Skip to content

test(deps): update jetty.version #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

test(deps): update jetty.version #346

wants to merge 1 commit into from

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Aug 28, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.eclipse.jetty:jetty-servlet (source) 9.4.51.v20230217 -> 9.4.58.v20250814 age adoption passing confidence
org.eclipse.jetty:jetty-server (source) 9.4.51.v20230217 -> 9.4.57.v20241219 age adoption passing confidence
org.eclipse.jetty:jetty-client (source) 9.4.51.v20230217 -> 9.4.58.v20250814 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-8184

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which
can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By
repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the
server's memory.

Affected Versions

  • Jetty 12.0.0-12.0.8 (Supported)
  • Jetty 11.0.0-11.0.23 (EOL)
  • Jetty 10.0.0-10.0.23 (EOL)
  • Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

  • Jetty 12.0.9
  • Jetty 11.0.24
  • Jetty 10.0.24
  • Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested review from a team as code owners August 28, 2023 18:57
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Aug 28, 2023
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Aug 28, 2023
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 28, 2023
@product-auto-label product-auto-label bot added the api: logging Issues related to the googleapis/java-logging-servlet-initializer API. label Aug 28, 2023
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 28, 2023
@product-auto-label product-auto-label bot added the stale: old Pull request is old and needs attention. label Sep 28, 2023
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from 707f9a7 to 097692a Compare October 10, 2023 04:43
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.52.v20230823 test(deps): update jetty.version to v9.4.53.v20231009 Oct 10, 2023
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Oct 10, 2023
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Oct 10, 2023
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 10, 2023
@product-auto-label product-auto-label bot added stale: extraold Pull request is critically old and needs prioritization. and removed stale: old Pull request is old and needs attention. labels Oct 28, 2023
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from 097692a to b360f60 Compare February 13, 2024 21:56
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.53.v20231009 test(deps): update jetty.version to v9.4.54.v20240208 Feb 13, 2024
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Feb 13, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Feb 13, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 13, 2024
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from b360f60 to bff827e Compare July 9, 2024 14:26
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.54.v20240208 test(deps): update jetty.version to v9.4.55.v20240627 Jul 9, 2024
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jul 9, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 9, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2024
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from bff827e to e441db9 Compare September 3, 2024 20:14
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.55.v20240627 test(deps): update jetty.version to v9.4.56.v20240826 Sep 3, 2024
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Sep 3, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Sep 3, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Sep 3, 2024
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from e441db9 to f8d6ab0 Compare January 9, 2025 07:33
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 9, 2025
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.56.v20240826 test(deps): update jetty.version to v9.4.57.v20241219 Jan 9, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 9, 2025
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.57.v20241219 test(deps): update jetty.version Jan 23, 2025
@renovate-bot renovate-bot changed the title test(deps): update jetty.version test(deps): update jetty.version to v9.4.57.v20241219 May 8, 2025
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from f8d6ab0 to ddf4b06 Compare June 17, 2025 20:00
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 17, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 17, 2025
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from ddf4b06 to 8f5ccee Compare June 17, 2025 20:20
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 17, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 17, 2025
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from 8f5ccee to 9d21318 Compare June 18, 2025 20:16
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025
@renovate-bot renovate-bot force-pushed the renovate/jetty.version branch from 9d21318 to d5c72b1 Compare August 14, 2025 11:30
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 14, 2025
@renovate-bot renovate-bot changed the title test(deps): update jetty.version to v9.4.57.v20241219 test(deps): update jetty.version Aug 14, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@daniel-sanche daniel-sanche

Labels
api: logging Issues related to the googleapis/java-logging-servlet-initializer API. size: xs Pull request size is extra small. stale: extraold Pull request is critically old and needs prioritization.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renovate-bot @daniel-sanche @yoshi-kokoro