This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch jetty in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 4f806e789776edb0d57b9082374b016874ad3cf2 Author: kezhenxu94 <[email protected]> AuthorDate: Tue Apr 27 22:06:09 2021 +0800 Bump up Jetty version --- CHANGES.md | 1 + dist-material/release-docs/LICENSE | 2 +- oap-server/pom.xml | 2 +- tools/dependencies/known-oap-backend-dependencies-es7.txt | 14 +++++++------- tools/dependencies/known-oap-backend-dependencies.txt | 14 +++++++------- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index e80cf25..615b1a4 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -26,6 +26,7 @@ Release Notes. * Support alarm tags. * Support WeLink as a channel of alarm notification. * Fix: Some defensive codes didn't work in `PercentileFunction combine`. +* CVE: fix Jetty vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2019-17638 #### UI * Add logo for kong plugin. diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE index d41a486..fc886de 100755 --- a/dist-material/release-docs/LICENSE +++ b/dist-material/release-docs/LICENSE @@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license. transport 5.5.0: https://github.com/elastic/elasticsearch/tree/master/client/transport , Apache 2.0 securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0 LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0 - Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0 + Eclipse (Jetty) v9.4.40: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0 SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0 Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0 Joda-Convert 2.2.1: http://www.joda.org/joda-convert/ , Apache 2.0 diff --git a/oap-server/pom.xml b/oap-server/pom.xml index 1d2b00b..9be01d8 100755 --- a/oap-server/pom.xml +++ b/oap-server/pom.xml @@ -62,7 +62,7 @@ <graphql-java.version>8.0</graphql-java.version> <zookeeper.version>3.4.10</zookeeper.version> <netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version> - <jetty.version>9.4.28.v20200408</jetty.version> + <jetty.version>v9.4.40</jetty.version> <h2.version>1.4.196</h2.version> <commons-dbcp.version>1.4</commons-dbcp.version> <commons-io.version>2.6</commons-io.version> diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt index b9c0aab..477db21 100755 --- a/tools/dependencies/known-oap-backend-dependencies-es7.txt +++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt @@ -86,12 +86,12 @@ javassist-3.25.0-GA.jar javax.inject-1.jar javax.servlet-api-3.1.0.jar jcl-over-slf4j-1.7.25.jar -jetty-http-9.4.28.v20200408.jar -jetty-io-9.4.28.v20200408.jar -jetty-security-9.4.28.v20200408.jar -jetty-server-9.4.28.v20200408.jar -jetty-servlet-9.4.28.v20200408.jar -jetty-util-9.4.28.v20200408.jar +jetty-http-v9.4.40.jar +jetty-io-v9.4.40.jar +jetty-security-v9.4.40.jar +jetty-server-v9.4.40.jar +jetty-servlet-v9.4.40.jar +jetty-util-v9.4.40.jar jline-0.9.94.jar jna-4.5.1.jar joda-convert-2.2.1.jar @@ -174,4 +174,4 @@ snappy-java-1.1.7.3.jar zstd-jni-1.4.3-1.jar mvel2-2.4.8.Final.jar commons-beanutils-1.9.4.jar -postgresql-42.2.18.jar \ No newline at end of file +postgresql-42.2.18.jar diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt index 863d1d6..a229cb8 100755 --- a/tools/dependencies/known-oap-backend-dependencies.txt +++ b/tools/dependencies/known-oap-backend-dependencies.txt @@ -80,12 +80,12 @@ javassist-3.25.0-GA.jar javax.inject-1.jar javax.servlet-api-3.1.0.jar jcl-over-slf4j-1.7.25.jar -jetty-http-9.4.28.v20200408.jar -jetty-io-9.4.28.v20200408.jar -jetty-security-9.4.28.v20200408.jar -jetty-server-9.4.28.v20200408.jar -jetty-servlet-9.4.28.v20200408.jar -jetty-util-9.4.28.v20200408.jar +jetty-http-v9.4.40.jar +jetty-io-v9.4.40.jar +jetty-security-v9.4.40.jar +jetty-server-v9.4.40.jar +jetty-servlet-v9.4.40.jar +jetty-util-v9.4.40.jar jline-0.9.94.jar jna-4.5.1.jar joda-convert-2.2.1.jar @@ -169,4 +169,4 @@ snappy-java-1.1.7.3.jar zstd-jni-1.4.3-1.jar mvel2-2.4.8.Final.jar commons-beanutils-1.9.4.jar -postgresql-42.2.18.jar \ No newline at end of file +postgresql-42.2.18.jar
