diff options
author | Luca Milanesio <luca.milanesio@gmail.com> | 2023-10-12 23:48:24 +0100 |
---|---|---|
committer | Luca Milanesio <luca.milanesio@gmail.com> | 2023-10-12 23:48:24 +0100 |
commit | c49057e05d35ff2ad1a7307aa9168b84ae7588db (patch) | |
tree | b4fa2c4f734c4684bcd3a902145f19bb3609de42 | |
parent | f80327c97941c90fe83467d525d3f4b5944c4e9d (diff) |
Update Jetty to 9.4.53.v20231009 for security updates
Jetty 9.4.53.v20231009 includes the following two security fixes:
- CVE-2023-36478 [1] - zero-days security issue discovered on
the 10th of October, also known as "HTTP/2 Rapid Reset"
- CVE-2023-44487 [2] - HTTP/2 Stream Cancellation Attack
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-36478
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Release-Notes: Update Jetty to 9.4.53.v20231009 with critical security fixes
Change-Id: Ie93fbcb8b35d9e4997dc0578893a8856b56b173c
-rw-r--r-- | tools/deps.bzl | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/tools/deps.bzl b/tools/deps.bzl index d76e5e2e80..6dd2eaf4de 100644 --- a/tools/deps.bzl +++ b/tools/deps.bzl @@ -19,7 +19,7 @@ GITILES_REPO = GERRIT # When updating Bouncy Castle, also update it in bazlets. BC_VERS = "1.72" HTTPCOMP_VERS = "4.5.2" -JETTY_VERS = "9.4.36.v20210114" +JETTY_VERS = "9.4.53.v20231009" BYTE_BUDDY_VERSION = "1.10.7" def java_dependencies(): @@ -607,50 +607,50 @@ def java_dependencies(): maven_jar( name = "jetty-servlet", artifact = "org.eclipse.jetty:jetty-servlet:" + JETTY_VERS, - sha1 = "b189e52a5ee55ae172e4e99e29c5c314f5daf4b9", + sha1 = "6670d6a54cdcaedd8090e8cf420fd5dd7d08e859", ) maven_jar( name = "jetty-security", artifact = "org.eclipse.jetty:jetty-security:" + JETTY_VERS, - sha1 = "42030d6ed7dfc0f75818cde0adcf738efc477574", + sha1 = "6fbc8ebe9046954dc2f51d4ba69c8f8344b05f7f", ) maven_jar( name = "jetty-server", artifact = "org.eclipse.jetty:jetty-server:" + JETTY_VERS, - sha1 = "88a7d342974aadca658e7386e8d0fcc5c0788f41", + sha1 = "8b0e761a0b359db59dae77c00b4213b0586cb994", ) maven_jar( name = "jetty-jmx", artifact = "org.eclipse.jetty:jetty-jmx:" + JETTY_VERS, - sha1 = "bb3847eabe085832aeaedd30e872b40931632e54", + sha1 = "f0392f756b59f65ea7d6be41bf7a2f7b2c7c98d5", ) maven_jar( name = "jetty-http", artifact = "org.eclipse.jetty:jetty-http:" + JETTY_VERS, - sha1 = "1eee89a55e04ff94df0f85d95200fc48acb43d86", + sha1 = "87faf21eb322753f0527bcb88c43e67044786369", ) maven_jar( name = "jetty-io", artifact = "org.eclipse.jetty:jetty-io:" + JETTY_VERS, - sha1 = "84a8faf9031eb45a5a2ddb7681e22c483d81ab3a", + sha1 = "70cf7649b27c964ad29bfddf58f3bfe0d30346cf", ) maven_jar( name = "jetty-util", artifact = "org.eclipse.jetty:jetty-util:" + JETTY_VERS, - sha1 = "925257fbcca6b501a25252c7447dbedb021f7404", + sha1 = "f72bb4f687b4454052c6f06528ba9910714df947", ) maven_jar( name = "jetty-util-ajax", artifact = "org.eclipse.jetty:jetty-util-ajax:" + JETTY_VERS, - sha1 = "2f478130c21787073facb64d7242e06f94980c60", - src_sha1 = "7153d7ca38878d971fd90992c303bb7719ba7a21", + sha1 = "4d20f6206eb7747293697c5f64c2dc5bf4bd54a4", + src_sha1 = "1aed8017c3c8a449323901639de6b4eb3b1f02ea", ) maven_jar( |