Bump jetty.version from 12.0.16 to 12.0.18

[dependabot]

Bumps jetty.version from 12.0.16 to 12.0.18.
Updates org.eclipse.jetty:jetty-bom from 12.0.16 to 12.0.18

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.18

Changelog

• #12892 - Module http-forwarded does not appear to be able to use the IP in X-Forwarded-For header with any TLS HTTP request if the module http2 is also loaded
• #12888 - ErrorPageHandler dispatcher returns incorrect 405 for failing POST requests (e.g. JAX-RS)
• #12882 - Regression: HttpConfiguration setResponseHeaderSize is ineffective in 12.0.17
• #12871 - Add module ee8-cdi-decorate or update ee10-cdi-decorate to allow run old web applications
• #12802 - Make Server::setDefaultHandler and Server::setErrorHandler arguments consistent

12.0.17

Special Thanks to the following Eclipse Jetty community members for this release

• @​SentryMan (Josiah Noel)
• @​karstenhusberg
• @​lucarota
• @​lucarota-eutelsat (Luca Rota)

Of Special Note

The definition of UriCompliance.LEGACY has changed with regards to bad UTF-8 parsing. (This now conforms to Jetty 11/10/9 LEGACY mode behavior.) A new UriCompliance.JETTY_11 has been created to replicate Jetty 11 DEFAULT mode.

Changelog

• #12834 - Quotes should be escaped in request logs
• #12831 - Always resolve pathSpec with asPathSpec in ConstraintSecurityHandler
• #12828 - HttpServletResponse.encodeURL() does not support relative paths
• #12827 - Introduce UriCompliance.JETTY_11 which is different than UriCompliance.LEGACY
• #12821 - Restore ee9/ee8 ContextHandler.setCompactPath(boolean) behavior for backward compat reasons
• #12810 - Add jetty-ee to a BOM
• #12796 - Do not decode path in EE9 Dispatcher
• #12792 - Issue when scrolling around in embedded videos
• #12791 - Review UriCompliance.LEGACY behavior with bad UTF-8 in query
• #12790 - Cannot invoke "org.eclipse.jetty.io.RetainableByteBuffer.getByteBuffer()" because "buffer" is null
• #12775 - EE9 Servlet API throws exceptions in normal control flow
• #12768 - Static HTML in demos still refer to Jetty 10/11 and earlier concepts.
• #12764 - Add filter support to jetty-http-spi (@​SentryMan)
• #12752 - Make jetty-server a compile scoped dependency of jetty-http-spi (@​SentryMan)
• #12750 - UriCompliance is ignored for query string parsing
• #12741 - Remove unused files from jetty-eeX-demo-jetty-webapp
• #12739 - Regression in handing CombinedResource WEB-INF between Jetty 11 and Jetty 12
• #12730 - RegexRule needs configurable to include query (or not) in match logic
• #12725 - Update the _matchAfterIndex variable after setting new filter mappings
• #12724 - Fix SymlinkAllowedResourceAliasChecker for use with CombinedResource
• #12723 - Only on Windows: Failed startup of osgi context oeje8w.WebAppContext
• #12714 - MongoSessionDataStore can't upsert sessions if workerName contains token deliminators
• #12706 - Export ArrayByteBufferPool statistics via JMX
• #12705 - Orphaned sessions are never deleted at runtime in the SessionDataStore.
• #12690 - Add configurable capping for values of H2 MAX_HEADER_LIST_SIZE settings frames
• #12689 - Add statistics about ByteBufferPool.acquire() calls made for which there is no bucket

... (truncated)

Commits

• 09e23e1 Updating to version 12.0.18
• d4e8d2f Merge pull request #12899 from jetty/jetty-12.0.x-12888-allow-post-on-errordi...
• a488f78 Update license header
• 5095da2 Issue #12888 support error dispatch for static error pages on POST
• 899868a Fixes #12892 - Module http-forwarded does not appear to be able to use the IP...
• a301c14 no need to keep 60 history for working branches or PR (#12890)
• 0e4b34d Fixes #12882 - HttpConfiguration setResponseHeaderSize is ineffective in 12.0...
• 92336ac Merge pull request #12878 from jetty/jetty-12.0.x-javadoc-build
• f9c430b Fixing version
• a5c6d47 Merge pull request #12873 from jetty/fix/12.0.x/ee8-cdi-impl
• Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.16 to 12.0.18

Release notes

Sourced from org.eclipse.jetty.ee10:jetty-ee10-bom's releases.

12.0.18

Changelog

• #12892 - Module http-forwarded does not appear to be able to use the IP in X-Forwarded-For header with any TLS HTTP request if the module http2 is also loaded
• #12888 - ErrorPageHandler dispatcher returns incorrect 405 for failing POST requests (e.g. JAX-RS)
• #12882 - Regression: HttpConfiguration setResponseHeaderSize is ineffective in 12.0.17
• #12871 - Add module ee8-cdi-decorate or update ee10-cdi-decorate to allow run old web applications
• #12802 - Make Server::setDefaultHandler and Server::setErrorHandler arguments consistent

12.0.17

Special Thanks to the following Eclipse Jetty community members for this release

• @​SentryMan (Josiah Noel)
• @​karstenhusberg
• @​lucarota
• @​lucarota-eutelsat (Luca Rota)

Of Special Note

The definition of UriCompliance.LEGACY has changed with regards to bad UTF-8 parsing. (This now conforms to Jetty 11/10/9 LEGACY mode behavior.) A new UriCompliance.JETTY_11 has been created to replicate Jetty 11 DEFAULT mode.

Changelog

• #12834 - Quotes should be escaped in request logs
• #12831 - Always resolve pathSpec with asPathSpec in ConstraintSecurityHandler
• #12828 - HttpServletResponse.encodeURL() does not support relative paths
• #12827 - Introduce UriCompliance.JETTY_11 which is different than UriCompliance.LEGACY
• #12821 - Restore ee9/ee8 ContextHandler.setCompactPath(boolean) behavior for backward compat reasons
• #12810 - Add jetty-ee to a BOM
• #12796 - Do not decode path in EE9 Dispatcher
• #12792 - Issue when scrolling around in embedded videos
• #12791 - Review UriCompliance.LEGACY behavior with bad UTF-8 in query
• #12790 - Cannot invoke "org.eclipse.jetty.io.RetainableByteBuffer.getByteBuffer()" because "buffer" is null
• #12775 - EE9 Servlet API throws exceptions in normal control flow
• #12768 - Static HTML in demos still refer to Jetty 10/11 and earlier concepts.
• #12764 - Add filter support to jetty-http-spi (@​SentryMan)
• #12752 - Make jetty-server a compile scoped dependency of jetty-http-spi (@​SentryMan)
• #12750 - UriCompliance is ignored for query string parsing
• #12741 - Remove unused files from jetty-eeX-demo-jetty-webapp
• #12739 - Regression in handing CombinedResource WEB-INF between Jetty 11 and Jetty 12
• #12730 - RegexRule needs configurable to include query (or not) in match logic
• #12725 - Update the _matchAfterIndex variable after setting new filter mappings
• #12724 - Fix SymlinkAllowedResourceAliasChecker for use with CombinedResource
• #12723 - Only on Windows: Failed startup of osgi context oeje8w.WebAppContext
• #12714 - MongoSessionDataStore can't upsert sessions if workerName contains token deliminators
• #12706 - Export ArrayByteBufferPool statistics via JMX
• #12705 - Orphaned sessions are never deleted at runtime in the SessionDataStore.
• #12690 - Add configurable capping for values of H2 MAX_HEADER_LIST_SIZE settings frames
• #12689 - Add statistics about ByteBufferPool.acquire() calls made for which there is no bucket

... (truncated)

Commits

• 09e23e1 Updating to version 12.0.18
• d4e8d2f Merge pull request #12899 from jetty/jetty-12.0.x-12888-allow-post-on-errordi...
• a488f78 Update license header
• 5095da2 Issue #12888 support error dispatch for static error pages on POST
• 899868a Fixes #12892 - Module http-forwarded does not appear to be able to use the IP...
• a301c14 no need to keep 60 history for working branches or PR (#12890)
• 0e4b34d Fixes #12882 - HttpConfiguration setResponseHeaderSize is ineffective in 12.0...
• 92336ac Merge pull request #12878 from jetty/jetty-12.0.x-javadoc-build
• f9c430b Fixing version
• a5c6d47 Merge pull request #12873 from jetty/fix/12.0.x/ee8-cdi-impl
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)