ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v202011…

…02 - CVE-2020-27218 Bump jetty.version to 9.4.35.v20201120. The [release notes](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.35.v20201120) mention [issue 5605](jetty/jetty.project#5605): > java.io.IOException: unconsumed input during http request parsing which seems to match the description of [CVE-2020-27218](http://cve.circl.lu/cve/CVE-2020-27218) Author: Damien Diederen <dd@crosstwine.com> Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>, Andor Molnar <anmolnar@apache.org>, Patrick D. Hunt <phunt@apache.org> Closes #1552 from ztzg/jetty-upgrade-CVE-2020-27218
apache · Dec 24, 2020 · 59c8741 · 59c8741
1 parent ef1f12f
commit 59c8741
Show file tree

Hide file tree

Showing 12 changed files with 1,669 additions and 1,262 deletions.
diff --git a/pom.xml b/pom.xml
@@ -438,7 +438,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.4</commons-cli.version>
     <netty.version>4.1.50.Final</netty.version>
-    <jetty.version>9.4.34.v20201102</jetty.version>
+    <jetty.version>9.4.35.v20201120</jetty.version>
     <jackson.version>2.10.5</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.7.7</snappy.version>

diff --git a/...jetty-client-9.4.34.v20201102.LICENSE.txt → ...jetty-client-9.4.35.v20201120.LICENSE.txt b/...jetty-client-9.4.34.v20201102.LICENSE.txt → ...jetty-client-9.4.35.v20201120.LICENSE.txt
@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

diff --git a/...b/jetty-http-9.4.34.v20201102.LICENSE.txt → ...b/jetty-http-9.4.35.v20201120.LICENSE.txt b/...b/jetty-http-9.4.34.v20201102.LICENSE.txt → ...b/jetty-http-9.4.35.v20201120.LICENSE.txt
@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

diff --git a/...lib/jetty-io-9.4.34.v20201102.LICENSE.txt → ...lib/jetty-io-9.4.35.v20201120.LICENSE.txt b/...lib/jetty-io-9.4.34.v20201102.LICENSE.txt → ...lib/jetty-io-9.4.35.v20201120.LICENSE.txt
@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

diff --git a/...tty-security-9.4.34.v20201102.LICENSE.txt → ...tty-security-9.4.35.v20201120.LICENSE.txt b/...tty-security-9.4.34.v20201102.LICENSE.txt → ...tty-security-9.4.35.v20201120.LICENSE.txt
@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

diff --git a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.34.v20201102.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.34.v20201102.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.35.v20201120.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.34.v20201102.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.34.v20201102.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.35.v20201120.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.34.v20201102.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.34.v20201102.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.35.v20201120.LICENSE.txt
diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.35.v20201120.LICENSE.txt