From 943e9859f6bbf406df7ab15fbbc6e38d8f882584 Mon Sep 17 00:00:00 2001
From: Scott M Stark <starksm64@gmail.com>
Date: Thu, 9 Nov 2023 13:48:37 -0600
Subject: [PATCH 1/2] Fix for the Jetty bypass vulnerability fixed in version
 9.4.51.v20230217

Signed-off-by: Scott M Stark <starksm64@gmail.com>
---
 protocols/servlet/pom.xml                             |  2 +-
 .../protocol/servlet/AbstractServerBase.java          | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/protocols/servlet/pom.xml b/protocols/servlet/pom.xml
index 0fc02aea1..84412b343 100644
--- a/protocols/servlet/pom.xml
+++ b/protocols/servlet/pom.xml
@@ -22,7 +22,7 @@
   <!-- Properties -->
   <properties>
     <!-- Versioning -->
-    <version.jetty_jetty>8.1.2.v20120308</version.jetty_jetty>
+    <version.jetty_jetty>9.4.51.v20230217</version.jetty_jetty>
 
   </properties>
 
diff --git a/protocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java b/protocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java
index e2806f4ca..2323ae9f6 100644
--- a/protocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java
+++ b/protocols/servlet/src/test/java/org/jboss/arquillian/protocol/servlet/AbstractServerBase.java
@@ -26,6 +26,9 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.NetworkConnector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext;
@@ -88,7 +91,13 @@ protected HTTPContext createContext() {
     }
 
     protected URI createBaseURL() {
-        return URI.create("http://localhost:" + server.getConnectors()[0].getPort() + "/arquillian-protocol");
+        int port = 8080;
+        Connector defaultConn = server.getConnectors()[0];
+        if (defaultConn instanceof NetworkConnector) {
+            NetworkConnector net = (NetworkConnector) defaultConn;
+            port = net.getLocalPort();
+        }
+        return URI.create("http://localhost:" + port + "/arquillian-protocol");
     }
 
     protected URL createURL(String outputMode, String testClass, String methodName) {

From 5217b99bd86a2fabb723ae44579279514f3b34a2 Mon Sep 17 00:00:00 2001
From: Scott M Stark <starksm64@gmail.com>
Date: Mon, 13 Nov 2023 15:17:42 -0600
Subject: [PATCH 2/2] Upgrade of RestEasy to 6.2.6.Final with Jakarta Rest to
 3.1.0 This also enables property logging from the embedded Jetty test
 container

Signed-off-by: Scott M Stark <starksm64@gmail.com>
---
 protocols/rest-jakarta/pom.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/protocols/rest-jakarta/pom.xml b/protocols/rest-jakarta/pom.xml
index 574de6770..cdcd50a9b 100644
--- a/protocols/rest-jakarta/pom.xml
+++ b/protocols/rest-jakarta/pom.xml
@@ -23,8 +23,8 @@
   <properties>
     <!-- Versioning -->
     <version.jetty_jetty>11.0.14</version.jetty_jetty>
-    <version.resteasy>6.2.4.Final</version.resteasy>
-    <version.restfulws-api>3.0.0</version.restfulws-api>
+    <version.resteasy>6.2.6.Final</version.resteasy>
+    <version.restfulws-api>3.1.0</version.restfulws-api>
     <!-- The protocol adaptor requires Java 8 -->
     <maven.compiler.target>1.8</maven.compiler.target>
     <maven.compiler.source>1.8</maven.compiler.source>
@@ -96,6 +96,13 @@
       <version>${version.jetty_jetty}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-slf4j-impl</artifactId>
+      <version>${version.jetty_jetty}</version>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.jboss.resteasy</groupId>
       <artifactId>resteasy-servlet-initializer</artifactId>