Upgrade to Jetty 12.0.15, Gradle 8.10.2, and security dependency updates #1540
Description
Problem Statement
Tessera currently uses:
- Jetty 11.0.24 (approaching EOL)
- Gradle 7.5.1 (older build system)
- Outdated dependencies with known security vulnerabilities
Proposed Solution
We propose upgrading to:
- Jetty 12.0.15 with EE9 support
- Gradle 8.10.2 for better Java 17+ support
- Security patches: Logback 1.5.19, json-smart 2.5.0, nimbus-jose-jwt 9.40
Benefits
- Long-term maintainability: Jetty 12 has better Jakarta EE support and is the actively maintained version
- Security: Addresses multiple CVEs in dependencies
- Build improvements: Gradle 8 provides better dependency resolution and Java 17+ compatibility
- Backward compatible: Uses HttpCompliance.LEGACY mode to maintain compatibility
Implementation
The Microsoft Blockchain team has a PR ready with these changes. The upgrade includes:
- Complete Jetty 12 migration with Unix domain socket support
- All necessary compatibility fixes for ServletContextHandler, header handling
- Code formatted per Google Java Style Guide
- 20 commits with detailed descriptions
Would the team be interested in this contribution?