like to propose the release of 1.9.6 this week. Mainly, I would
like to have an official release to cover the following fixes:

+ https://grizzly.dev.java.net/issues/show_bug.cgi?id=447
   "cometd chat-room does not logout completely"

+ https://glassfish.dev.java.net/issues/show_bug.cgi?id=7105
   "Incorrect behaviour with HTTPServletResponse
OutputStream#flushBuffer()"

The last one is kind of dangerous. A simple servlet doing:

     public void doPost(HttpServletRequest request, HttpServletResponse
response)
     throws ServletException, IOException {

         OutputStream out = response.getOutputStream();
         while(true) {
             try {
                 System.out.println("Writing zero byte");
                 out.write(0);
                 response.flushBuffer();
                 Thread.sleep(5000);
             } catch (InterruptedException e) {
                 e.printStackTrace();
             }
             catch(IOException f) {
                 f.printStackTrace();
                 break;
             }
         }
     }

can be used to produce a Denial-of-Service when the connection get
closed remotely. The current open issue can be seen here:

http://is.gd/jLAR

I would propose we fix the following issue:

https://grizzly.dev.java.net/issues/show_bug.cgi?id=445
https://grizzly.dev.java.net/issues/show_bug.cgi?id=427
https://grizzly.dev.java.net/issues/show_bug.cgi?id=441
https://grizzly.dev.java.net/issues/show_bug.cgi?id=388
https://grizzly.dev.java.net/issues/show_bug.cgi?id=437

Any objections? Anyone interested to fix one of the above feel free to
assign the bug to yourself :-) :-)

Thanks!!

-- Jeanfrancois