You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kafka.apache.org by ma...@apache.org on 2020/11/09 17:06:18 UTC

[kafka] branch 2.6 updated: MINOR: Update jetty to 9.4.33

This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch 2.6
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.6 by this push:
     new df17166  MINOR: Update jetty to 9.4.33
df17166 is described below

commit df17166072d61be410da48c46db0a87e7e99a51f
Author: Nitesh Mor <nm...@confluent.io>
AuthorDate: Tue Nov 3 15:17:01 2020 -0800

    MINOR: Update jetty to 9.4.33
    
    Jetty 9.4.32 and before are affected by CVE-2020-27216. This vulnerability
    is fixed in Jetty 9.4.33, please see the following for details:
    https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053
---
 gradle/dependencies.gradle | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index cd58fc6..6939003 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -68,11 +68,8 @@ versions += [
   easymock: "4.2",
   jackson: "2.10.2",
   jacoco: "0.8.5",
-  // 9.4.25 renamed closeOutput to completeOutput (https://github.com/eclipse/jetty.project/commit/c5acf965067478784b54e2d241ec58fdb0b2c9fe)
-  // which is a method used by recent Jersey versions when this comment was written (2.30.1 was the latest). Please
-  // verify that this is fixed in some way before bumping the Jetty version.
-  jetty: "9.4.24.v20191120",
-  jersey: "2.28",
+  jetty: "9.4.33.v20201020",
+  jersey: "2.31",
   jmh: "1.23",
   hamcrest: "2.2",
   log4j: "1.2.17",