From d1319c64d79b04f7b03d294f1fbced8b35f43ab9 Mon Sep 17 00:00:00 2001 From: David Ostrovsky Date: Sun, 10 Jan 2021 23:33:52 +0100 Subject: Update jetty version to 9.4.35.v20201120 Includes a fix for CVE-2020-27218 [1] that affects versions prior to 9.4.35.v20201120. As of: [2] new dependency was added to jetty-servlet: jetty-util-ajax. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-27218 [2] https://github.com/eclipse/jetty.project/issues/5539 Change-Id: I51549c9588f5748f36e145f8c4b347f97c08b4d8 --- Documentation/licenses.txt | 1 + WORKSPACE | 25 ++++++++++++++++--------- lib/jetty/BUILD | 11 ++++++++++- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/Documentation/licenses.txt b/Documentation/licenses.txt index 1a9a8f6afb..9f7bd997a9 100644 --- a/Documentation/licenses.txt +++ b/Documentation/licenses.txt @@ -73,6 +73,7 @@ Apache2.0 * jetty:server * jetty:servlet * jetty:util +* jetty:util-ajax * log:json-smart * log:jsonevent-layout * log:log4j diff --git a/WORKSPACE b/WORKSPACE index ee10303cea..f275b9d517 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -873,54 +873,61 @@ maven_jar( sha1 = "7e060dd5b19431e6d198e91ff670644372f60fbd", ) -JETTY_VERS = "9.4.33.v20201020" +JETTY_VERS = "9.4.35.v20201120" maven_jar( name = "jetty-servlet", artifact = "org.eclipse.jetty:jetty-servlet:" + JETTY_VERS, - sha1 = "101609e8e5365c4406e4448099459eb605ac551f", + sha1 = "3e61bcb471e1bfc545ce866cbbe33c3aedeec9b1", ) maven_jar( name = "jetty-security", artifact = "org.eclipse.jetty:jetty-security:" + JETTY_VERS, - sha1 = "c150bf2aca6cb1636e7195f844a2bb156546e50e", + sha1 = "80dc2f422789c78315de76d289b7a5b36c3232d5", ) maven_jar( name = "jetty-server", artifact = "org.eclipse.jetty:jetty-server:" + JETTY_VERS, - sha1 = "f586ff2ee048ad2575866c1833d854288f402307", + sha1 = "513502352fd689d4730b2935421b990ada8cc818", ) maven_jar( name = "jetty-jmx", artifact = "org.eclipse.jetty:jetty-jmx:" + JETTY_VERS, - sha1 = "56b723070eeafc51b943cd9bf1a064a037e806a7", + sha1 = "38812031940a466d626ab5d9bbbd9d5d39e9f735", ) maven_jar( name = "jetty-continuation", artifact = "org.eclipse.jetty:jetty-continuation:" + JETTY_VERS, - sha1 = "f672e58d528fc83060558ab4fc6a797c8137dfcb", + sha1 = "09f021e5895471f622ec8f95e28f5815ea7ee192", ) maven_jar( name = "jetty-http", artifact = "org.eclipse.jetty:jetty-http:" + JETTY_VERS, - sha1 = "ad28940f89ffde6ec1bd1656fe3f8493b01ba3c2", + sha1 = "45d35131a35a1e76991682174421e8cdf765fb9f", ) maven_jar( name = "jetty-io", artifact = "org.eclipse.jetty:jetty-io:" + JETTY_VERS, - sha1 = "9e4b0048285b71f4769908780f957a470eca11da", + sha1 = "eb9460700b99b71ecd82a53697f5ff99f69b9e1c", ) maven_jar( name = "jetty-util", artifact = "org.eclipse.jetty:jetty-util:" + JETTY_VERS, - sha1 = "c88807f210ab216aa831b48569ef50bd797384bc", + sha1 = "ef61b83f9715c3b5355b633d9f01d2834f908ece", +) + +maven_jar( + name = "jetty-util-ajax", + artifact = "org.eclipse.jetty:jetty-util-ajax:" + JETTY_VERS, + sha1 = "ebbb43912c6423bedb3458e44aee28eeb4d66f27", + src_sha1 = "b3acea974a17493afb125a9dfbe783870ce1d2f9", ) maven_jar( diff --git a/lib/jetty/BUILD b/lib/jetty/BUILD index 641738597d..86d455f133 100644 --- a/lib/jetty/BUILD +++ b/lib/jetty/BUILD @@ -4,7 +4,10 @@ java_library( name = "servlet", data = ["//lib:LICENSE-Apache2.0"], visibility = ["//visibility:public"], - exports = ["@jetty-servlet//jar"], + exports = [ + ":util-ajax", + "@jetty-servlet//jar", + ], runtime_deps = [":security"], ) @@ -69,3 +72,9 @@ java_library( data = ["//lib:LICENSE-Apache2.0"], exports = ["@jetty-util//jar"], ) + +java_library( + name = "util-ajax", + data = ["//lib:LICENSE-Apache2.0"], + exports = ["@jetty-util-ajax//jar"], +) -- cgit v1.2.3