[Aikido] Fix 4 security issues in jetty-server, jetty-http

[aikido-autofix]

Upgrade Jetty to fix HTTP request smuggling via chunk extensions, URI parsing bypass vulnerabilities, and memory exhaustion DoS attacks.

⚠️ Breaking changes analysis not available for: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http

✅ 4 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-2332	HIGH	[jetty-server] The HTTP/1.1 parser incorrectly handles chunk extensions with unclosed quoted strings, terminating parsing at \r\n instead of treating it as an error, enabling HTTP request smuggling attacks. This allows attackers to inject malicious requests that bypass security controls.
CVE-2025-11143	MEDIUM	[jetty-server] URI parser interprets invalid or unusual URIs differently than other common parsers, potentially allowing security bypasses when multiple components parse URIs inconsistently or disclosing implementation details through differential parsing behavior.
CVE-2024-8184	MEDIUM	[jetty-server] ThreadLimitHandler.getRemote() contains a vulnerability allowing attackers to trigger OutOfMemory errors through crafted requests, causing denial-of-service by exhausting server memory.
CVE-2024-6763	MEDIUM	[jetty-server] Insufficient validation of URI authority segments in HttpURI can cause host extraction discrepancies between Jetty and browsers, enabling open redirect or SSRF attacks when combined with vulnerable browsers.

🔗 Related Tasks

• https://aikido.atlassian.net/browse/AIK-14115

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!