Is there a way to update Eclipse Jetty to the latest version manually, or do I need to wait until this is done with an Openfire update?
You can try swapping out the Jetty libs in openfire/lib, but your best bet is probably to wait until 4.3.0 is available, which uses a newer Jetty.
https://issues.igniterealtime.org/browse/OF-1527
That said, if you’re really worried, do some analysis to work out if this vulnerability actual affects Openfire.
Greg