(zookeeper) branch branch-3.8 updated: ZOOKEEPER-4900: Bump patch release of jetty to include CVE fix for CVE-2024-6763 (branch-3.8 backport)

Thu, 31 Jul 2025 13:45:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch branch-3.8
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.8 by this push:
     new e538841d0 ZOOKEEPER-4900: Bump patch release of jetty to include CVE 
fix for CVE-2024-6763 (branch-3.8 backport)
e538841d0 is described below

commit e538841d05ff2fb6432d28c3d87496050424554b
Author: Andor Molnár <[email protected]>
AuthorDate: Thu Jul 31 15:45:35 2025 -0500

    ZOOKEEPER-4900: Bump patch release of jetty to include CVE fix for 
CVE-2024-6763 (branch-3.8 backport)
    
    ZOOKEEPER-4900: Bump patch release of jetty to include CVE fix for 
CVE-2024-6763
    Reviewers: cnauroth, kezhuw, tisonkun
    Author: pfcoperez
    Closes #2220 from pfcoperez/ZOOKEEPER-4876/CVE-2024-6763
    Reviewers: kezhuw
    Author: anmolnar
    Closes #2286 from anmolnar/ZOOKEEPER-4900_38
---
 owaspSuppressions.xml                                                | 5 -----
 pom.xml                                                              | 2 +-
 ...0231009.LICENSE.txt => jetty-client-9.4.57.v20241219.LICENSE.txt} | 0
 ...v20231009.LICENSE.txt => jetty-http-9.4.57.v20241219.LICENSE.txt} | 0
 ...3.v20231009.LICENSE.txt => jetty-io-9.4.57.v20241219.LICENSE.txt} | 0
 ...31009.LICENSE.txt => jetty-security-9.4.57.v20241219.LICENSE.txt} | 0
 ...0231009.LICENSE.txt => jetty-server-9.4.57.v20241219.LICENSE.txt} | 0
 ...231009.LICENSE.txt => jetty-servlet-9.4.57.v20241219.LICENSE.txt} | 0
 ...v20231009.LICENSE.txt => jetty-util-9.4.57.v20241219.LICENSE.txt} | 0
 ...1009.LICENSE.txt => jetty-util-ajax-9.4.57.v20241219.LICENSE.txt} | 0
 10 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 79615817e..a74a781a4 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -18,11 +18,6 @@
 -->
 
 <suppressions 
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd";>
-   <suppress>
-      <!-- ZooKeeper is not affected, because HttpURI is not used in our code.
-           see: ZOOKEEPER-4876 -->
-      <cve>CVE-2024-6763</cve>
-   </suppress>
    <suppress>
       <!-- ZOOKEEPER-3217 -->
       <cve>CVE-2018-8088</cve>
diff --git a/pom.xml b/pom.xml
index 17468e18f..936b475b5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -468,7 +468,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <netty.version>4.1.119.Final</netty.version>
-    <jetty.version>9.4.56.v20240826</jetty.version>
+    <jetty.version>9.4.57.v20241219</jetty.version>
     <jackson.version>2.15.2</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.10.5</snappy.version>
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-client-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-client-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-client-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-client-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-http-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-http-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.53.v20231009.LICENSE.txt 
b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-io-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-io-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-security-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-security-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-server-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-server-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-util-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-util-9.4.57.v20241219.LICENSE.txt
diff --git 
a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.53.v20231009.LICENSE.txt
 
b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.57.v20241219.LICENSE.txt
similarity index 100%
rename from 
zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.53.v20231009.LICENSE.txt
rename to 
zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.57.v20241219.LICENSE.txt

Reply via email to