Add support for Jetty `12` to address `CVE-2024-6763`

# Add support for Jetty `12` to address `CVE-2024-6763`

## Why?
- Jetty versions from `7.0.0` up to `12.0.11` are affected by CVE-2024-6763 (Eclipse Jetty URI parsing of invalid authority).
- The current version of `http4s-jetty` uses Jetty `10`.
- [Community support for Jetty 10 and Jetty 11 ended in January 2024](https://github.com/jetty/jetty.project/issues/10485).
- To solve the issue, `http4s-jetty` should use Jetty `12`, the current stable version.

## Any Other Things to Know?
- Jetty `12` requires Java `17`, so dropping support for Java `11` is necessary.
- Jetty has multiple versions supporting different versions of Jakarta EE (Java EE). However, for the first version supporting Jetty `12`, it is better to support only Jakarta EE `8` to minimize changes, as the API namespace moved from `javax` to `jakarta` starting with Jakarta EE `9`.

***
## NOTE:

I've done it for http4s 0.22 (https://github.com/http4s/http4s/pull/7579), and I'm working on it for `http4s-jetty` now.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for Jetty `12` to address `CVE-2024-6763` #235

Add support for Jetty `12` to address `CVE-2024-6763`

Why?

Any Other Things to Know?

NOTE:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add support for Jetty 12 to address CVE-2024-6763 #235

Description

Add support for Jetty 12 to address CVE-2024-6763

Why?

Any Other Things to Know?

NOTE:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Add support for Jetty `12` to address `CVE-2024-6763` #235

Add support for Jetty `12` to address `CVE-2024-6763`