Bump org.eclipse.jetty:jetty-bom from 11.0.15 to 12.0.17

[dependabot]

Bumps org.eclipse.jetty:jetty-bom from 11.0.15 to 12.0.17.

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.17

Special Thanks to the following Eclipse Jetty community members for this release

• @​SentryMan (Josiah Noel)
• @​karstenhusberg
• @​lucarota
• @​lucarota-eutelsat (Luca Rota)

Of Special Note

The definition of UriCompliance.LEGACY has changed with regards to bad UTF-8 parsing. (This now conforms to Jetty 11/10/9 LEGACY mode behavior.) A new UriCompliance.JETTY_11 has been created to replicate Jetty 11 DEFAULT mode.

Changelog

• #12834 - Quotes should be escaped in request logs
• #12831 - Always resolve pathSpec with asPathSpec in ConstraintSecurityHandler
• #12828 - HttpServletResponse.encodeURL() does not support relative paths
• #12827 - Introduce UriCompliance.JETTY_11 which is different than UriCompliance.LEGACY
• #12821 - Restore ee9/ee8 ContextHandler.setCompactPath(boolean) behavior for backward compat reasons
• #12810 - Add jetty-ee to a BOM
• #12796 - Do not decode path in EE9 Dispatcher
• #12792 - Issue when scrolling around in embedded videos
• #12791 - Review UriCompliance.LEGACY behavior with bad UTF-8 in query
• #12790 - Cannot invoke "org.eclipse.jetty.io.RetainableByteBuffer.getByteBuffer()" because "buffer" is null
• #12775 - EE9 Servlet API throws exceptions in normal control flow
• #12768 - Static HTML in demos still refer to Jetty 10/11 and earlier concepts.
• #12764 - Add filter support to jetty-http-spi (@​SentryMan)
• #12752 - Make jetty-server a compile scoped dependency of jetty-http-spi (@​SentryMan)
• #12750 - UriCompliance is ignored for query string parsing
• #12741 - Remove unused files from jetty-eeX-demo-jetty-webapp
• #12739 - Regression in handing CombinedResource WEB-INF between Jetty 11 and Jetty 12
• #12730 - RegexRule needs configurable to include query (or not) in match logic
• #12725 - Update the _matchAfterIndex variable after setting new filter mappings
• #12724 - Fix SymlinkAllowedResourceAliasChecker for use with CombinedResource
• #12723 - Only on Windows: Failed startup of osgi context oeje8w.WebAppContext
• #12714 - MongoSessionDataStore can't upsert sessions if workerName contains token deliminators
• #12706 - Export ArrayByteBufferPool statistics via JMX
• #12705 - Orphaned sessions are never deleted at runtime in the SessionDataStore.
• #12690 - Add configurable capping for values of H2 MAX_HEADER_LIST_SIZE settings frames
• #12689 - Add statistics about ByteBufferPool.acquire() calls made for which there is no bucket
• #12683 - Cross context dispatch to root context uses incorrect target path
• #12681 - CachingHttpContentFactory$CachedHttpContent already released buffer
• #12671 - Check UriCompliance.Violation.ALLOW_BAD_UTF8 in query parameter extraction
• #12670 - Improve buffer management of HTTP/1 response headers
• #12650 - Attribute org.eclipse.jetty.multipartConfig is null
• #12646 - CompleteListener may be invoked twice
• #12639 - Request.Content.getContentType()'s Javadoc contradicts HttpConnection.normalizeRequest()
• #12634 - Update jaas index.adoc (@​karstenhusberg)
• #12633 - Ensure a redirect of the HttpServletResponse will close HttpOutput

... (truncated)

Commits

• 14d19c2 Updating to version 12.0.17
• 921a77e Quoted Request Log #12834 (#12835)
• 408cfde Fixed ABBP.release() logic to check for entry.isTerminated() before releasing.
• 6610782 fix checkstyle
• 354c317 #12790 fix remove stats
• 6f39fa4 Removed extra space.
• 14b1c60 Improved QueuedPool handling of the this.pooled field.
• e1a889d #12790 quick fix
• dada868 #12790 add reproducer
• 1e7e4fe Merge pull request #12831 from jetty/jetty-12.0.x-EE8-SecurityHandlerMappings-2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.