This is an automated email from the ASF dual-hosted git repository.
ayegorov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 49bb6369fc Bump jetty to 9.4.46.v20220331 to get rid of CVE-2021-34429
49bb6369fc is described below
commit 49bb6369fced44e60bd86dbadec53eec4d173e74
Author: Nicolò Boschi <[email protected]>
AuthorDate: Tue Apr 26 00:25:35 2022 +0200
Bump jetty to 9.4.46.v20220331 to get rid of CVE-2021-34429
### Motivation
Current jetty version is vulnerable to
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34429
### Changes
* Upgrade to the latest 9.x one 9.4.46.v20220331
Reviewers: Andrey Yegorov <None>, ZhangJian He <[email protected]>, Tian
Luo <[email protected]>, Yong Zhang <[email protected]>
This closes #3232 from nicoloboschi/bump-jetty-9.4.46.v20220331
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 16 ++++++++--------
.../src/main/resources/LICENSE-server.bin.txt | 16 ++++++++--------
bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt | 16 ++++++++--------
bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt | 16 ++++++++--------
dependencies.gradle | 2 +-
pom.xml | 2 +-
6 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 2dabc1fa3e..e75feaff68 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
- lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar [22]
- lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
- lib/com.beust-jcommander-1.78.jar [24]
- lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
@@ -335,7 +335,7 @@ Apache Software License, Version 2.
[19] Source available at
https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad
[20] Source available at
https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6
[21] Source available at https://github.com/apache/zookeeper/tree/release-3.8.0
-[22] Source available at
https://github.com/eclipse/jetty.project/tree/jetty-9.4.43.v20210629
+[22] Source available at
https://github.com/eclipse/jetty.project/tree/jetty-9.4.46.v20220331
[23] Source available at https://github.com/facebook/rocksdb/tree/v6.22.1
[24] Source available at https://github.com/cbeust/jcommander/tree/1.78
[25] Source available at
https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 8539216fee..7fb754fc3b 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
- lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar [22]
- lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
- lib/com.beust-jcommander-1.78.jar [24]
- lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
@@ -332,7 +332,7 @@ Apache Software License, Version 2.
[19] Source available at
https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad
[20] Source available at
https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6
[21] Source available at https://github.com/apache/zookeeper/tree/release-3.8.0
-[22] Source available at
https://github.com/eclipse/jetty.project/tree/jetty-9.4.43.v20210629
+[22] Source available at
https://github.com/eclipse/jetty.project/tree/jetty-9.4.46.v20220331
[23] Source available at https://github.com/facebook/rocksdb/tree/v6.16.4
[24] Source available at https://github.com/cbeust/jcommander/tree/1.78
[25] Source available at
https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
index 0ed6c548c9..81841d0653 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
@@ -86,13 +86,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
This product includes software developed as part of the
Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629jar
-- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331jar
+- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar
==============================================================
Jetty Web Container
@@ -114,7 +114,7 @@ Jetty is dual licensed under both
Jetty may be distributed under either license.
-lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar bundles UnixCrypt
The UnixCrypt.java code implements the one way cryptography used by
Unix systems for simple password protection. Copyright 1996 Aki Yoshida,
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
index 27247562ef..7015d5c69b 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
@@ -68,13 +68,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
This product includes software developed as part of the
Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.43.v20210629.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar
==============================================================
Jetty Web Container
@@ -96,7 +96,7 @@ Jetty is dual licensed under both
Jetty may be distributed under either license.
-lib/org.eclipse.jetty-jetty-util-9.4.43.v20210629.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar bundles UnixCrypt
The UnixCrypt.java code implements the one way cryptography used by
Unix systems for simple password protection. Copyright 1996 Aki Yoshida,
diff --git a/dependencies.gradle b/dependencies.gradle
index 517eb0661d..efc1615f97 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -57,7 +57,7 @@ depVersions = [
javaAnnotations:"1.3.2",
jcommander: "1.78",
jctools: "2.1.2",
- jetty: "9.4.43.v20210629",
+ jetty: "9.4.46.v20220331",
jmh: "1.19",
jmock: "2.8.2",
jna: "3.2.7",
diff --git a/pom.xml b/pom.xml
index 42f07393f7..2fdac764fb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@
<hdrhistogram.version>2.1.10</hdrhistogram.version>
<jackson.version>2.13.2.20220328</jackson.version>
<jcommander.version>1.78</jcommander.version>
- <jetty.version>9.4.43.v20210629</jetty.version>
+ <jetty.version>9.4.46.v20220331</jetty.version>
<jmh.version>1.19</jmh.version>
<jmock.version>2.8.2</jmock.version>
<jsoup.version>1.14.3</jsoup.version>
