This is an automated email from the ASF dual-hosted git repository.
nicholasjiang pushed a commit to branch branch-0.6
in repository https://gitbox.apache.org/repos/asf/celeborn.git
The following commit(s) were added to refs/heads/branch-0.6 by this push:
new 1d849a9a9 [CELEBORN-2234] Bump jetty version to 9.4.58.v20250814 to
fix GHSA-qh8g-58pp-2wxh
1d849a9a9 is described below
commit 1d849a9a9bd80a118a52a3c915d4eec759a3b954
Author: Wang, Fei <[email protected]>
AuthorDate: Wed Dec 10 20:50:27 2025 +0800
[CELEBORN-2234] Bump jetty version to 9.4.58.v20250814 to fix
GHSA-qh8g-58pp-2wxh
### What changes were proposed in this pull request?
Bump jetty version to 9.4.58.v20250814 to fix GHSA-qh8g-58pp-2wxh
### Why are the changes needed?
To fix CVE https://github.com/advisories/GHSA-qh8g-58pp-2wxh
### Does this PR resolve a correctness bug?
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
GA.
Closes #3560 from turboFei/jetty.
Authored-by: Wang, Fei <[email protected]>
Signed-off-by: 子懿 <[email protected]>
(cherry picked from commit 329250ec0ea401f7210db86a1d91f6d75b5e2bd2)
Signed-off-by: 子懿 <[email protected]>
---
dev/deps/dependencies-server | 18 +++++++++---------
pom.xml | 2 +-
project/CelebornBuild.scala | 2 +-
3 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server
index 25c923f23..3f9062e5c 100644
--- a/dev/deps/dependencies-server
+++ b/dev/deps/dependencies-server
@@ -63,15 +63,15 @@ jersey-hk2/2.39.1//jersey-hk2-2.39.1.jar
jersey-media-json-jackson/2.39.1//jersey-media-json-jackson-2.39.1.jar
jersey-media-multipart/2.39.1//jersey-media-multipart-2.39.1.jar
jersey-server/2.39.1//jersey-server-2.39.1.jar
-jetty-client/9.4.56.v20240826//jetty-client-9.4.56.v20240826.jar
-jetty-http/9.4.56.v20240826//jetty-http-9.4.56.v20240826.jar
-jetty-io/9.4.56.v20240826//jetty-io-9.4.56.v20240826.jar
-jetty-proxy/9.4.56.v20240826//jetty-proxy-9.4.56.v20240826.jar
-jetty-security/9.4.56.v20240826//jetty-security-9.4.56.v20240826.jar
-jetty-server/9.4.56.v20240826//jetty-server-9.4.56.v20240826.jar
-jetty-servlet/9.4.56.v20240826//jetty-servlet-9.4.56.v20240826.jar
-jetty-util-ajax/9.4.56.v20240826//jetty-util-ajax-9.4.56.v20240826.jar
-jetty-util/9.4.56.v20240826//jetty-util-9.4.56.v20240826.jar
+jetty-client/9.4.58.v20250814//jetty-client-9.4.58.v20250814.jar
+jetty-http/9.4.58.v20250814//jetty-http-9.4.58.v20250814.jar
+jetty-io/9.4.58.v20250814//jetty-io-9.4.58.v20250814.jar
+jetty-proxy/9.4.58.v20250814//jetty-proxy-9.4.58.v20250814.jar
+jetty-security/9.4.58.v20250814//jetty-security-9.4.58.v20250814.jar
+jetty-server/9.4.58.v20250814//jetty-server-9.4.58.v20250814.jar
+jetty-servlet/9.4.58.v20250814//jetty-servlet-9.4.58.v20250814.jar
+jetty-util-ajax/9.4.58.v20250814//jetty-util-ajax-9.4.58.v20250814.jar
+jetty-util/9.4.58.v20250814//jetty-util-9.4.58.v20250814.jar
jsr305/1.3.9//jsr305-1.3.9.jar
jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar
leveldbjni-all/1.8//leveldbjni-all-1.8.jar
diff --git a/pom.xml b/pom.xml
index fe4dbe3a2..ab8df7d64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,7 +120,7 @@
<swagger.version>2.2.1</swagger.version>
<swagger-ui.version>4.9.1</swagger-ui.version>
<jersey.version>2.39.1</jersey.version>
- <jetty.version>9.4.56.v20240826</jetty.version>
+ <jetty.version>9.4.58.v20250814</jetty.version>
<javax.servlet-api.version>4.0.1</javax.servlet-api.version>
<!-- 6.0.0 requires JDK 11 -->
<jakarta.servlet-api.version>5.0.0</jakarta.servlet-api.version>
diff --git a/project/CelebornBuild.scala b/project/CelebornBuild.scala
index f16f5d5fd..bf50e3253 100644
--- a/project/CelebornBuild.scala
+++ b/project/CelebornBuild.scala
@@ -79,7 +79,7 @@ object Dependencies {
val swaggerVersion = "2.2.1"
val swaggerUiVersion = "4.9.1"
val jerseyVersion = "2.39.1"
- val jettyVersion = "9.4.56.v20240826"
+ val jettyVersion = "9.4.58.v20250814"
val javaxServletApiVersion = "4.0.1"
val jakartaServeletApiVersion = "5.0.0"
val openApiToolsJacksonBindNullableVersion = "0.2.6"
