Greg Wilkins

Ok for something separate I'm not so ok on calling connectors listeners, adding different names for the same thing will be confusing. We could hide the CHC, but the DSLs...

> Do I need to configure the temp directory of the servlet? This used to work without issues with Jetty 11 Did you use ServletContextHandler or WebAppContext in Jetty 11?...

@lachlan-roberts there is a bit to unpack here. Firstly the redirect from `/context/dir/index.html/` to `/context/dir/index.html` is kind of to avoid the alias in the first place. @lorban Could (should?) the...

We should not allow dir%2Findex.html just because we allow symlinks. This is exactly the kind of security constraint bypassing alias that the alias mechanism was implemented to protect against.

@Lachlan why do we need a big rethink? If somebody adds the allowed file resource checker, then any alias is ok so long as it is in the docroot and...

@lachlan-roberts I don't understand why you want to combine allowed resources with symlink checking? If you want both then add both be alias checkers. What's wrong with the implementation as...

This null return is now making us write inefficient code, as we cannot resolve to "potential" resources at startup and thus have to resolve on every request. The other APIs...

I have started a PR for this. It turns out that we have a fair bit of code that still expected a non null return from resolve and some resource...

@sbordet do you agree this is a bug? @lachlan-roberts I'm not sure if this is causing some `spring-framework` integration failures, but it is certainly not helping us fail in a...

Actually @lorban do you think this is a violation of our `Content.Source#read()` contract? Should it return an error chunk rather than throw?