From 28dcd64472b3bb5662096fb47bd835c4bf5ec19b Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Tue, 3 Oct 2023 09:50:15 -0400
Subject: [PATCH 1/2] Add exclusions + Jetty updates to v9.4.52

---
 deps.edn | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/deps.edn b/deps.edn
index 30eb2c80..6993b00a 100644
--- a/deps.edn
+++ b/deps.edn
@@ -41,8 +41,24 @@
   :server
   {:extra-paths ["src/server"]
    :extra-deps
-   {io.pedestal/pedestal.service {:mvn/version "0.6.0"}
-    io.pedestal/pedestal.jetty   {:mvn/version "0.6.0"}
+   {;; Jetty deps - need to exclude and use v9.4.52 due to CVEs
+    io.pedestal/pedestal.jetty
+    {:mvn/version "0.6.0"
+     :exclusions [org.eclipse.jetty/jetty-server
+                  org.eclipse.jetty/jetty-servlet
+                  org.eclipse.jetty.alpn/alpn-api
+                  org.eclipse.jetty/jetty-alpn-server
+                  org.eclipse.jetty.http2/http2-server
+                  org.eclipse.jetty.websocket/websocket-api
+                  org.eclipse.jetty.websocket/websocket-servlet
+                  org.eclipse.jetty.websocket/websocket-server]}
+    org.eclipse.jetty/jetty-server       {:mvn/version "9.4.52.v20230823"}
+    org.eclipse.jetty/jetty-servlet      {:mvn/version "9.4.52.v20230823"}
+    org.eclipse.jetty.alpn/alpn-api      {:mvn/version "1.1.3.v20160715"}
+    org.eclipse.jetty/jetty-alpn-server  {:mvn/version "9.4.52.v20230823"}
+    org.eclipse.jetty.http2/http2-server {:mvn/version "9.4.52.v20230823"}
+    ;; Other server deps
+    io.pedestal/pedestal.service {:mvn/version "0.6.0"}
     org.slf4j/slf4j-simple       {:mvn/version "1.7.28"}
     clj-http/clj-http            {:mvn/version "3.12.3"}
     environ/environ              {:mvn/version "1.1.0"}

From 7e4595fc77b9be265dc4e65a0d3d37933ce10124 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Tue, 3 Oct 2023 09:51:02 -0400
Subject: [PATCH 2/2] Update CHANGELOG

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79ff53a6..d4aae16e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Change Log
 
+## [0.3.2] - 2023-10-03
+- Update server Jetty dependencies to v9.4.52 to address CVEs.
+
 ## [0.3.1] - 2023-07-24
 - Fix bug where the same `any` and `all` values are chosen within the same generated sequence.