You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/22 15:36:40 UTC
[GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218
dongjinleekr opened a new pull request #10177:
URL: https://github.com/apache/kafka/pull/10177
Here is the fix. The reason of [CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218) was [Incorrect recycling of `HttpInput`](https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892) and [patched in 9.4.35.v20201120](https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8).
This PR updates Jetty dependency into the following version, 9.4.36.v20210114.
### Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218
Posted by GitBox <gi...@apache.org>.
ijuma commented on pull request #10177:
URL: https://github.com/apache/kafka/pull/10177#issuecomment-783476320
Let's cherry-pick this to 2.8, 2.7 and 2.6.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218
Posted by GitBox <gi...@apache.org>.
omkreddy closed pull request #10177:
URL: https://github.com/apache/kafka/pull/10177
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218
Posted by GitBox <gi...@apache.org>.
dongjinleekr commented on pull request #10177:
URL: https://github.com/apache/kafka/pull/10177#issuecomment-783461290
@ijuma @chia7712 Could you have a look?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org