Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763

# Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763

This is for `series/0.24`
## Why?
- Jetty versions from `7.0.0` up to `12.0.11` are affected by CVE-2024-6763 (Eclipse Jetty URI parsing of invalid authority).
- The current version of `http4s-jetty` uses Jetty `10`.
- [Community support for Jetty 10 and Jetty 11 ended in January 2024](https://github.com/jetty/jetty.project/issues/10485).
- To solve the issue, `http4s-jetty` should use Jetty `12`, the current stable version.

## Any Other Things to Know?
- Jetty `12` requires Java `17`, so dropping support for Java `11` is necessary.
- Jetty has multiple versions supporting different versions of Jakarta EE (Java EE), and this ticket is only for Jakarta EE `10`.


***
## Additional Notes:

* https://github.com/http4s/http4s/pull/7579
* I’ve already been working on the JEE `8` one and will do the same for JEE `10`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763 #340

Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763

Why?

Any Other Things to Know?

Additional Notes:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support for Jetty 12 with Jakarta EE 10 to address CVE-2024-6763 #340

Description

Support for Jetty 12 with Jakarta EE 10 to address CVE-2024-6763

Why?

Any Other Things to Know?

Additional Notes:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763 #340

Support for Jetty `12` with Jakarta EE `10` to address CVE-2024-6763