deps: update dependency org.eclipse.jetty:jetty-server to v11.0.24 [security] #696

renovate-bot · 2024-10-14T21:09:42Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.eclipse.jetty:jetty-server (source)	`11.0.14` -> `11.0.24`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-8184

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which
can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By
repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the
server's memory.

Affected Versions

Jetty 12.0.0-12.0.8 (Supported)
Jetty 11.0.0-11.0.23 (EOL)
Jetty 10.0.0-10.0.23 (EOL)
Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

Jetty 12.0.9
Jetty 11.0.24
Jetty 10.0.24
Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

…ecurity]

renovate-bot requested review from a team as code owners October 14, 2024 21:09

product-auto-label bot added the size: xs Pull request size is extra small. label Oct 14, 2024

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 14, 2024

product-auto-label bot added the api: pubsublite Issues related to the googleapis/java-pubsublite-spark API. label Oct 14, 2024

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 14, 2024

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 2a7cc9b to 92c6f97 Compare May 28, 2025 12:23

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 92c6f97 to 48c9374 Compare May 28, 2025 20:10

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 48c9374 to 7407fe6 Compare May 28, 2025 22:36

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 7407fe6 to a08688b Compare May 29, 2025 01:52

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from a08688b to 7f45ffb Compare May 29, 2025 05:40

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 7f45ffb to 1cb2eea Compare May 29, 2025 10:36

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 1cb2eea to e02d954 Compare May 29, 2025 13:28

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from e02d954 to 12771f8 Compare May 29, 2025 19:31

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 6b267c2 to ed54a45 Compare May 30, 2025 12:25

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from ed54a45 to 274cd99 Compare May 30, 2025 22:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/maven-org.eclipse.jetty-jetty-server-vulnerability branch from 274cd99 to 03ebcfe Compare May 31, 2025 02:37