This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 858b78743 ZOOKEEPER-4876: jetty-http-9.4.53.v20231009.jar:
CVE-2024-6763(3.7)
858b78743 is described below
commit 858b7874326fc22c0889b07eec980c6c5c7cb1bd
Author: Andor Molnár <[email protected]>
AuthorDate: Thu Oct 17 13:42:23 2024 -0500
ZOOKEEPER-4876: jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)
Reviewers: ztzg
Author: anmolnar
Closes #2202 from anmolnar/ZOOKEEPER-4876
---
owaspSuppressions.xml | 6 +++++-
pom.xml | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 873f38df3..56003dc5b 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -18,6 +18,11 @@
-->
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd";>
+ <suppress>
+ <!-- ZooKeeper is not affected, because HttpURI is not used in our code.
+ see: ZOOKEEPER-4876 -->
+ <cve>CVE-2024-6763</cve>
+ </suppress>
<suppress>
<!-- ZOOKEEPER-3217 -->
<cve>CVE-2018-8088</cve>
@@ -72,5 +77,4 @@
in json-java which we don't use in ZooKeeper -->
<cve>CVE-2022-45688</cve>
</suppress>
-
</suppressions>
diff --git a/pom.xml b/pom.xml
index 9f8c3d23e..9cecb4d92 100644
--- a/pom.xml
+++ b/pom.xml
@@ -560,7 +560,7 @@
<hamcrest.version>2.2</hamcrest.version>
<commons-cli.version>1.5.0</commons-cli.version>
<netty.version>4.1.113.Final</netty.version>
- <jetty.version>9.4.53.v20231009</jetty.version>
+ <jetty.version>9.4.56.v20240826</jetty.version>
<jackson.version>2.15.2</jackson.version>
<jline.version>2.14.6</jline.version>
<snappy.version>1.1.10.5</snappy.version>
