Skip to content

[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 #21395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Technoboy- merged 1 commit into from
Oct 19, 2023
Merged

[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 #21395

Technoboy- merged 1 commit into from
Oct 19, 2023

Conversation

@lhotari
Copy link
Member

@lhotari lhotari commented Oct 19, 2023

Motivation

OWASP dependency check reports CVE-2023-44487 for Jetty (and also Netty).

Modifications

Upgrade Jetty to 9.4.53.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@lhotari lhotari added this to the 3.2.0 milestone Oct 19, 2023
@lhotari lhotari self-assigned this Oct 19, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Oct 19, 2023
@codecov-commenter
Copy link

codecov-commenter commented Oct 19, 2023
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.27%. Comparing base (b1bca56) to head (9c222a4).
⚠️ Report is 1624 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #21395      +/-   ##
============================================
- Coverage     73.27%   73.27%   -0.01%     
+ Complexity    32581    32568      -13     
============================================
  Files          1888     1888              
  Lines        140282   140279       -3     
  Branches      15415    15416       +1     
============================================
- Hits         102790   102784       -6     
+ Misses        29415    29406       -9     
- Partials       8077     8089      +12
Flag Coverage Δ
inttests 24.19% <ø> (+0.02%) ⬆️
systests 24.73% <ø> (+0.01%) ⬆️
unittests 72.56% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 66 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Technoboy- Technoboy- merged commit 22fd8c2 into apache:master Oct 19, 2023
poorbarcode pushed a commit that referenced this pull request Oct 24, 2023
@lhotari @poorbarcode
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
a34bd59 
(cherry picked from commit 22fd8c2)
@compuguy
Copy link

compuguy commented Oct 26, 2023

Can this be marked/labeled cherry-picked/branch-3.1?

@compuguy compuguy mentioned this pull request Oct 26, 2023
Merged
4 tasks
lhotari added a commit that referenced this pull request Oct 26, 2023
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
a790d7f 
(cherry picked from commit 22fd8c2)
@lhotari
Copy link
Member Author

lhotari commented Oct 26, 2023

Can this be marked/labeled cherry-picked/branch-3.1?

@compuguy cherry picked to branch-3.1 .

@compuguy compuguy mentioned this pull request Oct 26, 2023
Merged
4 tasks
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 12, 2023
@lhotari @nikhil-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
fdfdd53 
…21395)

(cherry picked from commit 22fd8c2)
(cherry picked from commit a790d7f)
@nikhil-ctds nikhil-ctds mentioned this pull request Dec 12, 2023
Closed
4 tasks
srinath-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 14, 2023
@lhotari @srinath-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
ba7a135 
…21395)

(cherry picked from commit 22fd8c2)
(cherry picked from commit a790d7f)
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 20, 2023
@lhotari @nikhil-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
a397787 
…21395)

(cherry picked from commit 22fd8c2)
srinath-ctds pushed a commit to datastax/pulsar that referenced this pull request Dec 20, 2023
@lhotari @srinath-ctds
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (apache#…
a59e293 
…21395)

(cherry picked from commit 22fd8c2)
lhotari added a commit that referenced this pull request Feb 27, 2024
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
cf73405 
(cherry picked from commit 22fd8c2)
(cherry picked from commit a34bd59)
lhotari added a commit that referenced this pull request Feb 27, 2024
@lhotari
[fix][sec] Upgrade Jetty to 9.4.53 to address CVE-2023-44487 (#21395)
2b01a49 
(cherry picked from commit 22fd8c2)
(cherry picked from commit a34bd59)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Technoboy- Technoboy- Technoboy- approved these changes

@tisonkun tisonkun Awaiting requested review from tisonkun

@mattisonchao mattisonchao Awaiting requested review from mattisonchao

Assignees

@lhotari lhotari

Labels

area/security cherry-picked/branch-3.0 cherry-picked/branch-3.1 doc-not-needed Your PR changes do not impact docs ready-to-test release/3.0.2 release/3.1.2

Projects

None yet

Milestone

3.2.0

Development

Successfully merging this pull request may close these issues.

5 participants

@lhotari @codecov-commenter @compuguy @Technoboy- @poorbarcode