This is an automated email from the ASF dual-hosted git repository.
yesamer pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-drools.git
The following commit(s) were added to refs/heads/main by this push:
new 9f4b330ad1 Fix CVE-2024-6763, CVE-2025-11143, CVE-2026-2332,
CVE-2025-5115: Upgade to Jetty 12.0.33 (#6748)
9f4b330ad1 is described below
commit 9f4b330ad17f465deb3f27967cfd6e765c78490d
Author: ChinchuAjith <[email protected]>
AuthorDate: Tue Jun 9 13:42:09 2026 +0530
Fix CVE-2024-6763, CVE-2025-11143, CVE-2026-2332, CVE-2025-5115: Upgade to
Jetty 12.0.33 (#6748)
* Fix CVE-2024-6763, CVE-2025-11143, CVE-2026-2332, CVE-2025-5115: Upgrade
to Jetty 12.0.33
* adding comment
* cve fix
* removing extra space
* removing unnecessary explicit dependencies
* review comments fix
* changing comment
* adding all worwmock driven jetty dependencies
---
kie-parent/pom.xml | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 95 insertions(+), 2 deletions(-)
diff --git a/kie-parent/pom.xml b/kie-parent/pom.xml
index 467fb3add0..09d77f2ccc 100644
--- a/kie-parent/pom.xml
+++ b/kie-parent/pom.xml
@@ -68,7 +68,6 @@
<!-- Set to "true" on every project that has no violations. -->
<spotbugs.failOnViolation>false</spotbugs.failOnViolation>
<surefire.forkCount>1</surefire.forkCount>
-
<!--
CONVENTIONS:
- A version property must be specified in the format "version.{groupId}",
optionally with a suffix to make it unique.
@@ -242,6 +241,7 @@
<version.org.bouncycastle.bc.jdk18on>1.84</version.org.bouncycastle.bc.jdk18on>
<version.org.codehaus.plexus.plexus-utils>3.6.1</version.org.codehaus.plexus.plexus-utils>
<version.org.eclipse.jdt>3.44.0</version.org.eclipse.jdt>
+ <version.org.eclipse.jetty>12.0.33</version.org.eclipse.jetty>
<version.org.eclipse.jetty.jakarta.servlet.api>5.0.2</version.org.eclipse.jetty.jakarta.servlet.api>
<version.org.eclipse.microprofile.config>3.1</version.org.eclipse.microprofile.config>
<version.org.eclipse.microprofile.openapi>4.0.2</version.org.eclipse.microprofile.openapi>
@@ -329,6 +329,13 @@
</properties>
<dependencyManagement>
<dependencies>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-bom</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
<!--Both antlr:antlr and org.antlr:antlr-runtime is needed. They are
completely different.-->
<dependency>
<groupId>antlr</groupId>
@@ -1591,6 +1598,92 @@
<artifactId>ecj</artifactId>
<version>${version.org.eclipse.jdt}</version>
</dependency>
+ <!-- Explicit set to Jetty 12.0.33 version, overriding version
transitively imported by wiremock-jetty12 3.13.2 -->
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-alpn-client</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-alpn-server</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-client</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-http</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-io</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-proxy</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-security</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-session</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.ee10</groupId>
+ <artifactId>jetty-ee10-proxy</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.ee10</groupId>
+ <artifactId>jetty-ee10-servlet</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>jetty-http2-client</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>jetty-http2-client-transport</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>jetty-http2-common</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>jetty-http2-hpack</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>jetty-http2-server</artifactId>
+ <version>${version.org.eclipse.jetty}</version>
+ </dependency>
<dependency>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-jakarta-servlet-api</artifactId>
@@ -2175,7 +2268,7 @@
</dependency>
<dependency>
<groupId>org.wiremock</groupId>
- <artifactId>wiremock</artifactId>
+ <artifactId>wiremock-jetty12</artifactId>
<version>${version.org.wiremock}</version>
<scope>test</scope>
<exclusions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
