Upgrade Jetty from 9.4.14.v20181114 to 9.4.54.v20240208 to Address Security Vulnerabilities

http-client/src/main/java/com/facebook/airlift/http/client/jetty/JettyHttpClient.java

@@ -157,7 +157,7 @@ public JettyHttpClient(
 
         creationLocation.fillInStackTrace();
 
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
         sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
         if (config.getKeyStorePath() != null) {
             Optional<KeyStore> pemKeyStore = tryLoadPemKeyStore(config);

http-client/src/test/java/com/facebook/airlift/http/client/AbstractHttpClientTest.java

@@ -140,7 +140,8 @@ public void abstractSetup()
         if (keystore != null) {
             httpConfiguration.addCustomizer(new SecureRequestCustomizer());
 
-            SslContextFactory sslContextFactory = new SslContextFactory(keystore);
+            SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
+            sslContextFactory.setKeyStorePath(keystore);
             sslContextFactory.setKeyStorePassword("changeit");
             SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
 
@@ -638,7 +639,7 @@ public void testResponseStatusMessage()
             assertNull(statusMessage);
         }
         else {
-            assertEquals(statusMessage, "message");
+            assertEquals(statusMessage, "OK");
         }
     }
 
@@ -747,7 +748,7 @@ public void testCompressionIsDisabled()
         assertEquals(body, "");
         assertFalse(servlet.getRequestHeaders().containsKey(HeaderName.of(ACCEPT_ENCODING)));
 
-        String json = "{\"foo\":\"bar\",\"hello\":\"world\"}";
+        String json = "{\"fuite\":\"apple\",\"hello\":\"world\"}";
         assertGreaterThanOrEqual(json.length(), GzipHandler.DEFAULT_MIN_GZIP_SIZE);
 
         servlet.setResponseBody(json);

http-client/src/test/java/com/facebook/airlift/http/client/jetty/TestHttpClientLogger.java

@@ -359,6 +359,18 @@ public Request cookie(HttpCookie cookie)
             throw new UnsupportedOperationException();
         }
 
+        @Override
+        public Request tag(Object o)
+        {
+            return null;
+        }
+
+        @Override
+        public Object getTag()
+        {
+            return null;
+        }
+
         @Override
         public Request attribute(String name, Object value)
         {
@@ -539,6 +551,12 @@ public Request onResponseContentAsync(Response.AsyncContentListener listener)
             throw new UnsupportedOperationException();
         }
 
+        @Override
+        public Request onResponseContentDemanded(Response.DemandedContentListener demandedContentListener)
+        {
+            throw new UnsupportedOperationException();
+        }
+
         @Override
         public Request onResponseSuccess(Response.SuccessListener listener)
         {

http-server/src/main/java/com/facebook/airlift/http/server/HttpServer.java

@@ -225,7 +225,7 @@ public HttpServer(HttpServerInfo httpServerInfo,
             HttpConfiguration httpsConfiguration = new HttpConfiguration(baseHttpConfiguration);
             httpsConfiguration.addCustomizer(new SecureRequestCustomizer(config.isSniHostCheck()));
 
-            SslContextFactory sslContextFactory = new SslContextFactory();
+            SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
             Optional<KeyStore> pemKeyStore = tryLoadPemKeyStore(config);
             if (pemKeyStore.isPresent()) {
                 sslContextFactory.setKeyStore(pemKeyStore.get());
@@ -300,7 +300,7 @@ public HttpServer(HttpServerInfo httpServerInfo,
             if (config.isHttpsEnabled()) {
                 adminConfiguration.addCustomizer(new SecureRequestCustomizer());
 
-                SslContextFactory sslContextFactory = new SslContextFactory();
+                SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
                 sslContextFactory.setKeyStorePath(config.getKeystorePath());
                 sslContextFactory.setKeyStorePassword(config.getKeystorePassword());
                 if (config.getKeyManagerPassword() != null) {

http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerCipher.java

@@ -183,7 +183,7 @@ private HttpServerConfig createHttpServerConfig()
     private static HttpClient createClientIncludeCiphers(String... includedCipherSuites)
             throws Exception
     {
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
         sslContextFactory.setIncludeCipherSuites(includedCipherSuites);
         // Since Jetty 9.4.12 the list of excluded cipher suites includes "^TLS_RSA_.*$" by default.
         // We reset that list here to enable use of those cipher suites.

http-server/src/test/java/com/facebook/airlift/http/server/TestHttpServerConfig.java

@@ -202,9 +202,9 @@ public void testExplicitPropertyMappings()
         ConfigAssertions.assertFullMapping(properties, expected);
     }
 
-    private List<String> getJettyDefaultExcludedCiphers()
+    private static List<String> getJettyDefaultExcludedCiphers()
     {
-        SslContextFactory sslContextFactory = new SslContextFactory();
+        SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         return Arrays.asList(sslContextFactory.getExcludeCipherSuites());
     }
 }

pom.xml

@@ -27,7 +27,7 @@
 
         <dep.airlift.version>0.212-SNAPSHOT</dep.airlift.version>
         <dep.packaging.version>${dep.airlift.version}</dep.packaging.version>
-        <dep.jetty.version>9.4.14.v20181114</dep.jetty.version>
+        <dep.jetty.version>9.4.54.v20240208</dep.jetty.version>
         <dep.jersey.version>2.26</dep.jersey.version>
         <dep.drift.version>1.31</dep.drift.version>
     </properties>