This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-4.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 1ac0898a0f9a2b10a0521879ac089addd114eace Author: Lari Hotari <[email protected]> AuthorDate: Wed Apr 30 11:53:26 2025 +0300 [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (#24232) (cherry picked from commit 611dc3f360b5c14fd95eeb36b50948115da2bada) --- distribution/server/src/assemble/LICENSE.bin.txt | 38 ++++++++++++------------ distribution/shell/src/assemble/LICENSE.bin.txt | 16 +++++----- pom.xml | 2 +- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 687148d5e94..bf24c64d7c7 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -393,25 +393,25 @@ The Apache Software License, Version 2.0 - org.asynchttpclient-async-http-client-2.12.4.jar - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar * Jetty - - org.eclipse.jetty-jetty-client-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-continuation-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-http-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-io-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-proxy-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-security-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-server-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-servlet-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-servlets-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-util-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-util-ajax-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-websocket-api-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-websocket-client-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-websocket-common-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-websocket-server-9.4.56.v20240826.jar - - org.eclipse.jetty.websocket-websocket-servlet-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.56.v20240826.jar - - org.eclipse.jetty-jetty-alpn-server-9.4.56.v20240826.jar + - org.eclipse.jetty-jetty-client-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-continuation-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-proxy-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-servlets-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-websocket-api-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-websocket-client-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-websocket-common-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-websocket-server-9.4.57.v20241219.jar + - org.eclipse.jetty.websocket-websocket-servlet-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-alpn-server-9.4.57.v20241219.jar * SnakeYaml -- org.yaml-snakeyaml-2.0.jar * RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar * Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.24.0.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index f629b34cdaf..fe939f2b862 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -402,14 +402,14 @@ The Apache Software License, Version 2.0 - async-http-client-2.12.4.jar - async-http-client-netty-utils-2.12.4.jar * Jetty - - jetty-client-9.4.56.v20240826.jar - - jetty-http-9.4.56.v20240826.jar - - jetty-io-9.4.56.v20240826.jar - - jetty-util-9.4.56.v20240826.jar - - javax-websocket-client-impl-9.4.56.v20240826.jar - - websocket-api-9.4.56.v20240826.jar - - websocket-client-9.4.56.v20240826.jar - - websocket-common-9.4.56.v20240826.jar + - jetty-client-9.4.57.v20241219.jar + - jetty-http-9.4.57.v20241219.jar + - jetty-io-9.4.57.v20241219.jar + - jetty-util-9.4.57.v20241219.jar + - javax-websocket-client-impl-9.4.57.v20241219.jar + - websocket-api-9.4.57.v20241219.jar + - websocket-client-9.4.57.v20241219.jar + - websocket-common-9.4.57.v20241219.jar * SnakeYaml -- snakeyaml-2.0.jar * Google Error Prone Annotations - error_prone_annotations-2.24.0.jar * Javassist -- javassist-3.25.0-GA.jar diff --git a/pom.xml b/pom.xml index d8504a3016c..d31c5820cbb 100644 --- a/pom.xml +++ b/pom.xml @@ -150,7 +150,7 @@ flexible messaging model and an intuitive client API.</description> <curator.version>5.7.1</curator.version> <netty.version>4.1.121.Final</netty.version> <netty-iouring.version>0.0.26.Final</netty-iouring.version> - <jetty.version>9.4.56.v20240826</jetty.version> + <jetty.version>9.4.57.v20241219</jetty.version> <conscrypt.version>2.5.2</conscrypt.version> <jersey.version>2.42</jersey.version> <athenz.version>1.10.62</athenz.version>
