security: upgrade Jetty from 9.4.53 to 12.0.16

- Upgrade from 9.4.53.v20231009 to 12.0.16 (meets requirement >12.0.9) - Addresses security vulnerabilities in older Jetty versions - Externalized version to jetty.version property for easier maintenance - Added jetty-util, jetty-io, jetty-security to dependencyManagement - Ensures all Jetty transitive dependencies use secure version
6 days ago · e48bf9a791
1 changed files with 20 additions and 4 deletions
--- a/test/java/spark/pom.xml
+++ b/test/java/spark/pom.xml
@ -23,6 +23,7 @@
        <seaweedfs.hadoop3.client.version>3.80</seaweedfs.hadoop3.client.version>
        <jackson.version>2.15.3</jackson.version>
        <netty.version>4.1.124.Final</netty.version>
+        <jetty.version>12.0.16</jetty.version>
        <surefire.jvm.args>
            -Xmx2g
            -Dhadoop.home.dir=/tmp
@ -150,21 +151,36 @@
                <version>2.2</version>
            </dependency>

-            <!-- Jetty - Fix CVEs -->
+            <!-- Jetty - Fix CVEs (upgraded to 12.x for security) -->
            <dependency>
                <groupId>org.eclipse.jetty</groupId>
                <artifactId>jetty-server</artifactId>
-                <version>9.4.53.v20231009</version>
+                <version>${jetty.version}</version>
            </dependency>
            <dependency>
                <groupId>org.eclipse.jetty</groupId>
                <artifactId>jetty-http</artifactId>
-                <version>9.4.53.v20231009</version>
+                <version>${jetty.version}</version>
            </dependency>
            <dependency>
                <groupId>org.eclipse.jetty</groupId>
                <artifactId>jetty-servlet</artifactId>
-                <version>9.4.53.v20231009</version>
+                <version>${jetty.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-util</artifactId>
+                <version>${jetty.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-io</artifactId>
+                <version>${jetty.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-security</artifactId>
+                <version>${jetty.version}</version>
            </dependency>
        </dependencies>
    </dependencyManagement>