Bump jetty.version from 10.0.13 to 11.0.17

[dependabot]

Bumps jetty.version from 10.0.13 to 11.0.17.
Updates org.eclipse.jetty:jetty-server from 10.0.13 to 11.0.17

Release notes

Sourced from org.eclipse.jetty:jetty-server's releases.

11.0.17

Security Updates

This release addresses:

• CVE-2023-44487

Changelog

• #10679 - Review HTTP/2 rate control
• #10547 - Cannot customize Executor on WebSocketClient
• #10545 - Fixed deadlock in class initialization seen on JDK21.
• #10511 - Allow session idle timeout to be configured on authentication.
• #10473 - Startup Script reports ok too fast, and doesn't wait for actual start of Jetty
• #10365 - Cleanup of start properties usages

11.0.16

Security Updates

This release addresses:

• GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
• CVE-2023-40167
• CVE-2023-36478
• CVE-2023-36479
• CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error

... (truncated)

Commits

• 48e7716 Updating to version 11.0.17
• 2f6add5 Merge remote-tracking branch 'origin/fix/10.0.x/rollback-jdk21-requirement' i...
• 8a93d85 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• 67b0778 Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode.
• b4fdf22 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• dbb9451 Fixes #10679 - Review HTTP/2 rate control. (#10681)
• 4670d3e Rollback JDK21 requirements during Compile + Jar creation.
• 942888f Merge branch 'jetty-10.0.x' into jetty-11.0.x
• 90fdd42 Update details on how to include dependabot PRs in a release (#10659)
• 4d0ecf2 Merge branch 'jetty-10.0.x' into jetty-11.0.x
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-webapp from 10.0.13 to 11.0.17

Release notes

Sourced from org.eclipse.jetty:jetty-webapp's releases.

11.0.17

Security Updates

This release addresses:

• CVE-2023-44487

Changelog

• #10679 - Review HTTP/2 rate control
• #10547 - Cannot customize Executor on WebSocketClient
• #10545 - Fixed deadlock in class initialization seen on JDK21.
• #10511 - Allow session idle timeout to be configured on authentication.
• #10473 - Startup Script reports ok too fast, and doesn't wait for actual start of Jetty
• #10365 - Cleanup of start properties usages

11.0.16

Security Updates

This release addresses:

• GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
• CVE-2023-40167
• CVE-2023-36478
• CVE-2023-36479
• CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error

... (truncated)

Commits

• 48e7716 Updating to version 11.0.17
• 2f6add5 Merge remote-tracking branch 'origin/fix/10.0.x/rollback-jdk21-requirement' i...
• 8a93d85 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• 67b0778 Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode.
• b4fdf22 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• dbb9451 Fixes #10679 - Review HTTP/2 rate control. (#10681)
• 4670d3e Rollback JDK21 requirements during Compile + Jar creation.
• 942888f Merge branch 'jetty-10.0.x' into jetty-11.0.x
• 90fdd42 Update details on how to include dependabot PRs in a release (#10659)
• 4d0ecf2 Merge branch 'jetty-10.0.x' into jetty-11.0.x
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-util from 10.0.13 to 11.0.17

Release notes

Sourced from org.eclipse.jetty:jetty-util's releases.

11.0.17

Security Updates

This release addresses:

• CVE-2023-44487

Changelog

• #10679 - Review HTTP/2 rate control
• #10547 - Cannot customize Executor on WebSocketClient
• #10545 - Fixed deadlock in class initialization seen on JDK21.
• #10511 - Allow session idle timeout to be configured on authentication.
• #10473 - Startup Script reports ok too fast, and doesn't wait for actual start of Jetty
• #10365 - Cleanup of start properties usages

11.0.16

Security Updates

This release addresses:

• GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
• CVE-2023-40167
• CVE-2023-36478
• CVE-2023-36479
• CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error

... (truncated)

Commits

• 48e7716 Updating to version 11.0.17
• 2f6add5 Merge remote-tracking branch 'origin/fix/10.0.x/rollback-jdk21-requirement' i...
• 8a93d85 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• 67b0778 Issue #9777 - CrossOriginFilter does not return Vary header on no-cors mode.
• b4fdf22 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• dbb9451 Fixes #10679 - Review HTTP/2 rate control. (#10681)
• 4670d3e Rollback JDK21 requirements during Compile + Jar creation.
• 942888f Merge branch 'jetty-10.0.x' into jetty-11.0.x
• 90fdd42 Update details on how to include dependabot PRs in a release (#10659)
• 4d0ecf2 Merge branch 'jetty-10.0.x' into jetty-11.0.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.