This is an automated email from the ASF dual-hosted git repository.
stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 48448e50149 HADOOP-19761. Upgrade jetty and http2-common to
9.4.58.v20250814 (#8146)
48448e50149 is described below
commit 48448e501494cb2d3b981b5627e5a3c8c54f9928
Author: fuchaohong <[email protected]>
AuthorDate: Mon Dec 29 19:29:49 2025 +0800
HADOOP-19761. Upgrade jetty and http2-common to 9.4.58.v20250814 (#8146)
Due to CVE-2025-5115.
Contributed by fuchaohong
---
LICENSE-binary | 28 ++++----
hadoop-project/pom.xml | 2 +-
.../pom.xml | 81 ++++++++++++++++++++++
3 files changed, 96 insertions(+), 15 deletions(-)
diff --git a/LICENSE-binary b/LICENSE-binary
index 26afa11ac8c..0683a0d99fa 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -411,20 +411,20 @@ org.apache.yetus:audience-annotations:0.5.0
org.apache.zookeeper:zookeeper:3.8.4
org.codehaus.jettison:jettison:1.5.4
org.conscrypt:conscrypt-openjdk-uber:2.5.2
-org.eclipse.jetty:jetty-annotations:9.4.57.v20241219
-org.eclipse.jetty:jetty-http:9.4.57.v20241219
-org.eclipse.jetty:jetty-io:9.4.57.v20241219
-org.eclipse.jetty:jetty-jndi:9.4.57.v20241219
-org.eclipse.jetty:jetty-plus:9.4.57.v20241219
-org.eclipse.jetty:jetty-security:9.4.57.v20241219
-org.eclipse.jetty:jetty-server:9.4.57.v20241219
-org.eclipse.jetty:jetty-servlet:9.4.57.v20241219
-org.eclipse.jetty:jetty-util:9.4.57.v20241219
-org.eclipse.jetty:jetty-util-ajax:9.4.57.v20241219
-org.eclipse.jetty:jetty-webapp:9.4.57.v20241219
-org.eclipse.jetty:jetty-xml:9.4.57.v20241219
-org.eclipse.jetty.websocket:javax-websocket-client-impl:9.4.57.v20241219
-org.eclipse.jetty.websocket:javax-websocket-server-impl:9.4.57.v20241219
+org.eclipse.jetty:jetty-annotations:9.4.58.v20250814
+org.eclipse.jetty:jetty-http:9.4.58.v20250814
+org.eclipse.jetty:jetty-io:9.4.58.v20250814
+org.eclipse.jetty:jetty-jndi:9.4.58.v20250814
+org.eclipse.jetty:jetty-plus:9.4.58.v20250814
+org.eclipse.jetty:jetty-security:9.4.58.v20250814
+org.eclipse.jetty:jetty-server:9.4.58.v20250814
+org.eclipse.jetty:jetty-servlet:9.4.58.v20250814
+org.eclipse.jetty:jetty-util:9.4.58.v20250814
+org.eclipse.jetty:jetty-util-ajax:9.4.58.v20250814
+org.eclipse.jetty:jetty-webapp:9.4.58.v20250814
+org.eclipse.jetty:jetty-xml:9.4.58.v20250814
+org.eclipse.jetty.websocket:javax-websocket-client-impl:9.4.58.v20250814
+org.eclipse.jetty.websocket:javax-websocket-server-impl:9.4.58.v20250814
org.ehcache:ehcache:3.8.2
org.ini4j:ini4j:0.5.4
org.objenesis:objenesis:2.6
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 802e1b48da2..cd83d2ae9a9 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -36,7 +36,7 @@
<!--Whether to proceed to next module if any test failures exist-->
<maven.test.failure.ignore>true</maven.test.failure.ignore>
<maven.test.redirectTestOutputToFile>true</maven.test.redirectTestOutputToFile>
- <jetty.version>9.4.57.v20241219</jetty.version>
+ <jetty.version>9.4.58.v20250814</jetty.version>
<test.exclude>_</test.exclude>
<test.exclude.pattern>_</test.exclude.pattern>
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/pom.xml
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/pom.xml
index d8fa7593021..e40c402bef7 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/pom.xml
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/pom.xml
@@ -87,6 +87,27 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-hpack</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-client</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-common</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-http-client-transport</artifactId>
+ <version>${jetty.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.solr</groupId>
<artifactId>solr-solrj</artifactId>
@@ -112,6 +133,26 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-io</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-alpn-client</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-hpack</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-client</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-common</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-http-client-transport</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -140,10 +181,30 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-alpn-client</artifactId>
+ </exclusion>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-hpack</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-client</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-common</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-http-client-transport</artifactId>
+ </exclusion>
</exclusions>
<scope>test</scope>
</dependency>
@@ -173,10 +234,30 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-alpn-client</artifactId>
+ </exclusion>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-hpack</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-client</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-common</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ <artifactId>http2-http-client-transport</artifactId>
+ </exclusion>
</exclusions>
<scope>test</scope>
</dependency>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
