Upgrade jetty version in build.gradle

apanich · web-flow · commit 08b90f220dfd · 2026-01-02T18:20:39.000-05:00
this is to address CVE-2024-6763 vulnerability
diff --git a/runners/google-cloud-dataflow-java/worker/build.gradle b/runners/google-cloud-dataflow-java/worker/build.gradle
@@ -131,7 +131,7 @@ applyJavaNature(
             dependencies {
                 // We have to include jetty-server/jetty-servlet and all of its transitive dependencies
                 // which includes several org.eclipse.jetty artifacts + servlet-api
-                include(dependency("org.eclipse.jetty:.*:9.4.57.v20241219"))
+                include(dependency("org.eclipse.jetty:.*:12.1.5"))
                 include(dependency("javax.servlet:javax.servlet-api:3.1.0"))
             }
             relocate("org.eclipse.jetty", getWorkerRelocatedPath("org.eclipse.jetty"))
@@ -200,8 +200,8 @@ dependencies {
     compileOnly "org.conscrypt:conscrypt-openjdk-uber:2.5.1"
 
     implementation "javax.servlet:javax.servlet-api:3.1.0"
-    implementation "org.eclipse.jetty:jetty-server:9.4.57.v20241219"
-    implementation "org.eclipse.jetty:jetty-servlet:9.4.57.v20241219"
+    implementation "org.eclipse.jetty:jetty-server:12.1.5"
+    implementation "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.5"
     implementation library.java.avro
     implementation library.java.jackson_annotations
     implementation library.java.jackson_core
