(zookeeper) branch branch-3.9 updated: ZOOKEEPER-4900: Bump patch release of jetty to include CVE fix for CVE-2024-6763

Thu, 10 Apr 2025 09:48:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

kezhuw pushed a commit to branch branch-3.9
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.9 by this push:
     new df4599083 ZOOKEEPER-4900: Bump patch release of jetty to include CVE 
fix for CVE-2024-6763
df4599083 is described below

commit df4599083fae483f8c055b6871fdac1b0d2e76c3
Author: Pablo Francisco PĂ©rez Hidalgo <[email protected]>
AuthorDate: Wed Apr 9 09:57:16 2025 +0200

    ZOOKEEPER-4900: Bump patch release of jetty to include CVE fix for 
CVE-2024-6763
    
    Reviewers: cnauroth, kezhuw, tisonkun
    Author: pfcoperez
    Closes #2220 from pfcoperez/ZOOKEEPER-4876/CVE-2024-6763
    
    (cherry picked from commit 97a29de5c786fe717644d1b0c2f3579f5fc02af5)
    Signed-off-by: Kezhu Wang <[email protected]>
---
 owaspSuppressions.xml                                                | 5 -----
 pom.xml                                                              | 2 +-
 ...0231009.LICENSE.txt => jetty-client-9.4.57.v20241219.LICENSE.txt} | 0
 ...v20231009.LICENSE.txt => jetty-http-9.4.57.v20241219.LICENSE.txt} | 0
 ...3.v20231009.LICENSE.txt => jetty-io-9.4.57.v20241219.LICENSE.txt} | 0
 ...31009.LICENSE.txt => jetty-security-9.4.57.v20241219.LICENSE.txt} | 0
 ...0231009.LICENSE.txt => jetty-server-9.4.57.v20241219.LICENSE.txt} | 0
 ...231009.LICENSE.txt => jetty-servlet-9.4.57.v20241219.LICENSE.txt} | 0
 ...v20231009.LICENSE.txt => jetty-util-9.4.57.v20241219.LICENSE.txt} | 0
 ...1009.LICENSE.txt => jetty-util-ajax-9.4.57.v20241219.LICENSE.txt} | 0
 10 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 79615817e..a74a781a4 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -18,11 +18,6 @@
 -->
 
 <suppressions 
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd";>
-   <suppress>
-      <!-- ZooKeeper is not affected, because HttpURI is not used in our code.
-           see: ZOOKEEPER-4876 -->
-      <cve>CVE-2024-6763</cve>
-   </suppress>
    <suppress>
       <!-- ZOOKEEPER-3217 -->
       <cve>CVE-2018-8088</cve>
diff --git a/pom.xml b/pom.xml
index 30ff838da..3956ca88b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -560,7 +560,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <netty.version>4.1.119.Final</netty.version>
-    <jetty.version>9.4.56.v20240826</jetty.version>
+    <jetty.version>9.4.57.v20241219</jetty.version>
     <jackson.version>2.15.2</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.10.5</snappy.version>
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-client-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-client-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-client-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-client-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-http-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-http-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.53.v20231009.LICENSE.txt 
b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-io-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-io-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-security-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-security-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-server-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-server-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-util-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-util-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.57.v20241219.LICENSE.txt

Reply via email to