[jira] [Resolved] (HADOOP-19761) Upgrade jetty and http2-common to 9.4.58.v20250814 due to CVE-2025-5115

Steve Loughran (Jira) Mon, 29 Dec 2025 03:31:23 -0800


     [ 
https://issues.apache.org/jira/browse/HADOOP-19761?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Steve Loughran resolved HADOOP-19761.
-------------------------------------
    Fix Version/s: 3.5.0
       Resolution: Fixed

> Upgrade jetty and http2-common to 9.4.58.v20250814 due to CVE-2025-5115
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-19761
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19761
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build, yarn
>    Affects Versions: 3.5.0
>            Reporter: fuchaohong
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 3.5.0
>
>
> Upgrade *http2-common* to version *9.4.58.v20250814* to address 
> {*}CVE-2025-5115{*}, and upgrade *Jetty* to the same version simultaneously.
> CVE announcement: https://www.eclipse.org/lists/jetty-users/msg10928.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (HADOOP-19761) Upgrade jetty and http2-common to 9.4.58.v20250814 due to CVE-2025-5115

Reply via email to