From c46d693ff902e2fd5b94c3a2171b30a51ec16cf5 Mon Sep 17 00:00:00 2001
From: Dhruv Singhal <dhruv.singhal@traceable.ai>
Date: Wed, 11 Oct 2023 07:23:45 +0530
Subject: [PATCH 1/3] upgraded version for org.eclipse.jetty:jetty-servlet

---
 platform-http-service-framework/build.gradle.kts | 6 +++---
 platform-metrics/build.gradle.kts                | 2 +-
 platform-service-framework/build.gradle.kts      | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts
index 3a252e1..abb22d1 100644
--- a/platform-http-service-framework/build.gradle.kts
+++ b/platform-http-service-framework/build.gradle.kts
@@ -15,9 +15,9 @@ dependencies {
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("com.google.inject.extensions:guice-servlet:5.1.0")
   implementation("com.google.guava:guava:31.1-jre")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.52.v20230823")
-  implementation("org.eclipse.jetty:jetty-server:9.4.52.v20230823")
-  implementation("org.eclipse.jetty:jetty-servlets:9.4.52.v20230823")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
+  implementation("org.eclipse.jetty:jetty-server:9.4.53")
+  implementation("org.eclipse.jetty:jetty-servlets:9.4.53")
 
   annotationProcessor("org.projectlombok:lombok:1.18.24")
   compileOnly("org.projectlombok:lombok:1.18.24")
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
index 001fcb0..7de605b 100644
--- a/platform-metrics/build.gradle.kts
+++ b/platform-metrics/build.gradle.kts
@@ -24,7 +24,7 @@ dependencies {
   implementation("io.prometheus:simpleclient_dropwizard:0.12.0")
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
   implementation("io.prometheus:simpleclient_pushgateway:0.12.0")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.52.v20230823")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
   implementation("com.google.guava:guava:32.0.1-jre")
 
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
index d5c339d..1201d8d 100644
--- a/platform-service-framework/build.gradle.kts
+++ b/platform-service-framework/build.gradle.kts
@@ -21,7 +21,7 @@ dependencies {
   constraints {
     implementation("com.fasterxml.jackson.core:jackson-databind:2.15.2")
   }
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.52.v20230823")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
 
   // Use for metrics servlet
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
@@ -38,6 +38,6 @@ dependencies {
   testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
   testImplementation("org.mockito:mockito-core:4.8.0")
-  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.52.v20230823:tests")
-  testImplementation("org.eclipse.jetty:jetty-http:9.4.52.v20230823:tests")
+  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.53:tests")
+  testImplementation("org.eclipse.jetty:jetty-http:9.4.53:tests")
 }

From 20fb571fb782818c64420996bf922934c0cedb6e Mon Sep 17 00:00:00 2001
From: Dhruv Singhal <dhruv.singhal@traceable.ai>
Date: Wed, 11 Oct 2023 07:29:45 +0530
Subject: [PATCH 2/3] changed version to 9.4.53.v20231009

---
 platform-http-service-framework/build.gradle.kts | 6 +++---
 platform-metrics/build.gradle.kts                | 2 +-
 platform-service-framework/build.gradle.kts      | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts
index abb22d1..b855db2 100644
--- a/platform-http-service-framework/build.gradle.kts
+++ b/platform-http-service-framework/build.gradle.kts
@@ -15,9 +15,9 @@ dependencies {
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("com.google.inject.extensions:guice-servlet:5.1.0")
   implementation("com.google.guava:guava:31.1-jre")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
-  implementation("org.eclipse.jetty:jetty-server:9.4.53")
-  implementation("org.eclipse.jetty:jetty-servlets:9.4.53")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
+  implementation("org.eclipse.jetty:jetty-server:9.4.53.v20231009")
+  implementation("org.eclipse.jetty:jetty-servlets:9.4.53.v20231009")
 
   annotationProcessor("org.projectlombok:lombok:1.18.24")
   compileOnly("org.projectlombok:lombok:1.18.24")
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
index 7de605b..17afd53 100644
--- a/platform-metrics/build.gradle.kts
+++ b/platform-metrics/build.gradle.kts
@@ -24,7 +24,7 @@ dependencies {
   implementation("io.prometheus:simpleclient_dropwizard:0.12.0")
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
   implementation("io.prometheus:simpleclient_pushgateway:0.12.0")
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
   implementation("com.google.guava:guava:32.0.1-jre")
 
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
index 1201d8d..bc811b4 100644
--- a/platform-service-framework/build.gradle.kts
+++ b/platform-service-framework/build.gradle.kts
@@ -21,7 +21,7 @@ dependencies {
   constraints {
     implementation("com.fasterxml.jackson.core:jackson-databind:2.15.2")
   }
-  implementation("org.eclipse.jetty:jetty-servlet:9.4.53")
+  implementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009")
 
   // Use for metrics servlet
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
@@ -38,6 +38,6 @@ dependencies {
   testImplementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
   testImplementation("org.junit.jupiter:junit-jupiter:5.9.0")
   testImplementation("org.mockito:mockito-core:4.8.0")
-  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.53:tests")
-  testImplementation("org.eclipse.jetty:jetty-http:9.4.53:tests")
+  testImplementation("org.eclipse.jetty:jetty-servlet:9.4.53.v20231009:tests")
+  testImplementation("org.eclipse.jetty:jetty-http:9.4.53.v20231009:tests")
 }

From 756738228f9894d4889a7e2725caaae2ed7ce5e4 Mon Sep 17 00:00:00 2001
From: Dhruv Singhal <dhruv.singhal@traceable.ai>
Date: Wed, 11 Oct 2023 08:08:04 +0530
Subject: [PATCH 3/3] suppressed

---
 owasp-suppressions.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index a7f4fad..313ecab 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -22,7 +22,7 @@
    Ref:
    https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@9.4.52\..*$</packageUrl>
+    <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@9.4.53\..*$</packageUrl>
     <vulnerabilityName>CVE-2023-36479</vulnerabilityName>
   </suppress>
 </suppressions> 
\ No newline at end of file