(bookkeeper) 15/21: Upgrade jetty version to 9.4.51.v20230217 (#3937)

yong Tue, 05 Dec 2023 23:43:28 -0800

This is an automated email from the ASF dual-hosted git repository.

yong pushed a commit to branch branch-4.15
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


commit fdc65ca2bc8e7b2cbeced0e4742091b3bba5e940
Author: Hang Chen <[email protected]>
AuthorDate: Thu May 4 11:43:17 2023 +0800

    Upgrade jetty version to 9.4.51.v20230217 (#3937)
    
    ### Motivation
    #### [CVE-2023-26048](https://www.cve.org/CVERecord?id=CVE-2023-26048)
    Detailed paths
    Introduced through: 
org.apache.bookkeeper:[email protected] › 
org.apache.bookkeeper.stats:[email protected] › 
org.eclipse.jetty:[email protected] › 
org.eclipse.jetty:[email protected] › 
org.eclipse.jetty:[email protected]
    Fix: No remediation path available.
    
    ### Changes
    Upgrade jetty version to 9.4.51.v20230217 to resolve this CVE.
    
    (cherry picked from commit fffcca08bd1829b968b66439029b8e4f57f1e49e)
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt   | 14 +++++++-------
 .../src/main/resources/LICENSE-server.bin.txt            | 14 +++++++-------
 bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt    | 16 ++++++++--------
 bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt | 16 ++++++++--------
 pom.xml                                                  |  2 +-
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 1e37f1de33..f0ae984e64 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar [22]
 - lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 61366100d5..3a8acaa87a 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar [22]
 - lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
index 91f4e5dde2..6b3ec689a0 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
@@ -86,13 +86,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622jar
-- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar
 
 ==============================================================
  Jetty Web Container
@@ -114,7 +114,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
index fe0761694d..bc4588f6df 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
@@ -68,13 +68,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar
 
 ==============================================================
  Jetty Web Container
@@ -96,7 +96,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
diff --git a/pom.xml b/pom.xml
index 99897e2a52..f9bd3f9caa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,7 +143,7 @@
     <hdrhistogram.version>2.1.10</hdrhistogram.version>
     <jackson.version>2.13.4.20221013</jackson.version>
     <jcommander.version>1.82</jcommander.version>
-    <jetty.version>9.4.48.v20220622</jetty.version>
+    <jetty.version>9.4.51.v20230217</jetty.version>
     <jmh.version>1.19</jmh.version>
     <jmock.version>2.8.2</jmock.version>
     <jsoup.version>1.14.3</jsoup.version>

(bookkeeper) 15/21: Upgrade jetty version to 9.4.51.v20230217 (#3937)

Reply via email to