Skip to content

Commit

Permalink
KAFKA-12400: Upgrade jetty to fix CVE-2020-27223
Browse files Browse the repository at this point in the history 
Here is the fix. The reason of [CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223) was DOS vulnerability for Quoted Quality CSV headers and [patched in 9.4.37.v20210219](GHSA-m394-8rww-3jr7).

This PR updates Jetty dependency into the following version, 9.4.38.v20210224.

Author: Lee Dongjin <dongjin@apache.org>

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>

Closes apache#10245 from dongjinleekr/feature/KAFKA-12400
  • Loading branch information
@dongjinleekr @omkreddy
dongjinleekr authored and omkreddy committed Mar 3, 2021
1 parent cfb6006 commit b77deec
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion gradle/dependencies.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ versions += [
jacksonDatabind: "2.10.5.1",
jacoco: "0.8.5",
javassist: "3.27.0-GA",
jetty: "9.4.36.v20210114",
jetty: "9.4.38.v20210224",
jersey: "2.31",
jline: "3.12.1",
jmh: "1.27",
Expand Down

0 comments on commit b77deec

Please sign in to comment.