deps: update dependency org.eclipse.jetty:jetty-server to v11.0.24 [security] #696

renovate-bot · 2024-10-14T21:09:42Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.eclipse.jetty:jetty-server (source)	`11.0.14` -> `11.0.24`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-8184

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which
can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By
repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the
server's memory.

Affected Versions

Jetty 12.0.0-12.0.8 (Supported)
Jetty 11.0.0-11.0.23 (EOL)
Jetty 10.0.0-10.0.23 (EOL)
Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

Jetty 12.0.9
Jetty 11.0.24
Jetty 10.0.24
Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

…ecurity]

## [1.0.1](googleapis/java-pubsublite-spark@v1.0.0...v1.0.1) (2025-07-09) ### Dependencies * Update dependency com.google.cloud:google-cloud-dataproc to v4.6.0 ([googleapis#584](googleapis#584)) ([4e2bf5c](googleapis@4e2bf5c)) * Update dependency com.google.cloud:google-cloud-dataproc to v4.9.0 ([googleapis#595](googleapis#595)) ([1fd00a8](googleapis@1fd00a8)) * Update dependency com.google.cloud:google-cloud-pubsublite to v1.9.4 ([googleapis#585](googleapis#585)) ([33b2936](googleapis@33b2936)) * Update dependency com.google.cloud:google-cloud-pubsublite-parent to v1.9.4 ([googleapis#586](googleapis#586)) ([5636436](googleapis@5636436)) * Update dependency gcp-docuploader to v0.6.5 ([googleapis#606](googleapis#606)) ([80ed55b](googleapis@80ed55b)) * Update dependency gcp-releasetool to v1.10.3 ([googleapis#593](googleapis#593)) ([ed3667c](googleapis@ed3667c)) * Update dependency google-auth to v2.16.1 ([googleapis#601](googleapis#601)) ([740161c](googleapis@740161c)) * Update dependency jakarta.xml.bind:jakarta.xml.bind-api to v4.0.2 ([googleapis#702](googleapis#702)) ([3a84e85](googleapis@3a84e85)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.14 ([googleapis#604](googleapis#604)) ([7f32dcd](googleapis@7f32dcd)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.24 [security] ([googleapis#696](googleapis#696)) ([3fee790](googleapis@3fee790)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.25 ([googleapis#706](googleapis#706)) ([7338c17](googleapis@7338c17)) * Update dependency org.eclipse.jetty:jetty-util to v11.0.14 ([googleapis#605](googleapis#605)) ([059c346](googleapis@059c346)) * Update dependency org.eclipse.jetty:jetty-util to v11.0.25 ([googleapis#704](googleapis#704)) ([75cd940](googleapis@75cd940)) * Update dependency setuptools to v67 ([googleapis#592](googleapis#592)) ([6049a9d](googleapis@6049a9d)) * Update dependency typing-extensions to v4.5.0 ([googleapis#598](googleapis#598)) ([fdd2584](googleapis@fdd2584)) * Update dependency zipp to v3.12.0 ([googleapis#591](googleapis#591)) ([3977bec](googleapis@3977bec)) * Update org.apache.spark:spark-sql_2.12 to 3.5.5 ([googleapis#703](googleapis#703)) ([7cd8b29](googleapis@7cd8b29))

* Update pom.xml Fix broken jetty update * chore(main): release 1.0.1 ## [1.0.1](v1.0.0...v1.0.1) (2025-07-09) ### Dependencies * Update dependency com.google.cloud:google-cloud-dataproc to v4.6.0 ([#584](#584)) ([4e2bf5c](4e2bf5c)) * Update dependency com.google.cloud:google-cloud-dataproc to v4.9.0 ([#595](#595)) ([1fd00a8](1fd00a8)) * Update dependency com.google.cloud:google-cloud-pubsublite to v1.9.4 ([#585](#585)) ([33b2936](33b2936)) * Update dependency com.google.cloud:google-cloud-pubsublite-parent to v1.9.4 ([#586](#586)) ([5636436](5636436)) * Update dependency gcp-docuploader to v0.6.5 ([#606](#606)) ([80ed55b](80ed55b)) * Update dependency gcp-releasetool to v1.10.3 ([#593](#593)) ([ed3667c](ed3667c)) * Update dependency google-auth to v2.16.1 ([#601](#601)) ([740161c](740161c)) * Update dependency jakarta.xml.bind:jakarta.xml.bind-api to v4.0.2 ([#702](#702)) ([3a84e85](3a84e85)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.14 ([#604](#604)) ([7f32dcd](7f32dcd)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.24 [security] ([#696](#696)) ([3fee790](3fee790)) * Update dependency org.eclipse.jetty:jetty-server to v11.0.25 ([#706](#706)) ([7338c17](7338c17)) * Update dependency org.eclipse.jetty:jetty-util to v11.0.14 ([#605](#605)) ([059c346](059c346)) * Update dependency org.eclipse.jetty:jetty-util to v11.0.25 ([#704](#704)) ([75cd940](75cd940)) * Update dependency setuptools to v67 ([#592](#592)) ([6049a9d](6049a9d)) * Update dependency typing-extensions to v4.5.0 ([#598](#598)) ([fdd2584](fdd2584)) * Update dependency zipp to v3.12.0 ([#591](#591)) ([3977bec](3977bec)) * Update org.apache.spark:spark-sql_2.12 to 3.5.5 ([#703](#703)) ([7cd8b29](7cd8b29)) * Update pom and changelog

renovate-bot requested review from a team as code owners October 14, 2024 21:09

product-auto-label bot added the size: xs Pull request size is extra small. label Oct 14, 2024

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 14, 2024

product-auto-label bot added the api: pubsublite Issues related to the googleapis/java-pubsublite-spark API. label Oct 14, 2024

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 14, 2024

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 2a7cc9b to 92c6f97 Compare May 28, 2025 12:23

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 92c6f97 to 48c9374 Compare May 28, 2025 20:10

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 48c9374 to 7407fe6 Compare May 28, 2025 22:36

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 7407fe6 to a08688b Compare May 29, 2025 01:52

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from a08688b to 7f45ffb Compare May 29, 2025 05:40

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 7f45ffb to 1cb2eea Compare May 29, 2025 10:36

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 1cb2eea to e02d954 Compare May 29, 2025 13:28

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from e02d954 to 12771f8 Compare May 29, 2025 19:31

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from d5f422c to 7fe5bea Compare June 18, 2025 06:39

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 7fe5bea to 06162b7 Compare June 18, 2025 20:49

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 18, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 06162b7 to 389c873 Compare June 19, 2025 03:13