This is an automated email from the ASF dual-hosted git repository.
wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new 950346c3 [CVE] Update Jetty version to fix its CVEs (#4642)
950346c3 is described below
commit 950346c3801224baa04e5c8e59378308bb16f33e
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Mon Apr 13 14:27:19 2020 +0800
[CVE] Update Jetty version to fix its CVEs (#4642)
---
dist-material/release-docs/LICENSE | 2 +-
oap-server/pom.xml | 2 +-
tools/dependencies/known-oap-backend-dependencies-es7.txt | 12 ++++++------
tools/dependencies/known-oap-backend-dependencies.txt | 12 ++++++------
4 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/dist-material/release-docs/LICENSE
b/dist-material/release-docs/LICENSE
index 69d352a..8ca15ba 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license.
transport-netty4-client 5.5.0:
http://central.maven.org/maven2/org/elasticsearch/plugin/transport-netty4-client/5.5.0/transport-netty4-client-5.5.0.pom
, Apache 2.0
securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml ,
Apache 2.0
LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor ,
Apache 2.0
- Eclipse (Jetty) 3.3.6: https://www.eclipse.org/jetty/ , Apache 2.0 and
Eclipse Public License 1.0
+ Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache
2.0 and Eclipse Public License 1.0
SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0
Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0
Joda-Convert 1.2: http://www.joda.org/joda-convert/ , Apache 2.0
diff --git a/oap-server/pom.xml b/oap-server/pom.xml
index 44c6e3e..b82034a 100755
--- a/oap-server/pom.xml
+++ b/oap-server/pom.xml
@@ -58,7 +58,7 @@
<graphql-java.version>8.0</graphql-java.version>
<zookeeper.version>3.4.10</zookeeper.version>
<netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version>
- <jetty.version>9.4.2.v20170220</jetty.version>
+ <jetty.version>9.4.28.v20200408</jetty.version>
<h2.version>1.4.196</h2.version>
<commons-dbcp.version>1.4</commons-dbcp.version>
<commons-io.version>2.6</commons-io.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt
b/tools/dependencies/known-oap-backend-dependencies-es7.txt
index 49f2780..5eda485 100755
--- a/tools/dependencies/known-oap-backend-dependencies-es7.txt
+++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt
@@ -77,12 +77,12 @@ javassist-3.25.0-GA.jar
javax.inject-1.jar
javax.servlet-api-3.1.0.jar
jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
jline-0.9.94.jar
jna-4.5.1.jar
joda-convert-1.2.jar
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt
b/tools/dependencies/known-oap-backend-dependencies.txt
index 68db51a..58061ef 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -76,12 +76,12 @@ javassist-3.25.0-GA.jar
javax.inject-1.jar
javax.servlet-api-3.1.0.jar
jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
jline-0.9.94.jar
jna-4.5.1.jar
joda-convert-1.2.jar
