HDDS-5473. Bump jetty version to 9.4.43.v20210629#2449
Merged
adoroszlai merged 6 commits intoapache:masterfrom Aug 6, 2021
Merged
HDDS-5473. Bump jetty version to 9.4.43.v20210629#2449adoroszlai merged 6 commits intoapache:masterfrom
adoroszlai merged 6 commits intoapache:masterfrom
Conversation
elek
changed the title
ayushtkn
reviewed
Jul 21, 2021
pom.xml
Outdated
| <failIfNoTests>false</failIfNoTests> | ||
| <maven.test.redirectTestOutputToFile>true</maven.test.redirectTestOutputToFile> | ||
| <jetty.version>9.4.35.v20201120</jetty.version> | ||
| <jetty.version>9.4.41.v20210516</jetty.version> |
Member
There was a problem hiding this comment.
Any reason for not using 9.4.43.v20210629? Or we just want to cover the CVE fix?
Contributor
There was a problem hiding this comment.
We may want to go with 9.4.43, as the most recent CVE is only fixed in that version: GHSA-vjv5-gp2w-65vm
adoroszlai
changed the title
Contributor
|
triggering the test again. i think it's fine to use 9.4.41 to cover known issues. |
adoroszlai
changed the title
Contributor
|
@elek Thanks for the fix. I've updated the PR with the latest Jetty version to cover most recent CVE, too. I've also improved |
ayushtkn
approved these changes
Jul 29, 2021
Contributor
|
Thanks @elek for the fix, @ayushtkn and @jojochuang for the review. |
errose28
added a commit
to errose28/ozone
that referenced
this pull request
Aug 9, 2021
* master: (24 commits) HDDS-5503. On finalize upgrade actions not running. (apache#2476) HDDS-5390. reconPipelineReportHandler should not retry when pipeline not found (apache#2371) HDDS-5538. Uncaught NPE in GrpcReplicationService. (apache#2503) HDDS-5473. Bump jetty version to 9.4.43.v20210629 (apache#2449) HDDS-5516. Duplicate metrics registered while running checkScmHA upon scm startup. (apache#2475) HDDS-4668. Intermittent failure in TestOMRatisSnapshots (apache#2474) HDDS-5527. Move tests back to root partition (apache#2486) HDDS-5532. Missing integration test cleanup (apache#2496) HDDS-5354. Allow to restrict available ReplicationConfig (apache#2345) HDDS-5539. Fix actual value in assertion in TestRDBStore (apache#2494) HDDS-5441. Disallow same set of DNs to be part of multiple pipelines. (apache#2416) HDDS-5530. Support links to encrypted buckets. (apache#2487) HDDS-5515. SKip update firstUpgradeActionLayoutVersion when on-disk layout version is up-to-date. (apache#2472) HDDS-5460: ReplicationConfig#getDefault is hardcoded with RatisReplicationConfig (apache#2430) HDDS-5472. Old versions of location in OmKeyLocationInfoGroup causes OOM of OM (apache#2448) HDDS-5302. CleanUp V1 Code of DeletedBlockLogImpl (apache#2465) HDDS-5362. [FSO] Support bucket layouts in OM (apache#2357) HDDS-5511. ContainerStateMap should handle ecReplication config map (apache#2470) HDDS-5501. Support to upload/read keys from encrypted buckets through S3G (apache#2467) HDDS-5512. Intermittent failure in TestSCMInstallSnapshotWithHA (apache#2473) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
JIRA: https://issues.apache.org/jira/browse/HDDS-5473
What changes were proposed in this pull request?
Recent jetty versions contain multiple security vulnerabilities. Most of them are low priorities, but it seems to be better to update the jetty versions.
How was this patch tested?
Full CI passed on my fork + checked if the
share/ozone/libfolder contains only jetty jars with the new version.