From 52d94b09a771aaba74be0f7e1dbde25774058007 Mon Sep 17 00:00:00 2001
From: Tejaswini Bandlamudi <96047043+tejaswini-imply@users.noreply.github.com>
Date: Wed, 11 Oct 2023 18:16:28 +0530
Subject: [PATCH] update jetty & netty4 dependencies (#15129)
Update jetty dependencies version to 9.4.53.v20231009
Update netty4 dependencies version to 4.1.100.Final to resolve CVE-2023-4586 (Netty-handler does not validate host names by default)
---
licenses.yaml | 4 ++--
pom.xml | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 3b42871419a..f2c01acaffd 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1289,7 +1289,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.1.94.Final
+version: 4.1.100.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
@@ -2060,7 +2060,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 9.4.51.v20230217
+version: 9.4.53.v20231009
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation
diff --git a/pom.xml b/pom.xml
index bbfd3517c4c..945cc9d56d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@
31.1-jre
4.1.0
1.3
- 9.4.51.v20230217
+ 9.4.53.v20231009
1.19.4
2.12.7
1.9.13
@@ -103,7 +103,7 @@
5.1.49
2.7.3
3.10.6.Final
- 4.1.94.Final
+ 4.1.100.Final
42.6.0
3.24.0
1.3.1