HADOOP-18333.Upgrade jetty version to 9.4.48.v20220622 (#4553)
Co-authored-by: Ashutosh Gupta <ashugpt@amazon.com>
diff --git a/LICENSE-binary b/LICENSE-binary
index 0383a66..4e6f688 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -344,20 +344,20 @@
org.apache.yetus:audience-annotations:0.5.0
org.apache.zookeeper:zookeeper:3.6.3
org.codehaus.jettison:jettison:1.1
-org.eclipse.jetty:jetty-annotations:9.4.44.v20210927
-org.eclipse.jetty:jetty-http:9.4.44.v20210927
-org.eclipse.jetty:jetty-io:9.4.44.v20210927
-org.eclipse.jetty:jetty-jndi:9.4.44.v20210927
-org.eclipse.jetty:jetty-plus:9.4.44.v20210927
-org.eclipse.jetty:jetty-security:9.4.44.v20210927
-org.eclipse.jetty:jetty-server:9.4.44.v20210927
-org.eclipse.jetty:jetty-servlet:9.4.44.v20210927
-org.eclipse.jetty:jetty-util:9.4.44.v20210927
-org.eclipse.jetty:jetty-util-ajax:9.4.44.v20210927
-org.eclipse.jetty:jetty-webapp:9.4.44.v20210927
-org.eclipse.jetty:jetty-xml:9.4.44.v20210927
-org.eclipse.jetty.websocket:javax-websocket-client-impl:9.4.44.v20210927
-org.eclipse.jetty.websocket:javax-websocket-server-impl:9.4.44.v20210927
+org.eclipse.jetty:jetty-annotations:9.4.48.v20220622
+org.eclipse.jetty:jetty-http:9.4.48.v20220622
+org.eclipse.jetty:jetty-io:9.4.48.v20220622
+org.eclipse.jetty:jetty-jndi:9.4.48.v20220622
+org.eclipse.jetty:jetty-plus:9.4.48.v20220622
+org.eclipse.jetty:jetty-security:9.4.48.v20220622
+org.eclipse.jetty:jetty-server:9.4.48.v20220622
+org.eclipse.jetty:jetty-servlet:9.4.48.v20220622
+org.eclipse.jetty:jetty-util:9.4.48.v20220622
+org.eclipse.jetty:jetty-util-ajax:9.4.48.v20220622
+org.eclipse.jetty:jetty-webapp:9.4.48.v20220622
+org.eclipse.jetty:jetty-xml:9.4.48.v20220622
+org.eclipse.jetty.websocket:javax-websocket-client-impl:9.4.48.v20220622
+org.eclipse.jetty.websocket:javax-websocket-server-impl:9.4.48.v20220622
org.ehcache:ehcache:3.3.1
org.lz4:lz4-java:1.7.1
org.objenesis:objenesis:2.6
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index 2928f88..1db8c75 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -97,7 +97,7 @@
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
-import org.eclipse.jetty.server.handler.AllowSymLinkAliasChecker;
+import org.eclipse.jetty.server.SymlinkAllowedResourceAliasChecker;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
@@ -939,7 +939,7 @@
handler.setHttpOnly(true);
handler.getSessionCookieConfig().setSecure(true);
logContext.setSessionHandler(handler);
- logContext.addAliasCheck(new AllowSymLinkAliasChecker());
+ logContext.addAliasCheck(new SymlinkAllowedResourceAliasChecker(logContext));
setContextAttributes(logContext, conf);
addNoCacheFilter(logContext);
defaultContexts.put(logContext, true);
@@ -958,7 +958,7 @@
handler.setHttpOnly(true);
handler.getSessionCookieConfig().setSecure(true);
staticContext.setSessionHandler(handler);
- staticContext.addAliasCheck(new AllowSymLinkAliasChecker());
+ staticContext.addAliasCheck(new SymlinkAllowedResourceAliasChecker(staticContext));
setContextAttributes(staticContext, conf);
defaultContexts.put(staticContext, true);
}
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 05005a4..2caad44 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -37,7 +37,7 @@
<!--Whether to proceed to next module if any test failures exist-->
<maven.test.failure.ignore>true</maven.test.failure.ignore>
<maven.test.redirectTestOutputToFile>true</maven.test.redirectTestOutputToFile>
- <jetty.version>9.4.44.v20210927</jetty.version>
+ <jetty.version>9.4.48.v20220622</jetty.version>
<test.exclude>_</test.exclude>
<test.exclude.pattern>_</test.exclude.pattern>