Skip to content

Commit 40777a6

Browse files
php-coderphp-coder
committed
fix(security): update Jetty to 9.2.28.v20190418 and fix possible CVEs.
This update addressed the following CVEs: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12538 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10246 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247 See for details: - https://www.eclipse.org/lists/jetty-announce/msg00123.html - https://webtide.com/indexing-listing-vulnerability-in-jetty/ Changelogs: - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.2.19.v20160908 - https://www.eclipse.org/lists/jetty-announce/msg00099.html - https://www.eclipse.org/lists/jetty-announce/msg00100.html - https://www.eclipse.org/lists/jetty-announce/msg00110.html - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.2.23.v20171218 - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.2.24.v20180105 - https://www.eclipse.org/lists/jetty-announce/msg00116.html (EOL announcement) - https://www.eclipse.org/lists/jetty-announce/msg00120.html - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.2.26.v20180806 - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.2.27.v20190403 - https://www.eclipse.org/lists/jetty-announce/msg00130.html
1 parent 25c9b54 commit 40777a6

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

pom.xml

+1-1
Original file line numberDiff line numberDiff line change
@@ -518,7 +518,7 @@
518518
<javax.validation.version>1.1.0.Final</javax.validation.version>
519519

520520
<!-- Redefine default value from spring-boot-dependencies (https://github.com/spring-projects/spring-boot/blob/v1.5.21.RELEASE/spring-boot-dependencies/pom.xml) -->
521-
<jetty.version>9.2.18.v20160721</jetty.version>
521+
<jetty.version>9.2.28.v20190418</jetty.version>
522522

523523
<!-- Don't forget to update version in the ResourceUrl class -->
524524
<jquery.version>1.9.1</jquery.version>

0 commit comments

Comments
 (0)