ZOOKEEPER-4876: jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)

Reviewers: ztzg Author: anmolnar Closes #2202 from anmolnar/ZOOKEEPER-4876
apache · Oct 17, 2024 · 858b787 · 858b787
1 parent b997145
commit 858b787
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
@@ -18,6 +18,11 @@
 -->
 
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+   <suppress>
+      <!-- ZooKeeper is not affected, because HttpURI is not used in our code.
+           see: ZOOKEEPER-4876 -->
+      <cve>CVE-2024-6763</cve>
+   </suppress>
    <suppress>
       <!-- ZOOKEEPER-3217 -->
       <cve>CVE-2018-8088</cve>
@@ -72,5 +77,4 @@
            in json-java which we don't use in ZooKeeper -->
       <cve>CVE-2022-45688</cve>
    </suppress>
-
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -560,7 +560,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.5.0</commons-cli.version>
     <netty.version>4.1.113.Final</netty.version>
-    <jetty.version>9.4.53.v20231009</jetty.version>
+    <jetty.version>9.4.56.v20240826</jetty.version>
     <jackson.version>2.15.2</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.10.5</snappy.version>