This is an automated email from the ASF dual-hosted git repository. nicholasjiang pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/celeborn.git
commit d546398a4bb86ac6d39c413d160bfb3bacd423e6 Author: Wang, Fei <[email protected]> AuthorDate: Wed Dec 10 20:50:27 2025 +0800 [CELEBORN-2234] Bump jetty version to 9.4.58.v20250814 to fix GHSA-qh8g-58pp-2wxh ### What changes were proposed in this pull request? Bump jetty version to 9.4.58.v20250814 to fix GHSA-qh8g-58pp-2wxh ### Why are the changes needed? To fix CVE https://github.com/advisories/GHSA-qh8g-58pp-2wxh ### Does this PR resolve a correctness bug? ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? GA. Closes #3560 from turboFei/jetty. Authored-by: Wang, Fei <[email protected]> Signed-off-by: SteNicholas <[email protected]> --- dev/deps/dependencies-server | 18 +++++++++--------- pom.xml | 2 +- project/CelebornBuild.scala | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/dev/deps/dependencies-server b/dev/deps/dependencies-server index a7b15f6e5..a526f0a4c 100644 --- a/dev/deps/dependencies-server +++ b/dev/deps/dependencies-server @@ -63,15 +63,15 @@ jersey-hk2/2.39.1//jersey-hk2-2.39.1.jar jersey-media-json-jackson/2.39.1//jersey-media-json-jackson-2.39.1.jar jersey-media-multipart/2.39.1//jersey-media-multipart-2.39.1.jar jersey-server/2.39.1//jersey-server-2.39.1.jar -jetty-client/9.4.56.v20240826//jetty-client-9.4.56.v20240826.jar -jetty-http/9.4.56.v20240826//jetty-http-9.4.56.v20240826.jar -jetty-io/9.4.56.v20240826//jetty-io-9.4.56.v20240826.jar -jetty-proxy/9.4.56.v20240826//jetty-proxy-9.4.56.v20240826.jar -jetty-security/9.4.56.v20240826//jetty-security-9.4.56.v20240826.jar -jetty-server/9.4.56.v20240826//jetty-server-9.4.56.v20240826.jar -jetty-servlet/9.4.56.v20240826//jetty-servlet-9.4.56.v20240826.jar -jetty-util-ajax/9.4.56.v20240826//jetty-util-ajax-9.4.56.v20240826.jar -jetty-util/9.4.56.v20240826//jetty-util-9.4.56.v20240826.jar +jetty-client/9.4.58.v20250814//jetty-client-9.4.58.v20250814.jar +jetty-http/9.4.58.v20250814//jetty-http-9.4.58.v20250814.jar +jetty-io/9.4.58.v20250814//jetty-io-9.4.58.v20250814.jar +jetty-proxy/9.4.58.v20250814//jetty-proxy-9.4.58.v20250814.jar +jetty-security/9.4.58.v20250814//jetty-security-9.4.58.v20250814.jar +jetty-server/9.4.58.v20250814//jetty-server-9.4.58.v20250814.jar +jetty-servlet/9.4.58.v20250814//jetty-servlet-9.4.58.v20250814.jar +jetty-util-ajax/9.4.58.v20250814//jetty-util-ajax-9.4.58.v20250814.jar +jetty-util/9.4.58.v20250814//jetty-util-9.4.58.v20250814.jar jsr305/1.3.9//jsr305-1.3.9.jar jul-to-slf4j/1.7.36//jul-to-slf4j-1.7.36.jar leveldbjni-all/1.8//leveldbjni-all-1.8.jar diff --git a/pom.xml b/pom.xml index 816393f93..023f100e0 100644 --- a/pom.xml +++ b/pom.xml @@ -120,7 +120,7 @@ <swagger.version>2.2.1</swagger.version> <swagger-ui.version>4.9.1</swagger-ui.version> <jersey.version>2.39.1</jersey.version> - <jetty.version>9.4.56.v20240826</jetty.version> + <jetty.version>9.4.58.v20250814</jetty.version> <javax.servlet-api.version>4.0.1</javax.servlet-api.version> <!-- 6.0.0 requires JDK 11 --> <jakarta.servlet-api.version>5.0.0</jakarta.servlet-api.version> diff --git a/project/CelebornBuild.scala b/project/CelebornBuild.scala index f12adff49..ec91cc70a 100644 --- a/project/CelebornBuild.scala +++ b/project/CelebornBuild.scala @@ -79,7 +79,7 @@ object Dependencies { val swaggerVersion = "2.2.1" val swaggerUiVersion = "4.9.1" val jerseyVersion = "2.39.1" - val jettyVersion = "9.4.56.v20240826" + val jettyVersion = "9.4.58.v20250814" val javaxServletApiVersion = "4.0.1" val jakartaServeletApiVersion = "5.0.0" val openApiToolsJacksonBindNullableVersion = "0.2.6"
