You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by rx...@apache.org on 2020/11/05 02:40:06 UTC

[pulsar] branch branch-2.6 updated: Upgrade jetty to 9.4.33.v20201020 (#8413)

This is an automated email from the ASF dual-hosted git repository.

rxl pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.6 by this push:
     new 0f2fad0  Upgrade jetty to 9.4.33.v20201020 (#8413)
0f2fad0 is described below

commit 0f2fad02f413b9a02242034232326b593c9739f0
Author: Masahiro Sakamoto <ma...@yahoo-corp.jp>
AuthorDate: Mon Nov 2 09:38:07 2020 +0900

    Upgrade jetty to 9.4.33.v20201020 (#8413)
    
    Jetty versions 9.4.32.v20200930 and earlier have a security vulnerability, so upgraded to the latest stable version.
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
    
    (cherry picked from commit ec2de258ce39b38311e92bab6882c198070d8975)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 34 ++++++++++++------------
 pom.xml                                          |  2 +-
 pulsar-sql/presto-distribution/LICENSE           | 12 ++++-----
 3 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 3f6858d..3352047 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -430,23 +430,23 @@ The Apache Software License, Version 2.0
     - org.bouncycastle-bcpkix-jdk15on-1.64.jar
     - org.bouncycastle-bcprov-jdk15on-1.64.jar
  * Jetty
-    - org.eclipse.jetty-jetty-client-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-continuation-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-http-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-io-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-proxy-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-security-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-server-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-servlet-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-servlets-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-util-9.4.31.v20200723.jar
-    - org.eclipse.jetty-jetty-xml-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-websocket-api-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-websocket-client-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-websocket-common-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-websocket-server-9.4.31.v20200723.jar
-    - org.eclipse.jetty.websocket-websocket-servlet-9.4.31.v20200723.jar
+    - org.eclipse.jetty-jetty-client-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-continuation-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-http-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-io-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-proxy-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-security-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-server-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-servlet-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-servlets-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-util-9.4.33.v20201020.jar
+    - org.eclipse.jetty-jetty-xml-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-websocket-api-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-websocket-client-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-websocket-common-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-websocket-server-9.4.33.v20201020.jar
+    - org.eclipse.jetty.websocket-websocket-servlet-9.4.33.v20201020.jar
  * SnakeYaml -- org.yaml-snakeyaml-1.26.jar
  * RocksDB - org.rocksdb-rocksdbjni-5.13.3.jar
  * HttpClient
diff --git a/pom.xml b/pom.xml
index b0e6c0e..9946828 100644
--- a/pom.xml
+++ b/pom.xml
@@ -160,7 +160,7 @@ flexible messaging model and an intuitive client API.</description>
     <netty.version>4.1.48.Final</netty.version>
     <netty-tc-native.version>2.0.30.Final</netty-tc-native.version>
     <storm.version>2.0.0</storm.version>
-    <jetty.version>9.4.31.v20200723</jetty.version>
+    <jetty.version>9.4.33.v20201020</jetty.version>
     <jersey.version>2.31</jersey.version>
     <athenz.version>1.8.38</athenz.version>
     <prometheus.version>0.5.0</prometheus.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 799ff99..8ac96c7 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -440,12 +440,12 @@ The Apache Software License, Version 2.0
   * Java Assist
     - javassist-3.25.0-GA.jar
   * Jetty
-    - jetty-http-9.4.31.v20200723.jar
-    - jetty-io-9.4.31.v20200723.jar
-    - jetty-security-9.4.31.v20200723.jar
-    - jetty-server-9.4.31.v20200723.jar
-    - jetty-servlet-9.4.31.v20200723.jar
-    - jetty-util-9.4.31.v20200723.jar
+    - jetty-http-9.4.33.v20201020.jar
+    - jetty-io-9.4.33.v20201020.jar
+    - jetty-security-9.4.33.v20201020.jar
+    - jetty-server-9.4.33.v20201020.jar
+    - jetty-servlet-9.4.33.v20201020.jar
+    - jetty-util-9.4.33.v20201020.jar
   * Java Native Access
     - jna-4.2.0.jar
     - jna-5.3.1.jar