[CVE] Update Jetty version to fix its CVEs (apache#4642)

stephenshen1993 · Apr 13, 2020 · 950346c · 950346c
1 parent 00e8f2d
commit 950346c
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 14 deletions.
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
@@ -246,7 +246,7 @@ The text of each license is the standard Apache 2.0 license.
     transport-netty4-client 5.5.0: http://central.maven.org/maven2/org/elasticsearch/plugin/transport-netty4-client/5.5.0/transport-netty4-client-5.5.0.pom , Apache 2.0
     securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0
     LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0
-    Eclipse (Jetty) 3.3.6: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
+    Eclipse (Jetty) 9.4.28.v20200408: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
     SnakeYAML 1.18: http://www.snakeyaml.org , Apache 2.0
     Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0
     Joda-Convert 1.2: http://www.joda.org/joda-convert/ , Apache 2.0

diff --git a/oap-server/pom.xml b/oap-server/pom.xml
@@ -58,7 +58,7 @@
         <graphql-java.version>8.0</graphql-java.version>
         <zookeeper.version>3.4.10</zookeeper.version>
         <netty-tcnative-boringssl-static.version>2.0.26.Final</netty-tcnative-boringssl-static.version>
-        <jetty.version>9.4.2.v20170220</jetty.version>
+        <jetty.version>9.4.28.v20200408</jetty.version>
         <h2.version>1.4.196</h2.version>
         <commons-dbcp.version>1.4</commons-dbcp.version>
         <commons-io.version>2.6</commons-io.version>

diff --git a/tools/dependencies/known-oap-backend-dependencies-es7.txt b/tools/dependencies/known-oap-backend-dependencies-es7.txt
@@ -77,12 +77,12 @@ javassist-3.25.0-GA.jar
 javax.inject-1.jar
 javax.servlet-api-3.1.0.jar
 jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
 jline-0.9.94.jar
 jna-4.5.1.jar
 joda-convert-1.2.jar

diff --git a/tools/dependencies/known-oap-backend-dependencies.txt b/tools/dependencies/known-oap-backend-dependencies.txt
@@ -76,12 +76,12 @@ javassist-3.25.0-GA.jar
 javax.inject-1.jar
 javax.servlet-api-3.1.0.jar
 jcl-over-slf4j-1.7.25.jar
-jetty-http-9.4.2.v20170220.jar
-jetty-io-9.4.2.v20170220.jar
-jetty-security-9.4.2.v20170220.jar
-jetty-server-9.4.2.v20170220.jar
-jetty-servlet-9.4.2.v20170220.jar
-jetty-util-9.4.2.v20170220.jar
+jetty-http-9.4.28.v20200408.jar
+jetty-io-9.4.28.v20200408.jar
+jetty-security-9.4.28.v20200408.jar
+jetty-server-9.4.28.v20200408.jar
+jetty-servlet-9.4.28.v20200408.jar
+jetty-util-9.4.28.v20200408.jar
 jline-0.9.94.jar
 jna-4.5.1.jar
 joda-convert-1.2.jar