From db9aa18ab4b7b3764035d3005fae251742dd8847 Mon Sep 17 00:00:00 2001
From: Siddarth Ajay <SIDDARTH.AJAY@ibm.com>
Date: Tue, 28 May 2024 07:52:19 +0530
Subject: [PATCH 1/2] upgraded jetty version

---
 .../http/client/jetty/JettyHttpClient.java     |  2 +-
 .../http/client/AbstractHttpClientTest.java    |  7 ++++---
 .../client/jetty/TestHttpClientLogger.java     | 18 ++++++++++++++++++
 .../airlift/http/server/HttpServer.java        |  4 ++--
 .../http/server/TestHttpServerCipher.java      |  2 +-
 .../http/server/TestHttpServerConfig.java      |  4 ++--
 pom.xml                                        |  2 +-
 7 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/http-client/src/main/java/com/facebook/airlift/http/client/jetty/JettyHttpClient.java b/http-client/src/main/java/com/facebook/airlift/http/client/jetty/JettyHttpClient.java
index 33ff59fdca..2cabdab0e1 100755
--- a/http-client/src/main/java/com/facebook/airlift/http/client/jetty/JettyHttpClient.java
+++ b/http-client/src/main/java/com/facebook/airlift/http/client/jetty/JettyHttpClient.java
@@ -157,7 +157,7 @@ public JettyHttpClient(
 
         creationLocation.fillInStackTrace();
 
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
         sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
         if (config.getKeyStorePath() != null) {
             Optional<KeyStore> pemKeyStore = tryLoadPemKeyStore(config);
diff --git a/http-client/src/test/java/com/facebook/airlift/http/client/AbstractHttpClientTest.java b/http-client/src/test/java/com/facebook/airlift/http/client/AbstractHttpClientTest.java
index 50be1d3d0a..d9bf87e4ae 100755
--- a/http-client/src/test/java/com/facebook/airlift/http/client/AbstractHttpClientTest.java
+++ b/http-client/src/test/java/com/facebook/airlift/http/client/AbstractHttpClientTest.java
@@ -140,7 +140,8 @@ public void abstractSetup()
         if (keystore != null) {
             httpConfiguration.addCustomizer(new SecureRequestCustomizer());
 
-            SslContextFactory sslContextFactory = new SslContextFactory(keystore);
+            SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
+            sslContextFactory.setKeyStorePath(keystore);
             sslContextFactory.setKeyStorePassword("changeit");
             SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
 
@@ -638,7 +639,7 @@ public void testResponseStatusMessage()
             assertNull(statusMessage);
         }
         else {
-            assertEquals(statusMessage, "message");
+            assertEquals(statusMessage, "OK");
         }
     }
 
@@ -747,7 +748,7 @@ public void testCompressionIsDisabled()
         assertEquals(body, "");
         assertFalse(servlet.getRequestHeaders().containsKey(HeaderName.of(ACCEPT_ENCODING)));
 
-        String json = "{\"foo\":\"bar\",\"hello\":\"world\"}";
+        String json = "{\"fuite\":\"apple\",\"hello\":\"world\"}";
         assertGreaterThanOrEqual(json.length(), GzipHandler.DEFAULT_MIN_GZIP_SIZE);
 
         servlet.setResponseBody(json);
diff --git a/http-client/src/test/java/com/facebook/airlift/http/client/jetty/TestHttpClientLogger.java b/http-client/src/test/java/com/facebook/airlift/http/client/jetty/TestHttpClientLogger.java
index 5b5040116f..010943ef0e 100644
--- a/http-client/src/test/java/com/facebook/airlift/http/client/jetty/TestHttpClientLogger.java
+++ b/http-client/src/test/java/com/facebook/airlift/http/client/jetty/TestHttpClientLogger.java
@@ -359,6 +359,18 @@ public Request cookie(HttpCookie cookie)
             throw new UnsupportedOperationException();
         }
 
+        @Override
+        public Request tag(Object o)
+        {
+            return null;
+        }
+
+        @Override
+        public Object getTag()
+        {
+            return null;
+        }
+
         @Override
         public Request attribute(String name, Object value)
         {
@@ -539,6 +551,12 @@ public Request onResponseContentAsync(Response.AsyncContentListener listener)
             throw new UnsupportedOperationException();
         }
 
+        @Override
+        public Request onResponseContentDemanded(Response.DemandedContentListener demandedContentListener)
+        {
+            throw new UnsupportedOperationException();
+        }
+
         @Override
         public Request onResponseSuccess(Response.SuccessListener listener)
         {
diff --git a/http-server/src/main/java/com/facebook/airlift/http/server/HttpServer.java b/http-server/src/main/java/com/facebook/airlift/http/server/HttpServer.java
index 9f7ad1a169..afde06d977 100644
--- a/http-server/src/main/java/com/facebook/airlift/http/server/HttpServer.java
+++ b/http-server/src/main/java/com/facebook/airlift/http/server/HttpServer.java
@@ -225,7 +225,7 @@ public HttpServer(HttpServerInfo httpServerInfo,
             HttpConfiguration httpsConfiguration = new HttpConfiguration(baseHttpConfiguration);
             httpsConfiguration.addCustomizer(new SecureRequestCustomizer(config.isSniHostCheck()));
 
-            SslContextFactory sslContextFactory = new SslContextFactory();
+            SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
             Optional<KeyStore> pemKeyStore = tryLoadPemKeyStore(config);
             if (pemKeyStore.isPresent()) {
                 sslContextFactory.setKeyStore(pemKeyStore.get());
@@ -300,7 +300,7 @@ public HttpServer(HttpServerInfo httpServerInfo,
             if (config.isHttpsEnabled()) {
                 adminConfiguration.addCustomizer(new SecureRequestCustomizer());
 
-                SslContextFactory sslContextFactory = new SslContextFactory();
+                SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
                 sslContextFactory.setKeyStorePath(config.getKeystorePath());
                 sslContextFactory.setKeyStorePassword(config.getKeystorePassword());
                 if (config.getKeyManagerPassword() != null) {
diff --git a/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerCipher.java b/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerCipher.java
index b467046fdf..a2646d0e7d 100644
--- a/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerCipher.java
+++ b/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerCipher.java
@@ -183,7 +183,7 @@ private HttpServerConfig createHttpServerConfig()
     private static HttpClient createClientIncludeCiphers(String... includedCipherSuites)
             throws Exception
     {
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
         sslContextFactory.setIncludeCipherSuites(includedCipherSuites);
         // Since Jetty 9.4.12 the list of excluded cipher suites includes "^TLS_RSA_.*$" by default.
         // We reset that list here to enable use of those cipher suites.
diff --git a/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerConfig.java b/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerConfig.java
index 559415dd08..9a59d771fd 100644
--- a/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerConfig.java
+++ b/http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerConfig.java
@@ -202,9 +202,9 @@ public void testExplicitPropertyMappings()
         ConfigAssertions.assertFullMapping(properties, expected);
     }
 
-    private List<String> getJettyDefaultExcludedCiphers()
+    private static List<String> getJettyDefaultExcludedCiphers()
     {
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         return Arrays.asList(sslContextFactory.getExcludeCipherSuites());
     }
 }
diff --git a/pom.xml b/pom.xml
index ab931f57e0..420bfa8ab1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
 
         <dep.airlift.version>0.212-SNAPSHOT</dep.airlift.version>
         <dep.packaging.version>${dep.airlift.version}</dep.packaging.version>
-        <dep.jetty.version>9.4.14.v20181114</dep.jetty.version>
+        <dep.jetty.version>9.4.53.v20231009</dep.jetty.version>
         <dep.jersey.version>2.26</dep.jersey.version>
         <dep.drift.version>1.31</dep.drift.version>
     </properties>

From 65734165272a237e9e0c2e802f67651959e47e90 Mon Sep 17 00:00:00 2001
From: Siddarth Ajay <43318941+siddhuoo7@users.noreply.github.com>
Date: Tue, 4 Jun 2024 14:48:50 +0530
Subject: [PATCH 2/2] modify version to 9.4.54.v20240208 since jetty server
 version 9.4.53.v20231009 have a new vulnerability

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 420bfa8ab1..3bc16da19c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
 
         <dep.airlift.version>0.212-SNAPSHOT</dep.airlift.version>
         <dep.packaging.version>${dep.airlift.version}</dep.packaging.version>
-        <dep.jetty.version>9.4.53.v20231009</dep.jetty.version>
+        <dep.jetty.version>9.4.54.v20240208</dep.jetty.version>
         <dep.jersey.version>2.26</dep.jersey.version>
         <dep.drift.version>1.31</dep.drift.version>
     </properties>