update jetty & netty4 dependencies (#15129)

Update jetty dependencies version to 9.4.53.v20231009
Update netty4 dependencies version to 4.1.100.Final to resolve CVE-2023-4586 (Netty-handler does not validate host names by default)
This commit is contained in:
Tejaswini Bandlamudi 2023-10-11 18:16:28 +05:30 committed by GitHub
parent dba0246aca
commit 52d94b09a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions

View File

@ -1289,7 +1289,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 4.1.94.Final
version: 4.1.100.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
@ -2060,7 +2060,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 9.4.51.v20230217
version: 9.4.53.v20231009
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation

View File

@ -95,7 +95,7 @@
<guava.version>31.1-jre</guava.version>
<guice.version>4.1.0</guice.version>
<hamcrest.version>1.3</hamcrest.version>
<jetty.version>9.4.51.v20230217</jetty.version>
<jetty.version>9.4.53.v20231009</jetty.version>
<jersey.version>1.19.4</jersey.version>
<jackson.version>2.12.7</jackson.version>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
@ -103,7 +103,7 @@
<mysql.version>5.1.49</mysql.version>
<mariadb.version>2.7.3</mariadb.version>
<netty3.version>3.10.6.Final</netty3.version>
<netty4.version>4.1.94.Final</netty4.version>
<netty4.version>4.1.100.Final</netty4.version>
<postgresql.version>42.6.0</postgresql.version>
<protobuf.version>3.24.0</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>