[Security] Bump version.jetty from 7.1.1.v20100517 to 9.4.15.v20190215

[dependabot-preview[bot]]

Bumps version.jetty from 7.1.1.v20100517 to 9.4.15.v20190215.

Updates jetty-webapp from 7.1.1.v20100517 to 9.4.15.v20190215

Commits

- [`eb70b24`](https://github.com/eclipse/jetty.project/commit/eb70b240169fcf1abbd86af36482d1c49826fa0b) Updating to version 9.4.15.v20190215 - [`c68cb31`](https://github.com/eclipse/jetty.project/commit/c68cb3149f0a16f2185991710b133f04455af2a2) Merge pull request [#3315](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3315) from eclipse/jetty-9.4.x-issue-3279-websocket-flush-... - [`8dba440`](https://github.com/eclipse/jetty.project/commit/8dba440317f7f8f2313d7a709946f38b9425d98c) Issue [#3279](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3279) - WebSocket Close Refactoring - [`f88f856`](https://github.com/eclipse/jetty.project/commit/f88f856673f2e8768042c973481ad78d41910e22) Merge pull request [#3326](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3326) from eclipse/jetty-9.4.x-3278-empty-resourcecollection - [`8969c9a`](https://github.com/eclipse/jetty.project/commit/8969c9a18cd86e0eff3dd5651fe6ddb165b2ad58) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - more cleanup based on review of older codebase with simone - [`a105c44`](https://github.com/eclipse/jetty.project/commit/a105c448567bb0faa43b3a48944e8155c716aa29) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - code reformatting - [`432ed1f`](https://github.com/eclipse/jetty.project/commit/432ed1f5846da2374a6aa39687e9a33fa670ca5c) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - changes from review with simone - [`1150f20`](https://github.com/eclipse/jetty.project/commit/1150f20ed9eea90ff6a3e277370ec11237fe407e) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - [`a6c626a`](https://github.com/eclipse/jetty.project/commit/a6c626a891004a550fcfe5efcaf47ef5734f98e6) Fixing Javadoc - [`7ee7554`](https://github.com/eclipse/jetty.project/commit/7ee7554b8f5fb00029bef4fe32229d07edd3b842) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - Additional commits viewable in [compare view](https://github.com/eclipse/jetty.project/compare/jetty-7.1.1.v20100517...jetty-9.4.15.v20190215)

Updates jetty-annotations from 7.1.1.v20100517 to 9.4.15.v20190215

Commits

- [`eb70b24`](https://github.com/eclipse/jetty.project/commit/eb70b240169fcf1abbd86af36482d1c49826fa0b) Updating to version 9.4.15.v20190215 - [`c68cb31`](https://github.com/eclipse/jetty.project/commit/c68cb3149f0a16f2185991710b133f04455af2a2) Merge pull request [#3315](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3315) from eclipse/jetty-9.4.x-issue-3279-websocket-flush-... - [`8dba440`](https://github.com/eclipse/jetty.project/commit/8dba440317f7f8f2313d7a709946f38b9425d98c) Issue [#3279](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3279) - WebSocket Close Refactoring - [`f88f856`](https://github.com/eclipse/jetty.project/commit/f88f856673f2e8768042c973481ad78d41910e22) Merge pull request [#3326](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3326) from eclipse/jetty-9.4.x-3278-empty-resourcecollection - [`8969c9a`](https://github.com/eclipse/jetty.project/commit/8969c9a18cd86e0eff3dd5651fe6ddb165b2ad58) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - more cleanup based on review of older codebase with simone - [`a105c44`](https://github.com/eclipse/jetty.project/commit/a105c448567bb0faa43b3a48944e8155c716aa29) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - code reformatting - [`432ed1f`](https://github.com/eclipse/jetty.project/commit/432ed1f5846da2374a6aa39687e9a33fa670ca5c) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - changes from review with simone - [`1150f20`](https://github.com/eclipse/jetty.project/commit/1150f20ed9eea90ff6a3e277370ec11237fe407e) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - [`a6c626a`](https://github.com/eclipse/jetty.project/commit/a6c626a891004a550fcfe5efcaf47ef5734f98e6) Fixing Javadoc - [`7ee7554`](https://github.com/eclipse/jetty.project/commit/7ee7554b8f5fb00029bef4fe32229d07edd3b842) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - Additional commits viewable in [compare view](https://github.com/eclipse/jetty.project/compare/jetty-7.1.1.v20100517...jetty-9.4.15.v20190215)

Updates jetty-plus from 7.1.1.v20100517 to 9.4.15.v20190215. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/f5b16237-266e-453c-9104-47292a89c672).* > **[CVE-2017-9735] Information Exposure** > Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. > > Affected versions: (, 9.4.6] *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/b97659bf-d7e8-4500-8d5f-1ef1fe4fe022).* > **[CVE-2011-4461] Cryptographic Issues** > Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. > > Affected versions: (, 8.1.0]

Commits

- [`eb70b24`](https://github.com/eclipse/jetty.project/commit/eb70b240169fcf1abbd86af36482d1c49826fa0b) Updating to version 9.4.15.v20190215 - [`c68cb31`](https://github.com/eclipse/jetty.project/commit/c68cb3149f0a16f2185991710b133f04455af2a2) Merge pull request [#3315](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3315) from eclipse/jetty-9.4.x-issue-3279-websocket-flush-... - [`8dba440`](https://github.com/eclipse/jetty.project/commit/8dba440317f7f8f2313d7a709946f38b9425d98c) Issue [#3279](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3279) - WebSocket Close Refactoring - [`f88f856`](https://github.com/eclipse/jetty.project/commit/f88f856673f2e8768042c973481ad78d41910e22) Merge pull request [#3326](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3326) from eclipse/jetty-9.4.x-3278-empty-resourcecollection - [`8969c9a`](https://github.com/eclipse/jetty.project/commit/8969c9a18cd86e0eff3dd5651fe6ddb165b2ad58) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - more cleanup based on review of older codebase with simone - [`a105c44`](https://github.com/eclipse/jetty.project/commit/a105c448567bb0faa43b3a48944e8155c716aa29) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - code reformatting - [`432ed1f`](https://github.com/eclipse/jetty.project/commit/432ed1f5846da2374a6aa39687e9a33fa670ca5c) Issue [#3278](https://github-redirect.dependabot.com/eclipse/jetty.project/issues/3278) - changes from review with simone - [`1150f20`](https://github.com/eclipse/jetty.project/commit/1150f20ed9eea90ff6a3e277370ec11237fe407e) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - [`a6c626a`](https://github.com/eclipse/jetty.project/commit/a6c626a891004a550fcfe5efcaf47ef5734f98e6) Fixing Javadoc - [`7ee7554`](https://github.com/eclipse/jetty.project/commit/7ee7554b8f5fb00029bef4fe32229d07edd3b842) Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-3278-empty... - Additional commits viewable in [compare view](https://github.com/eclipse/jetty.project/compare/jetty-7.1.1.v20100517...jetty-9.4.15.v20190215)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #45.