You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by yo...@apache.org on 2022/09/23 02:16:55 UTC
[bookkeeper] branch branch-4.15 updated: [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047 (#3404)
This is an automated email from the ASF dual-hosted git repository.
yong pushed a commit to branch branch-4.15
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/branch-4.15 by this push:
new 6ef705bd83 [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047 (#3404)
6ef705bd83 is described below
commit 6ef705bd836c32ad64be0585fbbc751c5ec2cc28
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Thu Jul 14 08:10:00 2022 +0200
[security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047 (#3404)
(cherry picked from commit 207368b254b4588be6852c1c18740e8097be7066)
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 16 ++++++++--------
.../src/main/resources/LICENSE-server.bin.txt | 16 ++++++++--------
bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt | 16 ++++++++--------
bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt | 16 ++++++++--------
pom.xml | 2 +-
5 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 7a77c9ff5c..8fcebb12b5 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
- lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar [22]
- lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
- lib/com.beust-jcommander-1.78.jar [24]
- lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
@@ -335,7 +335,7 @@ Apache Software License, Version 2.
[19] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad
[20] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6
[21] Source available at https://github.com/apache/zookeeper/tree/release-3.8.0
-[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.46.v20220331
+[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.48.v20220622
[23] Source available at https://github.com/facebook/rocksdb/tree/v6.22.1
[24] Source available at https://github.com/cbeust/jcommander/tree/1.78
[25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index eddbd54884..e3dc9c2078 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -257,13 +257,13 @@ Apache Software License, Version 2.
- lib/org.apache.zookeeper-zookeeper-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-jute-3.8.0.jar [21]
- lib/org.apache.zookeeper-zookeeper-3.8.0-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar [22]
- lib/org.rocksdb-rocksdbjni-6.29.4.1.jar [23]
- lib/com.beust-jcommander-1.78.jar [24]
- lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
@@ -332,7 +332,7 @@ Apache Software License, Version 2.
[19] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=tag;h=a3a5ad
[20] Source available at https://git-wip-us.apache.org/repos/asf?p=commons-lang.git;a=shortlog;h=refs/tags/LANG_3_6
[21] Source available at https://github.com/apache/zookeeper/tree/release-3.8.0
-[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.46.v20220331
+[22] Source available at https://github.com/eclipse/jetty.project/tree/jetty-9.4.48.v20220622
[23] Source available at https://github.com/facebook/rocksdb/tree/v6.16.4
[24] Source available at https://github.com/cbeust/jcommander/tree/1.78
[25] Source available at https://github.com/DataSketches/sketches-core/tree/sketches-0.8.3
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
index 81841d0653..0dd3a7f2dc 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
@@ -86,13 +86,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
This product includes software developed as part of the
Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331jar
-- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622jar
+- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
==============================================================
Jetty Web Container
@@ -114,7 +114,7 @@ Jetty is dual licensed under both
Jetty may be distributed under either license.
-lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar bundles UnixCrypt
The UnixCrypt.java code implements the one way cryptography used by
Unix systems for simple password protection. Copyright 1996 Aki Yoshida,
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
index 7015d5c69b..9466ad92d1 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
@@ -68,13 +68,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
This product includes software developed as part of the
Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.46.v20220331.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
==============================================================
Jetty Web Container
@@ -96,7 +96,7 @@ Jetty is dual licensed under both
Jetty may be distributed under either license.
-lib/org.eclipse.jetty-jetty-util-9.4.46.v20220331.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar bundles UnixCrypt
The UnixCrypt.java code implements the one way cryptography used by
Unix systems for simple password protection. Copyright 1996 Aki Yoshida,
diff --git a/pom.xml b/pom.xml
index 037dfe6250..970ecdffa1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -143,7 +143,7 @@
<hdrhistogram.version>2.1.10</hdrhistogram.version>
<jackson.version>2.13.2.20220328</jackson.version>
<jcommander.version>1.78</jcommander.version>
- <jetty.version>9.4.46.v20220331</jetty.version>
+ <jetty.version>9.4.48.v20220622</jetty.version>
<jmh.version>1.19</jmh.version>
<jmock.version>2.8.2</jmock.version>
<jsoup.version>1.14.3</jsoup.version>