You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by wu...@apache.org on 2020/04/13 03:44:50 UTC

[skywalking] branch cve-jetty created (now 8793c74)

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a change to branch cve-jetty
in repository https://gitbox.apache.org/repos/asf/skywalking.git.


      at 8793c74  [CVE] Update Jetty version to fix its CVEs

This branch includes the following new commits:

     new 8793c74  [CVE] Update Jetty version to fix its CVEs

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[skywalking] 01/01: [CVE] Update Jetty version to fix its CVEs

Posted by wu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch cve-jetty
in repository https://gitbox.apache.org/repos/asf/skywalking.git

commit 8793c7425e515da31778c7344db5dc2015a8ce1e
Author: Wu Sheng <wu...@foxmail.com>
AuthorDate: Mon Apr 13 11:44:04 2020 +0800

    [CVE] Update Jetty version to fix its CVEs
---
 dist-material/release-docs/LICENSE                        |  2 +-
 oap-server/pom.xml                                        |  2 +-
 tools/dependencies/known-oap-backend-dependencies-es7.txt | 12 ++++++------
 tools/dependencies/known-oap-backend-dependencies.txt     | 12 ++++++------
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 69d352a..8ca15ba 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license.
     transport-netty4-client 5.5.0: http://central.maven.org/maven2/org/elasticsearch/plugin/transport-netty4-client/5.5.0/transport-netty4-client-5.5.0.pom , Apache 2.0
     securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0
     LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0
-    Eclipse (Jetty) 3.3.6: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
+    Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
     SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0
     Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0
     Joda-Convert 1.2: http://www.joda.org/joda-convert/ , Apache 2.0
diff --git a/oap-server/pom.xml b/oap-server/pom.xml
index 44c6e3e..b82034a 100755
--- a/oap-server/pom.xml
+++ b/oap-server/pom.xml
@@ -58,7 +58,7 @@
         <graphql-java.version>8.0</graphql-java.version>
         <zookeeper.version>3.4.10</zookeeper.version>
         <netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version>
-        <jetty.version>9.4.2.v20170220</jetty.version>
+        <jetty.version>9.4.28.v20200408</jetty.version>
         <h2.version>1.4.196</h2.version>
         <commons-dbcp.version>1.4</commons-dbcp.version>
         <commons-io.version>2.6</commons-io.version>
diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt
index 49f2780..5eda485 100755
--- a/tools/dependencies/known-oap-backend-dependencies-es7.txt
+++ b/tools/dependencies/known-oap-backend-dependencies-es7.txt
@@ -77,12 +77,12 @@ javassist-3.25.0-GA.jar
 javax.inject-1.jar
 javax.servlet-api-3.1.0.jar
 jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
 jline-0.9.94.jar
 jna-4.5.1.jar
 joda-convert-1.2.jar
diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
index 68db51a..58061ef 100755
--- a/tools/dependencies/known-oap-backend-dependencies.txt
+++ b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -76,12 +76,12 @@ javassist-3.25.0-GA.jar
 javax.inject-1.jar
 javax.servlet-api-3.1.0.jar
 jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
 jline-0.9.94.jar
 jna-4.5.1.jar
 joda-convert-1.2.jar