root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 

Here is the fix. The reason of [CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223) was DOS vulnerability for Quoted Quality CSV headers and [patched in 9.4.37.v20210219](https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7).

This PR updates Jetty dependency into the following version, 9.4.38.v20210224.

Author: Lee Dongjin <dongjin@apache.org>

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>

Closes #10245 from dongjinleekr/feature/KAFKA-12400
This commit is contained in:
Lee Dongjin 2021-03-03 10:13:40 +05:30 committed by Manikumar Reddy
parent cfb60064ec
commit b77deece1d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gradle/dependencies.gradle
View File

@ -70,7 +70,7 @@ versions += [
jacksonDatabind: "2.10.5.1",
jacoco: "0.8.5",
javassist: "3.27.0-GA",
jetty: "9.4.36.v20210114",
jetty: "9.4.38.v20210224",
jersey: "2.31",
jline: "3.12.1",
jmh: "1.27",