Bump jetty-bom from 9.4.51.v20230217 to 11.0.15

[dependabot]

Bumps jetty-bom from 9.4.51.v20230217 to 11.0.15.

Release notes

Sourced from jetty-bom's releases.

11.0.15

Changelog

• #9556 - Password Util does not ask for password
• #9555 - General bug fixes for jetty-start
• #9517 - Jetty 11.0.14 uses wrong pathSpec for request
• #9501 - jetty client with proxy - ssl traffic between both proxy and servers
• #9497 - Maven plugin add support for jar projects in :effective-web-xml
• #9494 - Improved HttpClient TLS documentation about server host name verification
• #9468 - Jetty 11.0.14 is less tolerant of non-compliant cookies than 11.0.13
• #9464 - Respect expiry time of ID token
• #9400 - Jetty logs warning with stacktrace when annotation parser encounters module-info.class file inside elasticsearch-x-content jar
• #9309 - jetty.sh cannot handle complex Jetty properties from start.d/*.ini
• #9237 - Decouple QTP idleTimeout from pool shrink rate
• #6184 - Remove usages of classes associated with JEP-411 that deprecate/remove the SecurityManager from the JVM

Dependencies

• #9610 - Bump tycho-p2-repository-plugin to 3.0.4
• #9607 - Bump logback-core to 1.3.6
• #9596 - Bump org.eclipse.osgi.util to 3.7.200
• #9591 - Bump json-smart to 2.4.10
• #9581 - Bump commons-compress to 1.23.0
• #9575 - Bump protostream to 4.6.2.Final
• #9574 - Bump org.eclipse.osgi to 3.18.300
• #9558 - Bump asm.version to 9.5

11.0.14

Special Thanks to the following Eclipse Jetty community members

• @​pzygielo (Piotrek Żygieło)
• @​jluehe (jluehe)
• @​dzoech (Dominik Zöchbauer)

Changelog

• #9344 - Cleanup Multipart handling for CVE-2023-26048
• #9343 - URI Host Mismatch with optional Compliance modes
• #9339 - Cleanup Cookie Cutter handling for CVE-2023-26049
• #9337 - LowResourceMonitor.getReasons should include detailed reason instead of hard-coded message (@​jluehe)
• #9334 - Better support for Cookie RFC 2965 compliance
• #9285 - ContextHandler sends redirect on BaseResponse instead of Wrapped Response object from Handler chain
• #9283 - Configurable Unsafe Host Header Behaviors
• #9188 - Log as info exceptions from server after sending stop with StopMojo.
• #9183 - ConnectHandler may close the connection instead of sending 200 OK
• #9181 java.lang.NullPointerException in SessionHandler.checkRequestedSessionId()
• #9128 - Do not execute any phase for maven plugin :start (@​pzygielo)
• #9119 - Wrong value of javax.servlet.forward.context_path attribute
• #9092 - Use ASM Bom

... (truncated)

Commits

• 5bc5e56 Updating to version 11.0.15
• a77c879 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• 24b7d06 Issue #9464 - Add optional configuration to log user out after OpenID idToken...
• d35f479 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• 81efae2 jetty-start cleanup (#9555)
• 3aaaeb2 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• 2c61011 Fixes #6184 - JEP-411 will deprecate/remove the SecurityManager from … (#9616)
• b96a605 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• 795315f Merge pull request #9531 from eclipse/jetty-10.0.x-multiPartTestImprovment
• 8bbde29 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: Source: Internal.