Bump jetty-servlets from 9.2.16.v20160414 to 9.4.41.v20210516

[dependabot[bot]]

Bumps jetty-servlets from 9.2.16.v20160414 to 9.4.41.v20210516.

Release notes

Sourced from jetty-servlets's releases.

9.4.41.v20210516

Changelog

• This release resolves CVE-2021-28169
• #6099 Cipher preference may break SNI if certificates have different key types
• #6186 Add Null Protection on Log / Logger
• #6205 OpenIdAuthenticator may use incorrect redirect
• #6208 HTTP/2 max local stream count exceeded
• #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
• #6254 Total timeout not enforced for queued requests
• #6263 Review URI encoding in ConcatServlet & WelcomeFilter
• #6277 Better handle exceptions thrown from session destroy listener
• #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
• #6082 - SslConnection compacting

9.4.39.v20210325

Changelog

:warning: Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
• #6052 - Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android
• #6063 - Allow override of hazelcast version when using module
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

9.4.38.v20210224

Changelog

• #6001 - Ambiguous URI legacy compliance mode

... (truncated)

Commits

• 98607f9 Updating to version 9.4.41.v20210516
• 087f486 Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#6278) ...
• edcaf70 Copy ServletHolder class/instance properly during startWebapp (#6214)
• 1c05b0b Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
• 9cb9343 Issue #6205 - Fix serialization issues in OpenIdAuthenticator
• 2e7f5eb Issue #6205 - Fix issues with OpenID redirecting to wrong URI (#6211)
• 88ac104 Issue #6254 - Total timeout not enforced for queued requests.
• da50e06 Fixes #6254 - Total timeout not enforced for queued requests.
• 5f23689 Issue #6254 - Total timeout not enforced for queued requests.
• 003c313 upgrade h2spec-maven-plugin 1.0.5 (#6247)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/qubole/spark-on-lambda/network/alerts).