ztzg opened a new pull request, #2118: URL: https://github.com/apache/zookeeper/pull/2118
This merge request addresses the following `dependency-check:check` report: jetty-io-9.4.52.v20230823.jar: CVE-2023-44487(7.5), CVE-2023-36478(7.5) jetty-server-9.4.52.v20230823.jar: CVE-2023-44487(7.5), CVE-2023-36478(7.5) logback-core-1.2.10.jar: CVE-2023-6378(7.5) netty-transport-4.1.94.Final.jar: CVE-2023-44487(7.5) I realized that there were existing contributions for these CVEs: * https://github.com/apache/zookeeper/pull/2082, "Update Netty from 4.1.94 to 4.1.100" * https://github.com/apache/zookeeper/pull/2098, "ZOOKEEPER-4778: Patch CVE-2023-6378, CVE-2023-44487, CVE-2023-36478"; This one credits them, but replaces them, as: * It bumps Netty to version 4.1.105.Final; * It also updates the `LICENSE.txt` files. Jetty is updated to version 9.4.53.v20231009, and Logback to 1.2.13, as with the other two requests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org