Skip to content

Commit 0d01e3a

Browse files
lhotarimanas-ctds
lhotari
authored and
manas-ctds
committed
[fix][sec] Upgrade Jetty to 9.4.58.v20250814 to address CVE-2025-5115 (apache#24897)
(cherry picked from commit bf71d4d)
1 parent 243d830 commit 0d01e3a

File tree

3 files changed

+28
-28
lines changed

3 files changed

+28
-28
lines changed

distribution/server/src/assemble/LICENSE.bin.txt

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -394,25 +394,25 @@ The Apache Software License, Version 2.0
394394
- org.asynchttpclient-async-http-client-2.12.4.jar
395395
- org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
396396
* Jetty
397-
- org.eclipse.jetty-jetty-client-9.4.57.v20241219.jar
398-
- org.eclipse.jetty-jetty-continuation-9.4.57.v20241219.jar
399-
- org.eclipse.jetty-jetty-http-9.4.57.v20241219.jar
400-
- org.eclipse.jetty-jetty-io-9.4.57.v20241219.jar
401-
- org.eclipse.jetty-jetty-proxy-9.4.57.v20241219.jar
402-
- org.eclipse.jetty-jetty-security-9.4.57.v20241219.jar
403-
- org.eclipse.jetty-jetty-server-9.4.57.v20241219.jar
404-
- org.eclipse.jetty-jetty-servlet-9.4.57.v20241219.jar
405-
- org.eclipse.jetty-jetty-servlets-9.4.57.v20241219.jar
406-
- org.eclipse.jetty-jetty-util-9.4.57.v20241219.jar
407-
- org.eclipse.jetty-jetty-util-ajax-9.4.57.v20241219.jar
408-
- org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.57.v20241219.jar
409-
- org.eclipse.jetty.websocket-websocket-api-9.4.57.v20241219.jar
410-
- org.eclipse.jetty.websocket-websocket-client-9.4.57.v20241219.jar
411-
- org.eclipse.jetty.websocket-websocket-common-9.4.57.v20241219.jar
412-
- org.eclipse.jetty.websocket-websocket-server-9.4.57.v20241219.jar
413-
- org.eclipse.jetty.websocket-websocket-servlet-9.4.57.v20241219.jar
414-
- org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.57.v20241219.jar
415-
- org.eclipse.jetty-jetty-alpn-server-9.4.57.v20241219.jar
397+
- org.eclipse.jetty-jetty-client-9.4.58.v20250814.jar
398+
- org.eclipse.jetty-jetty-continuation-9.4.58.v20250814.jar
399+
- org.eclipse.jetty-jetty-http-9.4.58.v20250814.jar
400+
- org.eclipse.jetty-jetty-io-9.4.58.v20250814.jar
401+
- org.eclipse.jetty-jetty-proxy-9.4.58.v20250814.jar
402+
- org.eclipse.jetty-jetty-security-9.4.58.v20250814.jar
403+
- org.eclipse.jetty-jetty-server-9.4.58.v20250814.jar
404+
- org.eclipse.jetty-jetty-servlet-9.4.58.v20250814.jar
405+
- org.eclipse.jetty-jetty-servlets-9.4.58.v20250814.jar
406+
- org.eclipse.jetty-jetty-util-9.4.58.v20250814.jar
407+
- org.eclipse.jetty-jetty-util-ajax-9.4.58.v20250814.jar
408+
- org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.58.v20250814.jar
409+
- org.eclipse.jetty.websocket-websocket-api-9.4.58.v20250814.jar
410+
- org.eclipse.jetty.websocket-websocket-client-9.4.58.v20250814.jar
411+
- org.eclipse.jetty.websocket-websocket-common-9.4.58.v20250814.jar
412+
- org.eclipse.jetty.websocket-websocket-server-9.4.58.v20250814.jar
413+
- org.eclipse.jetty.websocket-websocket-servlet-9.4.58.v20250814.jar
414+
- org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.58.v20250814.jar
415+
- org.eclipse.jetty-jetty-alpn-server-9.4.58.v20250814.jar
416416
* SnakeYaml -- org.yaml-snakeyaml-2.0.jar
417417
* RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar
418418
* Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.38.0.jar

distribution/shell/src/assemble/LICENSE.bin.txt

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -399,14 +399,14 @@ The Apache Software License, Version 2.0
399399
- async-http-client-2.12.4.jar
400400
- async-http-client-netty-utils-2.12.4.jar
401401
* Jetty
402-
- jetty-client-9.4.57.v20241219.jar
403-
- jetty-http-9.4.57.v20241219.jar
404-
- jetty-io-9.4.57.v20241219.jar
405-
- jetty-util-9.4.57.v20241219.jar
406-
- javax-websocket-client-impl-9.4.57.v20241219.jar
407-
- websocket-api-9.4.57.v20241219.jar
408-
- websocket-client-9.4.57.v20241219.jar
409-
- websocket-common-9.4.57.v20241219.jar
402+
- jetty-client-9.4.58.v20250814.jar
403+
- jetty-http-9.4.58.v20250814.jar
404+
- jetty-io-9.4.58.v20250814.jar
405+
- jetty-util-9.4.58.v20250814.jar
406+
- javax-websocket-client-impl-9.4.58.v20250814.jar
407+
- websocket-api-9.4.58.v20250814.jar
408+
- websocket-client-9.4.58.v20250814.jar
409+
- websocket-common-9.4.58.v20250814.jar
410410
* SnakeYaml -- snakeyaml-2.0.jar
411411
* Google Error Prone Annotations - error_prone_annotations-2.38.0.jar
412412
* Javassist -- javassist-3.25.0-GA.jar

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ flexible messaging model and an intuitive client API.</description>
187187
<curator.version>5.7.1</curator.version>
188188
<netty.version>4.1.127.Final</netty.version>
189189
<netty-iouring.version>0.0.26.Final</netty-iouring.version>
190-
<jetty.version>9.4.57.v20241219</jetty.version>
190+
<jetty.version>9.4.58.v20250814</jetty.version>
191191
<conscrypt.version>2.5.2</conscrypt.version>
192192
<jersey.version>2.42</jersey.version>
193193
<athenz.version>1.10.62</athenz.version>

0 commit comments

Comments
 (0)