首頁 探索 說明
註冊 登入
apache
/
zookeeper
镜像来自 https://gitee.com/apache/zookeeper.git
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

ZOOKEEPER-4876: jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)

Reviewers: ztzg
Author: anmolnar
Closes #2202 from anmolnar/ZOOKEEPER-4876
Andor Molnár 6 月之前
父節點
b99714543d
當前提交
858b787432
共有 2 個文件被更改,包括 6 次插入2 次删除
分割檢視 顯示文件統計
  1. 5 1
      owaspSuppressions.xml
  2. 1 1
      pom.xml

+ 5 - 1
owaspSuppressions.xml
查看文件 

@@ -18,6 +18,11 @@
 
 -->
 
 
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
 
+   <suppress>
 
+      <!-- ZooKeeper is not affected, because HttpURI is not used in our code.
 
+           see: ZOOKEEPER-4876 -->
 
+      <cve>CVE-2024-6763</cve>
 
+   </suppress>
 
    <suppress>
 
       <!-- ZOOKEEPER-3217 -->
 
       <cve>CVE-2018-8088</cve>
 
@@ -72,5 +77,4 @@
 
            in json-java which we don't use in ZooKeeper -->
 
       <cve>CVE-2022-45688</cve>
 
    </suppress>
 
-
 
 </suppressions>

+ 1 - 1
pom.xml
查看文件 

@@ -560,7 +560,7 @@
 
     <hamcrest.version>2.2</hamcrest.version>
 
     <commons-cli.version>1.5.0</commons-cli.version>
 
     <netty.version>4.1.113.Final</netty.version>
 
-    <jetty.version>9.4.53.v20231009</jetty.version>
 
+    <jetty.version>9.4.56.v20240826</jetty.version>
 
     <jackson.version>2.15.2</jackson.version>
 
     <jline.version>2.14.6</jline.version>
 
     <snappy.version>1.1.10.5</snappy.version>