[jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429

Duo Zhang (Jira) Tue, 21 Sep 2021 06:44:08 -0700


    [ 
https://issues.apache.org/jira/browse/HBASE-26292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17418131#comment-17418131
 ]


Duo Zhang commented on HBASE-26292:
-----------------------------------

So we need to publish a new hbase-thirdparty release...

Is it possible to purge jetty dependencies from modules other than hbase-rest? 
Just use netty for our status page?

> Update jetty version to fix CVE-2021-34429
> ------------------------------------------
>
>                 Key: HBASE-26292
>                 URL: https://issues.apache.org/jira/browse/HBASE-26292
>             Project: HBase
>          Issue Type: Bug
>          Components: dependencies, thirdparty
>            Reporter: Pankaj Kumar
>            Assignee: Pankaj Kumar
>            Priority: Major
>
>  CVE-2021-34429 issue is fixed in Jetty 9.4.43.v20210629 and we are using 
> jetty 9.4.41.v20210516.
> https://github.com/apache/hbase-thirdparty/blob/c28a235236b9f63ec1d36431e5d1b6c8d4b66d90/pom.xml#L139



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429

Reply via email to