Bump version.jetty from 11.0.9 to 11.0.11

[dependabot]

Bumps version.jetty from 11.0.9 to 11.0.11.
Updates jetty-bom from 11.0.9 to 11.0.11

Release notes

Sourced from jetty-bom's releases.

11.0.11

Special Thanks to the following Eclipse Jetty community members

• @​cstamas (Tamas Cservenak)

Critical Fix

• #8184 - All suffix globs except first fail to match if path has . character in prefix section

Changelog

• #8187 - Fix test-distribution classpath re resolver (@​cstamas)
• #8175 - Removing invalid maxConnections references
• #8163 - RegexPathSpec documentation and MatchedPath improvements
• #8162 - Migrate code from jetty-util Logger to slf4j Logger
• #8161 - Improve SSLConnection buffers handling
• #8155 - Use static exceptions for closing websocket flushers and in ContentProducer

11.0.10

Fixed Security Advisories

• (CVE-2022-2047) - GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
• (CVE-2022-2048) - GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service
• (CVE-2022-2191) - GHSA-8mpp-f3f7-xc28 - SslConnection does not release pooled ByteBuffers in case of errors

Special Thanks to the following Eclipse Jetty community members

• @​jianglai (Lai Jiang)
• @​markslater (markslater)
• @​prenagha (Padraic Renaghan)

Changelog

• #8161 - Improve SSLConnection buffers handling (Resolves CVE-2022-2191)
• #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8057 - Support Http Response 103 (Early Hints)
• #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
• #8008 - Add compliance mode for LEGACY multipart parser in Jetty
• #7994 - Ability to construct a detached client Request
• #7991 - fix bom for jetty-cdi
• #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
• #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
• #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
• #7953 - Fix StatisticsHandler in the case a Handler throws exception.
• #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
• #7929 - Correct requestlog formatString commented default (@​prenagha)
• #7924 - Fix a typo in Javadoc (@​jianglai)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec

... (truncated)

Commits

• 5848731 Updating to version 11.0.11
• a3616ca Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• 3fabe54 Fix test-distribution classpath re resolver (#8187)
• 97f37d7 Add Jetty 10.0.10 to VERSION.txt
• 6da27fc Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• 5fddbf9 Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern ...
• 8149350 Merge Release 11.0.10 back into jetty-11.0.x (#8181)
• e81dab9 Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• c2bc103 Merge Release 10.0.10 back into jetty-10.0.x (#8180)
• d4d3d59 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-11.0.x
• Additional commits viewable in compare view

Updates websocket-jakarta-client from 11.0.9 to 11.0.11

Updates websocket-jakarta-server from 11.0.9 to 11.0.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)