You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by dd...@apache.org on 2021/09/01 16:52:47 UTC

[zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)

This is an automated email from the ASF dual-hosted git repository.

ddiederen pushed a commit to branch branch-3.7
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.7 by this push:
     new 84166e1  ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)
84166e1 is described below

commit 84166e18906d6e611b64d8128fefddc14d86da14
Author: Damien Diederen <dd...@apache.org>
AuthorDate: Wed Sep 1 16:50:38 2021 +0000

    ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)
    
    Version 9.4.43.v20210629 is the latest available in the 9.4 series at the time of this commit.  Its release notes explicitly declare "This release resolves CVE-2021-34429":
    
      https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.43.v20210629
    
    Author: Damien Diederen <dd...@apache.org>
    
    Reviewers: Norbert Kalmar <nk...@apache.org>, Enrico Olivelli <eo...@apache.org>
    
    Closes #1734 from ztzg/ZOOKEEPER-4337-owasp-failures
    
    (cherry picked from commit 561231f8bfe910e63dbd8c281cb25033a0e7d7a5)
    Signed-off-by: Damien Diederen <dd...@apache.org>
---
 pom.xml                                                                 | 2 +-
 ...39.v20210325.LICENSE.txt => jetty-http-9.4.43.v20210629.LICENSE.txt} | 0
 ...4.39.v20210325.LICENSE.txt => jetty-io-9.4.43.v20210629.LICENSE.txt} | 0
 ...20210325.LICENSE.txt => jetty-security-9.4.43.v20210629.LICENSE.txt} | 0
 ....v20210325.LICENSE.txt => jetty-server-9.4.43.v20210629.LICENSE.txt} | 0
 ...v20210325.LICENSE.txt => jetty-servlet-9.4.43.v20210629.LICENSE.txt} | 0
 ...39.v20210325.LICENSE.txt => jetty-util-9.4.43.v20210629.LICENSE.txt} | 0
 ...0210325.LICENSE.txt => jetty-util-ajax-9.4.43.v20210629.LICENSE.txt} | 0
 8 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 71c0db8..3c730cb 100755
--- a/pom.xml
+++ b/pom.xml
@@ -438,7 +438,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.4</commons-cli.version>
     <netty.version>4.1.63.Final</netty.version>
-    <jetty.version>9.4.39.v20210325</jetty.version>
+    <jetty.version>9.4.43.v20210629</jetty.version>
     <jackson.version>2.10.5.1</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.7.7</snappy.version>
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-http-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-util-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-io-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-security-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-server-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-server-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-security-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-io-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-util-9.4.43.v20210629.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.39.v20210325.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.43.v20210629.LICENSE.txt
similarity index 100%
rename from zookeeper-server/src/main/resources/lib/jetty-http-9.4.39.v20210325.LICENSE.txt
rename to zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.43.v20210629.LICENSE.txt