This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.3 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 181863a2903fc8cc145df4c6ba20bb488118a31a Author: Lari Hotari <[email protected]> AuthorDate: Mon Oct 27 23:25:56 2025 +0200 [fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (#24897) (cherry picked from commit d1bddf810ca6ace8d6f07dcfe2a34c26abe6d8dd) --- distribution/server/src/assemble/LICENSE.bin.txt | 38 ++++++++++++------------ distribution/shell/src/assemble/LICENSE.bin.txt | 16 +++++----- pom.xml | 2 +- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index b0b74bcfcdb..eb598a1d1ae 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -394,25 +394,25 @@ The Apache Software License, Version 2.0 - org.asynchttpclient-async-http-client-2.12.4.jar - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar * Jetty - - org.eclipse.jetty-jetty-client-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-continuation-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-proxy-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-servlets-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-websocket-api-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-websocket-client-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-websocket-common-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-websocket-server-9.4.57.v20241219.jar - - org.eclipse.jetty.websocket-websocket-servlet-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.57.v20241219.jar - - org.eclipse.jetty-jetty-alpn-server-9.4.57.v20241219.jar + - org.eclipse.jetty-jetty-client-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-continuation-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-http-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-io-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-proxy-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-security-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-server-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-servlet-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-servlets-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-util-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-util-ajax-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-websocket-api-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-websocket-client-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-websocket-common-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-websocket-server-9.4.58.v20250814.jar + - org.eclipse.jetty.websocket-websocket-servlet-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.58.v20250814.jar + - org.eclipse.jetty-jetty-alpn-server-9.4.58.v20250814.jar * SnakeYaml -- org.yaml-snakeyaml-2.0.jar * RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar * Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.24.0.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 9d4740f1337..acc69ab599f 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -403,14 +403,14 @@ The Apache Software License, Version 2.0 - async-http-client-2.12.4.jar - async-http-client-netty-utils-2.12.4.jar * Jetty - - jetty-client-9.4.57.v20241219.jar - - jetty-http-9.4.57.v20241219.jar - - jetty-io-9.4.57.v20241219.jar - - jetty-util-9.4.57.v20241219.jar - - javax-websocket-client-impl-9.4.57.v20241219.jar - - websocket-api-9.4.57.v20241219.jar - - websocket-client-9.4.57.v20241219.jar - - websocket-common-9.4.57.v20241219.jar + - jetty-client-9.4.58.v20250814.jar + - jetty-http-9.4.58.v20250814.jar + - jetty-io-9.4.58.v20250814.jar + - jetty-util-9.4.58.v20250814.jar + - javax-websocket-client-impl-9.4.58.v20250814.jar + - websocket-api-9.4.58.v20250814.jar + - websocket-client-9.4.58.v20250814.jar + - websocket-common-9.4.58.v20250814.jar * SnakeYaml -- snakeyaml-2.0.jar * Google Error Prone Annotations - error_prone_annotations-2.24.0.jar * Javassist -- javassist-3.25.0-GA.jar diff --git a/pom.xml b/pom.xml index a9f21644b81..352b4471925 100644 --- a/pom.xml +++ b/pom.xml @@ -146,7 +146,7 @@ flexible messaging model and an intuitive client API.</description> <curator.version>5.7.1</curator.version> <netty.version>4.1.127.Final</netty.version> <netty-iouring.version>0.0.26.Final</netty-iouring.version> - <jetty.version>9.4.57.v20241219</jetty.version> + <jetty.version>9.4.58.v20250814</jetty.version> <conscrypt.version>2.5.2</conscrypt.version> <jersey.version>2.42</jersey.version> <athenz.version>1.10.50</athenz.version>
