OWASP jenkins job is reporting this on master: 10:10:21 [ERROR] jetty-io-9.4.57.v20241219.jar: CVE-2024-6763(5.3) 10:10:21 [ERROR] jetty-server-9.4.57.v20241219.jar: CVE-2024-6763(5.3)
https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/397/console Patrick On Tue, Jun 3, 2025 at 9:58 AM Patrick Hunt <ph...@apache.org> wrote: > I believe there is an open jira for this: > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20ZooKeeper%20and%20resolution%20%3D%20unresolved%20and%20summary%20~%20%22cve*%22%20ORDER%20BY%20created%20DESC > > Regards, > > Patrick > > On Tue, Jun 3, 2025 at 9:53 AM Yvette Sermons > <yvette.serm...@oracle.com.invalid> wrote: > >> Hello >> Can Zookeeper 3.9.3 be upgraded to use the latest jetty version: >> 9.4.57.v20241219< >> https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.4.57.v20241219> >> >> https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.4.57.v20241219 >> There is a vulnerability in 9.4.56 version. >> >> Thanks >> Yvette Sermons | Senior Development Manager >> ORACLE Construction and Engineering >> 610.766.3735 >> >
