[WIP][SPARK-53757] Upgrade Jetty to 12.0.12

[eschcam]

What changes were proposed in this pull request?

Update Jetty from 11.0.25 to 12.0.12

Why are the changes needed?

Jetty 11.0.25 contains CVE-2024-6763

Does this PR introduce any user-facing change?

No

How was this patch tested?

Passed all CI tests

Was this patch authored or co-authored using generative AI tooling?

No

[eschcam]

Waiting on hadoop 3.5.0 to be released as this resolves javax compatibility issues

[dongjoon-hyun]

Waiting on hadoop 3.5.0 to be released as this resolves javax compatibility issues

Do we have any ETA for Apache Hadoop 3.5.0, @eschcam ?

[eschcam]

Do we have any ETA for Apache Hadoop 3.5.0, @eschcam ?

To my knowledge, a vote has not been passed yet for Hadoop 3.5.0

[pan3793]

@eschcam I think the hadoop 3.5 release does not block us from upgrading Jetty 12, the real issue is the feature gap between Jetty 11 and 12, see more details at #45500 (comment)

[eschcam]

@eschcam I think the hadoop 3.5 release does not block us from upgrading Jetty 12, the real issue is the feature gap between Jetty 11 and 12, see more details at #45500 (comment)

The reason the updated version of Hadoop is required is due to the migration away from using JavaX which is currently being implemented in the upcoming hadoop 3.5

[pan3793]

@eschcam Can you elaborate more about your stated "javax compatibility issues"?

AFAIK, Spark uses the Hadoop shaded client, which does not expose the javax.servlet classes and should not affect us. In addition, Spark already uses jakarta.servlet during the previous Jetty 11 upgrade.