You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/03/02 08:18:35 UTC
[GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
dongjinleekr opened a new pull request #10245:
URL: https://github.com/apache/kafka/pull/10245
Here is the fix. The reason of [CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223) was DOS vulnerability for Quoted Quality CSV headers and [patched in 9.4.37.v20210219](https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7).
This PR updates Jetty dependency into the following version, 9.4.38.v20210224.
### Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
Posted by GitBox <gi...@apache.org>.
dongjinleekr commented on pull request #10245:
URL: https://github.com/apache/kafka/pull/10245#issuecomment-789347793
@ableegoldman I think this should be a blocker, since it is security vulnerability.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
Posted by GitBox <gi...@apache.org>.
ableegoldman commented on pull request #10245:
URL: https://github.com/apache/kafka/pull/10245#issuecomment-789260883
What's the status here? Is this a blocker for the 2.6.2 release?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
Posted by GitBox <gi...@apache.org>.
dongjinleekr commented on pull request #10245:
URL: https://github.com/apache/kafka/pull/10245#issuecomment-788714479
@omkreddy @ijuma A follow-up of [KAFKA-12324: Upgrade jetty to fix CVE-2020-27218](https://github.com/apache/kafka/pull/10177). Should be cherry-picked into 2.8.0, 2.7.1, and 2.6.2.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
Posted by GitBox <gi...@apache.org>.
omkreddy closed pull request #10245:
URL: https://github.com/apache/kafka/pull/10245
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org