Copilot commented on code in PR #17136:
URL: https://github.com/apache/iotdb/pull/17136#discussion_r2752325809
##########
pom.xml:
##########
@@ -106,7 +106,7 @@
<!-- This is the last version to support the javax namespace -->
<jersey.version>2.40</jersey.version>
<!-- This was the last version to support Java 8 -->
- <jetty.version>9.4.57.v20241219</jetty.version>
+ <jetty.version>9.4.58.v20250814</jetty.version>
Review Comment:
The CVE identifier CVE-2025-5115 appears suspicious. CVE numbers in the
5000+ range are unusually high for a single year, especially for early-to-mid
2025. Please verify that this CVE actually exists and is correctly referenced.
Check the official CVE database (cve.mitre.org or nvd.nist.gov) to confirm this
CVE is valid and that it applies to Jetty. If the CVE number is incorrect,
please update the PR title and description with the correct CVE identifier.
```suggestion
<jetty.version>9.4.54.v20240208</jetty.version>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
