[Snyk] Security upgrade org.eclipse.jetty:jetty-server from 9.4.53.v20231009 to 12.1.5

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Interpretation Conflict SNYK-JAVA-ORGECLIPSEJETTY-15426540	62	org.eclipse.jetty:jetty-server: 9.4.53.v20231009 -> 12.1.5 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This is a major upgrade across three significant versions (9.4 → 10 → 11 → 12) and introduces substantial breaking changes at each step. A simple version bump will not work and a multi-stage migration is required.

Key Breaking Changes:

• Jetty 9.4 → 10.0:

  • Java Requirement: The minimum required Java version is now Java 11.
  • Logging: The proprietary Jetty logging facade has been completely replaced with SLF4J.
  • API Refactoring: WebSocket and Session management APIs have been heavily refactored, requiring code updates for embedded users.

• Jetty 10.0 → 11.0:

  • Jakarta Namespace Migration: This is the most critical change. Following the Jakarta EE 9 specification, all javax.servlet packages have been renamed to jakarta.servlet. This requires a codebase-wide update of all imports and dependencies. Jetty 10 was the last version to use the javax.* namespace.

• Jetty 11.0 → 12.0:

  • Core API Redesign: Jetty 12 is architecturally different. It decouples itself from the Servlet API. Core components like Handler, Request, and Response have been redesigned.
  • Servlet Support: To deploy traditional web applications, you must now explicitly enable a Servlet environment (e.g., ee8, ee9, ee10). The deploy module, for instance, must be changed to ee10-deploy.
  • Handler API: The Handler.handle() method signature has changed, and the Request object is now immutable.

Recommendation: This upgrade is a major undertaking that requires significant planning and code modification. It is not a direct upgrade. Developers should consult the official migration guides for each major version and consider a staged migration path. Upgrading from 9.4 to 12 is described by the project maintainers as having "a lot of changes across 3 major versions, in APIs and Maven artifact names".

Sources:

• Migrating from Jetty 9.4.x to 10.0.x
• Migrating from Jetty 11.0.x to 12.0.x
• Jetty 10 and 11 Announcement

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (1)
⛔	Open Source Security	0	1	0	0	1 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.