diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml index 3c51e4c..a931e5c 100644 --- a/owasp-suppressions.xml +++ b/owasp-suppressions.xml @@ -1,3 +1,11 @@ + + + ^pkg:maven/org\.eclipse\.jetty/jetty\-.*@.*$ + CVE-2024-8184 + CVE-2024-6763 + diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts index d8a9e0b..a5ecb94 100644 --- a/platform-http-service-framework/build.gradle.kts +++ b/platform-http-service-framework/build.gradle.kts @@ -7,18 +7,17 @@ dependencies { api(project(":platform-service-framework")) api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.7") api("com.typesafe:config:1.4.2") - api("javax.servlet:javax.servlet-api:4.0.1") - api("com.google.inject:guice:5.1.0") + api("jakarta.servlet:jakarta.servlet-api:6.0.0") + api("com.google.inject:guice:7.0.0") api(project(":service-framework-spi")) implementation(project(":platform-metrics")) implementation("org.slf4j:slf4j-api:1.7.36") - implementation("com.google.inject.extensions:guice-servlet:5.1.0") + implementation("com.google.inject.extensions:guice-servlet:7.0.0") implementation("com.google.guava:guava:31.1-jre") - implementation("org.eclipse.jetty:jetty-servlet:9.4.56.v20240826") - implementation("org.eclipse.jetty:jetty-server:9.4.56.v20240826") - implementation("org.eclipse.jetty:jetty-servlets:9.4.56.v20240826") - + implementation("org.eclipse.jetty:jetty-servlet:11.0.20") + implementation("org.eclipse.jetty:jetty-server:11.0.20") + implementation("org.eclipse.jetty:jetty-servlets:11.0.20") annotationProcessor("org.projectlombok:lombok:1.18.24") compileOnly("org.projectlombok:lombok:1.18.24") } diff --git a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java index 732decb..cb20ad8 100644 --- a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java +++ b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/HttpHandlerDefinition.java @@ -1,10 +1,10 @@ package org.hypertrace.core.serviceframework.http; import com.google.inject.Injector; +import jakarta.servlet.MultipartConfigElement; +import jakarta.servlet.Servlet; import java.util.List; import java.util.Map; -import javax.servlet.MultipartConfigElement; -import javax.servlet.Servlet; import lombok.Builder; import lombok.Singular; import lombok.Value; diff --git a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java index b153498..9bc4293 100644 --- a/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java +++ b/platform-http-service-framework/src/main/java/org/hypertrace/core/serviceframework/http/jetty/JettyHttpServerBuilder.java @@ -6,6 +6,8 @@ import com.google.inject.Injector; import com.google.inject.servlet.GuiceFilter; +import jakarta.servlet.DispatcherType; +import jakarta.servlet.ServletContextListener; import java.nio.file.Path; import java.util.EnumSet; import java.util.LinkedList; @@ -15,8 +17,6 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import javax.annotation.Nullable; -import javax.servlet.DispatcherType; -import javax.servlet.ServletContextListener; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HttpConfiguration; diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts index 9a01d66..dcb56fa 100644 --- a/platform-metrics/build.gradle.kts +++ b/platform-metrics/build.gradle.kts @@ -11,19 +11,19 @@ tasks.test { dependencies { api("com.typesafe:config:1.4.2") - api("io.dropwizard.metrics:metrics-core:4.2.16") + api("io.dropwizard.metrics:metrics-jakarta-servlet:4.2.25") api("io.micrometer:micrometer-core:1.10.2") - api("javax.servlet:javax.servlet-api:3.1.0") + api("jakarta.servlet:jakarta.servlet-api:6.0.0") implementation("io.micrometer:micrometer-registry-prometheus:1.10.2") implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.2") implementation("org.slf4j:slf4j-api:1.7.36") implementation("io.dropwizard.metrics:metrics-jvm:4.2.16") - implementation("io.prometheus:simpleclient_dropwizard:0.12.0") - implementation("io.prometheus:simpleclient_servlet:0.12.0") - implementation("io.prometheus:simpleclient_pushgateway:0.12.0") - implementation("org.eclipse.jetty:jetty-servlet:9.4.56.v20240826") + implementation("io.prometheus:simpleclient_dropwizard:0.16.0") + implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0") + implementation("io.prometheus:simpleclient_pushgateway:0.16.0") + implementation("org.eclipse.jetty:jetty-servlet:11.0.20") implementation("com.google.guava:guava:32.0.1-jre") compileOnly("com.github.ben-manes.caffeine:caffeine:3.1.8") diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts index 72662c7..e0acc68 100644 --- a/platform-service-framework/build.gradle.kts +++ b/platform-service-framework/build.gradle.kts @@ -18,11 +18,11 @@ dependencies { api("com.typesafe:config:1.4.2") // Use for thread dump servlet - implementation("io.dropwizard.metrics:metrics-servlets:4.2.16") - implementation("org.eclipse.jetty:jetty-servlet:9.4.56.v20240826") + implementation("io.dropwizard.metrics:metrics-jakarta-servlets:4.2.25") + implementation("org.eclipse.jetty:jetty-servlet:11.0.20") // Use for metrics servlet - implementation("io.prometheus:simpleclient_servlet:0.12.0") + implementation("io.prometheus:simpleclient_servlet_jakarta:0.16.0") // http client implementation("org.apache.httpcomponents:httpclient:4.5.13") @@ -36,6 +36,4 @@ dependencies { testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0") testImplementation("org.junit.jupiter:junit-jupiter:5.9.0") testImplementation("org.mockito:mockito-core:4.8.0") - testImplementation("org.eclipse.jetty:jetty-servlet:9.4.56.v20240826:tests") - testImplementation("org.eclipse.jetty:jetty-http:9.4.56.v20240826:tests") } diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java index c14356b..c5ef331 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/PlatformService.java @@ -1,10 +1,10 @@ package org.hypertrace.core.serviceframework; -import com.codahale.metrics.servlets.CpuProfileServlet; -import com.codahale.metrics.servlets.ThreadDumpServlet; import com.typesafe.config.Config; import com.typesafe.config.ConfigFactory; -import io.prometheus.client.exporter.MetricsServlet; +import io.dropwizard.metrics.servlets.CpuProfileServlet; +import io.dropwizard.metrics.servlets.ThreadDumpServlet; +import io.prometheus.client.servlet.jakarta.exporter.MetricsServlet; import java.net.InetAddress; import java.net.ServerSocket; import java.net.UnknownHostException; diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java index dd89551..1ef918d 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/HealthCheckServlet.java @@ -1,9 +1,9 @@ package org.hypertrace.core.serviceframework.service.servlets; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.hypertrace.core.serviceframework.PlatformService; public class HealthCheckServlet extends HttpServlet { diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java index c882451..fd22a08 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/service/servlets/JVMDiagnosticServlet.java @@ -1,15 +1,15 @@ package org.hypertrace.core.serviceframework.service.servlets; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; import java.lang.management.ManagementFactory; import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.hypertrace.core.serviceframework.jvm.JVMDiagnosticCommand; import org.hypertrace.core.serviceframework.jvm.JVMDiagnosticCommand.Op;