(pulsar) branch master updated: [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (#24232)

lhotari Wed, 30 Apr 2025 01:54:06 -0700

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git



The following commit(s) were added to refs/heads/master by this push:
     new 611dc3f360b [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate 
CVE-2024-6763 (#24232)
611dc3f360b is described below

commit 611dc3f360b5c14fd95eeb36b50948115da2bada
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Apr 30 11:53:26 2025 +0300

    [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 
(#24232)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 38 ++++++++++++------------
 distribution/shell/src/assemble/LICENSE.bin.txt  | 16 +++++-----
 pom.xml                                          |  2 +-
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index 687148d5e94..bf24c64d7c7 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -393,25 +393,25 @@ The Apache Software License, Version 2.0
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
  * Jetty
-    - org.eclipse.jetty-jetty-client-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-continuation-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-http-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-io-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-proxy-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-security-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-server-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-servlet-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-servlets-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-util-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-util-ajax-9.4.56.v20240826.jar
-    - 
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.56.v20240826.jar
-    - org.eclipse.jetty.websocket-websocket-api-9.4.56.v20240826.jar
-    - org.eclipse.jetty.websocket-websocket-client-9.4.56.v20240826.jar
-    - org.eclipse.jetty.websocket-websocket-common-9.4.56.v20240826.jar
-    - org.eclipse.jetty.websocket-websocket-server-9.4.56.v20240826.jar
-    - org.eclipse.jetty.websocket-websocket-servlet-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.56.v20240826.jar
-    - org.eclipse.jetty-jetty-alpn-server-9.4.56.v20240826.jar
+    - org.eclipse.jetty-jetty-client-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-continuation-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-proxy-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-servlets-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
+    - 
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.57.v20241219.jar
+    - org.eclipse.jetty.websocket-websocket-api-9.4.57.v20241219.jar
+    - org.eclipse.jetty.websocket-websocket-client-9.4.57.v20241219.jar
+    - org.eclipse.jetty.websocket-websocket-common-9.4.57.v20241219.jar
+    - org.eclipse.jetty.websocket-websocket-server-9.4.57.v20241219.jar
+    - org.eclipse.jetty.websocket-websocket-servlet-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.57.v20241219.jar
+    - org.eclipse.jetty-jetty-alpn-server-9.4.57.v20241219.jar
  * SnakeYaml -- org.yaml-snakeyaml-2.0.jar
  * RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar
  * Google Error Prone Annotations - 
com.google.errorprone-error_prone_annotations-2.24.0.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index f629b34cdaf..fe939f2b862 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -402,14 +402,14 @@ The Apache Software License, Version 2.0
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
  * Jetty
-    - jetty-client-9.4.56.v20240826.jar
-    - jetty-http-9.4.56.v20240826.jar
-    - jetty-io-9.4.56.v20240826.jar
-    - jetty-util-9.4.56.v20240826.jar
-    - javax-websocket-client-impl-9.4.56.v20240826.jar
-    - websocket-api-9.4.56.v20240826.jar
-    - websocket-client-9.4.56.v20240826.jar
-    - websocket-common-9.4.56.v20240826.jar
+    - jetty-client-9.4.57.v20241219.jar
+    - jetty-http-9.4.57.v20241219.jar
+    - jetty-io-9.4.57.v20241219.jar
+    - jetty-util-9.4.57.v20241219.jar
+    - javax-websocket-client-impl-9.4.57.v20241219.jar
+    - websocket-api-9.4.57.v20241219.jar
+    - websocket-client-9.4.57.v20241219.jar
+    - websocket-common-9.4.57.v20241219.jar
  * SnakeYaml -- snakeyaml-2.0.jar
  * Google Error Prone Annotations - error_prone_annotations-2.24.0.jar
  * Javassist -- javassist-3.25.0-GA.jar
diff --git a/pom.xml b/pom.xml
index 72dae0a22e4..6e3d275312f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -150,7 +150,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <curator.version>5.7.1</curator.version>
     <netty.version>4.1.121.Final</netty.version>
     <netty-iouring.version>0.0.26.Final</netty-iouring.version>
-    <jetty.version>9.4.56.v20240826</jetty.version>
+    <jetty.version>9.4.57.v20241219</jetty.version>
     <conscrypt.version>2.5.2</conscrypt.version>
     <jersey.version>2.42</jersey.version>
     <athenz.version>1.10.62</athenz.version>

(pulsar) branch master updated: [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (#24232)

Reply via email to