Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 #21395

Merged
merged 1 commit into from
Oct 19, 2023
Merged

[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 #21395

merged 1 commit into from
Oct 19, 2023

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Oct 19, 2023

Motivation

OWASP dependency check reports CVE-2023-44487 for Jetty (and also Netty).

Modifications

Upgrade Jetty to 9.4.53.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added this to the 3.2.0 milestone Oct 19, 2023
@lhotari lhotari self-assigned this Oct 19, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Oct 19, 2023
@codecov-commenter
Copy link

Codecov Report

Merging #21395 (9c222a4) into master (b1bca56) will decrease coverage by 0.01%.
Report is 5 commits behind head on master.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #21395      +/-   ##
============================================
- Coverage     73.27%   73.27%   -0.01%     
+ Complexity    32581    32568      -13     
============================================
  Files          1888     1888              
  Lines        140282   140279       -3     
  Branches      15415    15416       +1     
============================================
- Hits         102790   102784       -6     
+ Misses        29415    29406       -9     
- Partials       8077     8089      +12
Flag Coverage Δ
inttests 24.19% <50.00%> (+0.02%) ⬆️
systests 24.73% <0.00%> (+0.01%) ⬆️
unittests 72.56% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
...sar/broker/service/persistent/PersistentTopic.java 79.49% <100.00%> (+0.20%) ⬆️

... and 65 files with indirect coverage changes

@Technoboy- Technoboy- merged commit 22fd8c2 into apache:master Oct 19, 2023
47 of 49 checks passed
poorbarcode pushed a commit that referenced this pull request Oct 24, 2023
@lhotari @poorbarcode
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
a34bd59 
(cherry picked from commit 22fd8c2)
@compuguy
Copy link

Can this be marked/labeled cherry-picked/branch-3.1?

@compuguy compuguy mentioned this pull request Oct 26, 2023
Merged
4 tasks
lhotari added a commit that referenced this pull request Oct 26, 2023
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
a790d7f 
(cherry picked from commit 22fd8c2)
@lhotari
Copy link
Member Author

lhotari commented Oct 26, 2023

Can this be marked/labeled cherry-picked/branch-3.1?

@compuguy cherry picked to branch-3.1 .

@compuguy compuguy mentioned this pull request Oct 26, 2023
Merged
4 tasks
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 12, 2023
@lhotari @nikhil-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
fdfdd53 
…21395)

(cherry picked from commit 22fd8c2)
(cherry picked from commit a790d7f)
@nikhil-ctds nikhil-ctds mentioned this pull request Dec 12, 2023
Closed
4 tasks
srinath-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 14, 2023
@lhotari @srinath-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
ba7a135 
…21395)

(cherry picked from commit 22fd8c2)
(cherry picked from commit a790d7f)
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 20, 2023
@lhotari @nikhil-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
a397787 
…21395)

(cherry picked from commit 22fd8c2)
srinath-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 20, 2023
@lhotari @srinath-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
a59e293 
…21395)

(cherry picked from commit 22fd8c2)
lhotari added a commit that referenced this pull request Feb 27, 2024
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
cf73405 
(cherry picked from commit 22fd8c2)
(cherry picked from commit a34bd59)
lhotari added a commit that referenced this pull request Feb 27, 2024
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
2b01a49 
(cherry picked from commit 22fd8c2)
(cherry picked from commit a34bd59)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Technoboy- Technoboy- Technoboy- approved these changes

@tisonkun tisonkun Awaiting requested review from tisonkun

@mattisonchao mattisonchao Awaiting requested review from mattisonchao

Assignees

@lhotari lhotari

Labels
area/security cherry-picked/branch-3.0 cherry-picked/branch-3.1 doc-not-needed Your PR changes do not impact docs ready-to-test release/3.0.2 release/3.1.2
Projects
None yet
Milestone
3.2.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lhotari @codecov-commenter @compuguy @Technoboy- @poorbarcode