diff options
author | Damien Diederen <dd@crosstwine.com> | 2021-03-08 21:04:56 +0530 |
---|---|---|
committer | Mohammad Arshad <arshad@apache.org> | 2021-03-08 21:04:56 +0530 |
commit | 59f429e77f5802a7dc5ac129451a86247c6b86ad (patch) | |
tree | 9971bd47f462e9662da333982990c9fb60c2a97e | |
parent | 15940b14da1bd51cac850db735b7e00c0d8b3e35 (diff) | |
download | zookeeper-59f429e77f5802a7dc5ac129451a86247c6b86ad.tar.gz |
ZOOKEEPER-4233: dependency-check:check failing - Jetty 9.4.35.v20201120 - CVE-2020-27223
The OWASP checker reports that the version of Jetty currently
referenced by this branch is vulnerable to a CVE:
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.0:check (default-cli) on project zookeeper:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] jetty-server-9.4.35.v20201120.jar: CVE-2020-27223
[ERROR] jetty-http-9.4.35.v20201120.jar: CVE-2020-27223
https://nvd.nist.gov/vuln/detail/CVE-2020-27223 describes it as:
> In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive),
> 10.0.0, and 11.0.0 when Jetty handles a request containing multiple
> Accept headers with a large number of "quality" (i.e. q) parameters,
> the server may enter a denial of service (DoS) state due to high CPU
> usage processing those quality values, resulting in minutes of CPU
> time exhausted processing those quality values.
This changeset bumps Jetty to 9.4.38.v20210224, which is the latest
as of the commit date.
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1625 from ztzg/ZOOKEEPER-4023-jetty-CVE-2020-27223-x-3.5
-rw-r--r-- | build.xml | 2 | ||||
-rwxr-xr-x | pom.xml | 2 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-http-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-http-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-io-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-io-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-security-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-security-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-server-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-server-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-util-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-util-9.4.35.v20201120.LICENSE.txt) | 0 | ||||
-rw-r--r-- | zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.38.v20210224.LICENSE.txt (renamed from zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.35.v20201120.LICENSE.txt) | 0 |
9 files changed, 2 insertions, 2 deletions
@@ -54,7 +54,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant"> <property name="javacc.version" value="5.0"/> - <property name="jetty.version" value="9.4.35.v20201120"/> + <property name="jetty.version" value="9.4.38.v20210224"/> <property name="jackson.version" value="2.10.3"/> <property name="dependency-check-ant.version" value="5.2.4"/> @@ -297,7 +297,7 @@ <mockito.version>2.27.0</mockito.version> <hamcrest.version>1.3</hamcrest.version> <commons-cli.version>1.2</commons-cli.version> - <jetty.version>9.4.35.v20201120</jetty.version> + <jetty.version>9.4.38.v20210224</jetty.version> <netty.version>4.1.59.Final</netty.version> <jackson.version>2.10.5.1</jackson.version> <json.version>1.1.1</json.version> diff --git a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-http-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-http-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-io-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-io-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-security-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-security-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-server-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-server-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-servlet-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-util-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-util-9.4.38.v20210224.LICENSE.txt diff --git a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.35.v20201120.LICENSE.txt b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.38.v20210224.LICENSE.txt index 46f4f2524..46f4f2524 100644 --- a/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.35.v20201120.LICENSE.txt +++ b/zookeeper-server/src/main/resources/lib/jetty-util-ajax-9.4.38.v20210224.LICENSE.txt |