(bookkeeper) branch master updated: Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763 (#4600)

Mon, 05 May 2025 19:39:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

hezhangjian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 99eb63a5a4 Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763 
(#4600)
99eb63a5a4 is described below

commit 99eb63a5a417e9fdd7a7df4a5974491d51893c8e
Author: Lari Hotari <[email protected]>
AuthorDate: Tue May 6 05:39:19 2025 +0300

    Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763 (#4600)
    
    ### Motivation & Changes
    
    Upgrade Jetty to 9.4.57.v20241219 to address CVE-2024-6763
    Jetty 9.4.57.v20241219 contains backported CVE-2024-6763 fix in 
https://github.com/jetty/jetty.project/pull/12532 although it's not explicitly 
mentioned and most security scanners don't yet contain the information that 
it's been addressed in 9.4.57.
    More details:
    * https://github.com/jetty/jetty.project/issues/12630
    * https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.57.v20241219
    
    Note: The backport is a partial mitigation and Jetty 9.4.57 will continue 
to be marked as vulnerable. There's a discussion and explanation here: 
https://gitlab.eclipse.org/security/cve-assignement/-/issues/25#note_2968611
---
 bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt   | 14 +++++++-------
 .../src/main/resources/LICENSE-server.bin.txt            | 14 +++++++-------
 bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt    | 16 ++++++++--------
 bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt | 16 ++++++++--------
 pom.xml                                                  |  2 +-
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 36371a1af0..2514438d4f 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -264,13 +264,13 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.55.v20240627.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar [22]
 - lib/org.rocksdb-rocksdbjni-9.9.3.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 0c85d7eb83..a50ac33b28 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -264,13 +264,13 @@ Apache Software License, Version 2.
 - lib/org.apache.zookeeper-zookeeper-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-jute-3.9.3.jar [21]
 - lib/org.apache.zookeeper-zookeeper-3.9.3-tests.jar [21]
-- lib/org.eclipse.jetty-jetty-http-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-io-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-security-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-server-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-servlet-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar [22]
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.55.v20240627.jar [22]
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar [22]
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar [22]
 - lib/org.rocksdb-rocksdbjni-9.9.3.jar [23]
 - lib/com.beust-jcommander-1.82.jar [24]
 - lib/com.yahoo.datasketches-memory-0.8.3.jar [25]
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt 
b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
index e5eabd12e5..71db5d9392 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-all.bin.txt
@@ -93,13 +93,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.55.v20240627.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
 
 ==============================================================
  Jetty Web Container
@@ -121,7 +121,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
diff --git a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt 
b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
index c9212cc9b0..7c93a8c247 100644
--- a/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/NOTICE-server.bin.txt
@@ -75,13 +75,13 @@ SoundCloud Ltd. (http://soundcloud.com/).
 This product includes software developed as part of the
 Ocelli project by Netflix Inc. (https://github.com/Netflix/ocelli/).
 
------------------------------------------------------------------------------------
-- lib/org.eclipse.jetty-jetty-http-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-io-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-security-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-server-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-servlet-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar
-- lib/org.eclipse.jetty-jetty-util-ajax-9.4.55.v20240627.jar
+- lib/org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
+- lib/org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
 
 ==============================================================
  Jetty Web Container
@@ -103,7 +103,7 @@ Jetty is dual licensed under both
 
 Jetty may be distributed under either license.
 
-lib/org.eclipse.jetty-jetty-util-9.4.55.v20240627.jar bundles UnixCrypt
+lib/org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar bundles UnixCrypt
 
 The UnixCrypt.java code implements the one way cryptography used by
 Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
diff --git a/pom.xml b/pom.xml
index 499259bd38..10e0778a48 100644
--- a/pom.xml
+++ b/pom.xml
@@ -144,7 +144,7 @@
     <hdrhistogram.version>2.1.10</hdrhistogram.version>
     <jackson.version>2.17.1</jackson.version>
     <jcommander.version>1.82</jcommander.version>
-    <jetty.version>9.4.55.v20240627</jetty.version>
+    <jetty.version>9.4.57.v20241219</jetty.version>
     <jmh.version>1.37</jmh.version>
     <jmock.version>2.8.2</jmock.version>
     <junit.version>4.13.2</junit.version>

Reply via email to