This is an automated email from the ASF dual-hosted git repository. wusheng pushed a commit to branch cve-jetty in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 8793c7425e515da31778c7344db5dc2015a8ce1e Author: Wu Sheng <[email protected]> AuthorDate: Mon Apr 13 11:44:04 2020 +0800 [CVE] Update Jetty version to fix its CVEs --- dist-material/release-docs/LICENSE | 2 +- oap-server/pom.xml | 2 +- tools/dependencies/known-oap-backend-dependencies-es7.txt | 12 ++++++------ tools/dependencies/known-oap-backend-dependencies.txt | 12 ++++++------ 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE index 69d352a..8ca15ba 100755 --- a/dist-material/release-docs/LICENSE +++ b/dist-material/release-docs/LICENSE @@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license. transport-netty4-client 5.5.0: http://central.maven.org/maven2/org/elasticsearch/plugin/transport-netty4-client/5.5.0/transport-netty4-client-5.5.0.pom , Apache 2.0 securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0 LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0 - Eclipse (Jetty) 3.3.6: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0 + Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0 SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0 Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0 Joda-Convert 1.2: http://www.joda.org/joda-convert/ , Apache 2.0 diff --git a/oap-server/pom.xml b/oap-server/pom.xml index 44c6e3e..b82034a 100755 --- a/oap-server/pom.xml +++ b/oap-server/pom.xml @@ -58,7 +58,7 @@ <graphql-java.version>8.0</graphql-java.version> <zookeeper.version>3.4.10</zookeeper.version> <netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version> - <jetty.version>9.4.2.v20170220</jetty.version> + <jetty.version>9.4.28.v20200408</jetty.version> <h2.version>1.4.196</h2.version> <commons-dbcp.version>1.4</commons-dbcp.version> <commons-io.version>2.6</commons-io.version> diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt index 49f2780..5eda485 100755 --- a/tools/dependencies/known-oap-backend-dependencies-es7.txt +++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt @@ -77,12 +77,12 @@ javassist-3.25.0-GA.jar javax.inject-1.jar javax.servlet-api-3.1.0.jar jcl-over-slf4j-1.7.25.jar -jetty-http-9.4.2.v20170220.jar -jetty-io-9.4.2.v20170220.jar -jetty-security-9.4.2.v20170220.jar -jetty-server-9.4.2.v20170220.jar -jetty-servlet-9.4.2.v20170220.jar -jetty-util-9.4.2.v20170220.jar +jetty-http-9.4.28.v20200408.jar +jetty-io-9.4.28.v20200408.jar +jetty-security-9.4.28.v20200408.jar +jetty-server-9.4.28.v20200408.jar +jetty-servlet-9.4.28.v20200408.jar +jetty-util-9.4.28.v20200408.jar jline-0.9.94.jar jna-4.5.1.jar joda-convert-1.2.jar diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt index 68db51a..58061ef 100755 --- a/tools/dependencies/known-oap-backend-dependencies.txt +++ b/tools/dependencies/known-oap-backend-dependencies.txt @@ -76,12 +76,12 @@ javassist-3.25.0-GA.jar javax.inject-1.jar javax.servlet-api-3.1.0.jar jcl-over-slf4j-1.7.25.jar -jetty-http-9.4.2.v20170220.jar -jetty-io-9.4.2.v20170220.jar -jetty-security-9.4.2.v20170220.jar -jetty-server-9.4.2.v20170220.jar -jetty-servlet-9.4.2.v20170220.jar -jetty-util-9.4.2.v20170220.jar +jetty-http-9.4.28.v20200408.jar +jetty-io-9.4.28.v20200408.jar +jetty-security-9.4.28.v20200408.jar +jetty-server-9.4.28.v20200408.jar +jetty-servlet-9.4.28.v20200408.jar +jetty-util-9.4.28.v20200408.jar jline-0.9.94.jar jna-4.5.1.jar joda-convert-1.2.jar
