Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763 (#4600)

### Motivation & Changes

Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763
Jetty 9.4.57.v20241219 contains backported CVE-2024-6763 fix in jetty/jetty.project#12532 although it's not explicitly mentioned and most security scanners don't yet contain the information that it's been addressed in 9.4.57.
More details:
* jetty/jetty.project#12630
* https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.57.v20241219

Note: The backport is a partial mitigation and Jetty 9.4.57 will continue to be marked as vulnerable. There's a discussion and explanation here: https://gitlab.eclipse.org/security/cve-assignement/-/issues/25#note_2968611

(cherry picked from commit 99eb63a)

Author: lhotari

bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt

@@ -267,14 +267,14 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.53.v20231009.jar [22]
-- lib/org.rocksdb-rocksdbjni-7.10.2.jar [23]
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar [22]
+- lib/org.rocksdb-rocksdbjni-9.9.3.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
 - lib/com.yahoo.datasketches-sketches-core-0.8.3.jar [25]

bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt

@@ -267,14 +267,14 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.53.v20231009.jar [22]
-- lib/org.rocksdb-rocksdbjni-7.10.2.jar [23]
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar [22]
+- lib/org.rocksdb-rocksdbjni-9.9.3.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
 - lib/com.yahoo.datasketches-sketches-core-0.8.3.jar [25]

bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt

@@ -93,13 +93,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 ------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.53.v20231009.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
 
 ==============================================================
  Jetty Web Container
@@ -121,7 +121,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,

bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt

@@ -75,13 +75,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 ------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.53.v20231009.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
 
 ==============================================================
  Jetty Web Container
@@ -103,7 +103,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.53.v20231009.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,

pom.xml

@@ -142,7 +142,7 @@
     <hdrhistogram.version>2.1.10</hdrhistogram.version>
     <jackson.version>2.17.1</jackson.version>
     <jcommander.version>1.82</jcommander.version>
-    <jetty.version>9.4.53.v20231009</jetty.version>
+    <jetty.version>9.4.57.v20241219</jetty.version>
     <jmh.version>1.37</jmh.version>
     <jmock.version>2.8.2</jmock.version>
     <jsoup.version>1.15.3</jsoup.version>