Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Resolve CVEs: Upgrade jetty version and suppress azure cve (#17385)

This commit is contained in:
Rishabh Singh 2024-11-15 10:55:02 +05:30 committed by GitHub
parent 75d9ece665
commit 7f335ff486
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
licenses.yaml
View File

@ -2065,7 +2065,7 @@ name: Jetty
license_category: binary license_category: binary
module: java-core module: java-core
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 9.4.54.v20240208 version: 9.4.56.v20240826
libraries: libraries:
- org.eclipse.jetty: jetty-client - org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation - org.eclipse.jetty: jetty-continuation

5
owasp-dependency-check-suppressions.xml
View File

@ -649,10 +649,12 @@
</suppress> </suppress>
<suppress> <suppress>
<notes><![CDATA[ <notes><![CDATA[
FP per issue #6100 - CVE-2023-36052 since it is related to Azure-cli not to the azure-core libraries FP per issue #6100 - CVE-2023-36052 since it is related to azure-cli not to the azure-core libraries
CVE-2024-43591 is also related to azure-cli
]]></notes> ]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure*@*.*$</packageUrl> <packageUrl regex="true">^pkg:maven/com\.azure/azure*@*.*$</packageUrl>
<cve>CVE-2023-36052</cve> <cve>CVE-2023-36052</cve>
<cve>CVE-2024-43591</cve>
</suppress> </suppress>
<suppress> <suppress>
<!-- CVE is for a totally unrelated Sketch mac app --> <!-- CVE is for a totally unrelated Sketch mac app -->
@ -745,5 +747,4 @@
]]></notes> ]]></notes>
<vulnerabilityName>CVE-2024-45772</vulnerabilityName> <vulnerabilityName>CVE-2024-45772</vulnerabilityName>
</suppress> </suppress>
</suppressions> </suppressions>

2
pom.xml
View File

@ -98,7 +98,7 @@
<guava.version>32.0.1-jre</guava.version> <guava.version>32.0.1-jre</guava.version>
<guice.version>4.1.0</guice.version> <guice.version>4.1.0</guice.version>
<hamcrest.version>1.3</hamcrest.version> <hamcrest.version>1.3</hamcrest.version>
<jetty.version>9.4.54.v20240208</jetty.version> <jetty.version>9.4.56.v20240826</jetty.version>
<jersey.version>1.19.4</jersey.version> <jersey.version>1.19.4</jersey.version>
<jackson.version>2.12.7.20221012</jackson.version> <jackson.version>2.12.7.20221012</jackson.version>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version> <codehaus.jackson.version>1.9.13</codehaus.jackson.version>