You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by ke...@apache.org on 2021/04/27 14:14:36 UTC
[skywalking] branch jetty updated (38adc5e -> 4f806e7)
This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a change to branch jetty
in repository https://gitbox.apache.org/repos/asf/skywalking.git.
discard 38adc5e Bump up Jetty version
new 4f806e7 Bump up Jetty version
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (38adc5e)
\
N -- N -- N refs/heads/jetty (4f806e7)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGES.md | 1 +
1 file changed, 1 insertion(+)
[skywalking] 01/01: Bump up Jetty version
Posted by ke...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch jetty
in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 4f806e789776edb0d57b9082374b016874ad3cf2
Author: kezhenxu94 <ke...@apache.org>
AuthorDate: Tue Apr 27 22:06:09 2021 +0800
Bump up Jetty version
---
CHANGES.md | 1 +
dist-material/release-docs/LICENSE | 2 +-
oap-server/pom.xml | 2 +-
tools/dependencies/known-oap-backend-dependencies-es7.txt | 14 +++++++-------
tools/dependencies/known-oap-backend-dependencies.txt | 14 +++++++-------
5 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index e80cf25..615b1a4 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -26,6 +26,7 @@ Release Notes.
* Support alarm tags.
* Support WeLink as a channel of alarm notification.
* Fix: Some defensive codes didn't work in `PercentileFunction combine`.
+* CVE: fix Jetty vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2019-17638
#### UI
* Add logo for kong plugin.
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index d41a486..fc886de 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license.
transport 5.5.0: https://github.com/elastic/elasticsearch/tree/master/client/transport , Apache 2.0
securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0
LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0
- Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
+ Eclipse (Jetty) v9.4.40: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0
Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0
Joda-Convert 2.2.1: http://www.joda.org/joda-convert/ , Apache 2.0
diff --git a/oap-server/pom.xml b/oap-server/pom.xml
index 1d2b00b..9be01d8 100755
--- a/oap-server/pom.xml
+++ b/oap-server/pom.xml
@@ -62,7 +62,7 @@
<graphql-java.version>8.0</graphql-java.version>
<zookeeper.version>3.4.10</zookeeper.version>
<netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version>
- <jetty.version>9.4.28.v20200408</jetty.version>
+ <jetty.version>v9.4.40</jetty.version>
<h2.version>1.4.196</h2.version>
<commons-dbcp.version>1.4</commons-dbcp.version>
<commons-io.version>2.6</commons-io.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt
index b9c0aab..477db21 100755
--- a/tools/dependencies/known-oap-backend-dependencies-es7.txt
+++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt
@@ -86,12 +86,12 @@ javassist-3.25.0-GA.jar
javax.inject-1.jar
javax.servlet-api-3.1.0.jar
jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.28.v20200408.jar
-jetty-io-9.4.28.v20200408.jar
-jetty-security-9.4.28.v20200408.jar
-jetty-server-9.4.28.v20200408.jar
-jetty-servlet-9.4.28.v20200408.jar
-jetty-util-9.4.28.v20200408.jar
+jetty-http-v9.4.40.jar
+jetty-io-v9.4.40.jar
+jetty-security-v9.4.40.jar
+jetty-server-v9.4.40.jar
+jetty-servlet-v9.4.40.jar
+jetty-util-v9.4.40.jar
jline-0.9.94.jar
jna-4.5.1.jar
joda-convert-2.2.1.jar
@@ -174,4 +174,4 @@ snappy-java-1.1.7.3.jar
zstd-jni-1.4.3-1.jar
mvel2-2.4.8.Final.jar
commons-beanutils-1.9.4.jar
-postgresql-42.2.18.jar
\ No newline at end of file
+postgresql-42.2.18.jar
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 863d1d6..a229cb8 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -80,12 +80,12 @@ javassist-3.25.0-GA.jar
javax.inject-1.jar
javax.servlet-api-3.1.0.jar
jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.28.v20200408.jar
-jetty-io-9.4.28.v20200408.jar
-jetty-security-9.4.28.v20200408.jar
-jetty-server-9.4.28.v20200408.jar
-jetty-servlet-9.4.28.v20200408.jar
-jetty-util-9.4.28.v20200408.jar
+jetty-http-v9.4.40.jar
+jetty-io-v9.4.40.jar
+jetty-security-v9.4.40.jar
+jetty-server-v9.4.40.jar
+jetty-servlet-v9.4.40.jar
+jetty-util-v9.4.40.jar
jline-0.9.94.jar
jna-4.5.1.jar
joda-convert-2.2.1.jar
@@ -169,4 +169,4 @@ snappy-java-1.1.7.3.jar
zstd-jni-1.4.3-1.jar
mvel2-2.4.8.Final.jar
commons-beanutils-1.9.4.jar
-postgresql-42.2.18.jar
\ No newline at end of file
+postgresql-42.2.18.jar