Upgrade Jetty to 9.4.42.v20210604 (#10907)
Fixes #10906
Also addresses CVE-2021-28169
(cherry picked from commit 6c03154ff29868181124a0a1a81e9ea09b22a9b0)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 1b40206..3005df8 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -424,25 +424,25 @@
- org.asynchttpclient-async-http-client-2.12.1.jar
- org.asynchttpclient-async-http-client-netty-utils-2.12.1.jar
* Jetty
- - org.eclipse.jetty-jetty-client-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-continuation-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-http-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-io-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-proxy-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-security-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-server-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-servlet-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-servlets-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-util-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-util-ajax-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-websocket-api-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-websocket-client-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-websocket-common-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-websocket-server-9.4.39.v20210325.jar
- - org.eclipse.jetty.websocket-websocket-servlet-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.39.v20210325.jar
- - org.eclipse.jetty-jetty-alpn-server-9.4.39.v20210325.jar
+ - org.eclipse.jetty-jetty-client-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-continuation-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-http-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-io-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-proxy-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-security-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-server-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-servlet-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-servlets-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-util-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-util-ajax-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-websocket-api-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-websocket-client-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-websocket-common-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-websocket-server-9.4.42.v20210604.jar
+ - org.eclipse.jetty.websocket-websocket-servlet-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.42.v20210604.jar
+ - org.eclipse.jetty-jetty-alpn-server-9.4.42.v20210604.jar
* SnakeYaml -- org.yaml-snakeyaml-1.27.jar
* RocksDB - org.rocksdb-rocksdbjni-6.10.2.jar
* Google Error Prone Annotations - com.google.errorprone-error_prone_annotations-2.5.1.jar
diff --git a/pom.xml b/pom.xml
index d24e404..578c05d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
<curator.version>5.1.0</curator.version>
<netty.version>4.1.63.Final</netty.version>
<netty-tc-native.version>2.0.38.Final</netty-tc-native.version>
- <jetty.version>9.4.39.v20210325</jetty.version>
+ <jetty.version>9.4.42.v20210604</jetty.version>
<conscrypt.version>2.5.2</conscrypt.version>
<jersey.version>2.34</jersey.version>
<athenz.version>1.10.9</athenz.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 7b92783..0933670 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -251,22 +251,22 @@
* Joda Time
- joda-time-2.10.5.jar
* Jetty
- - http2-client-9.4.39.v20210325.jar
- - http2-common-9.4.39.v20210325.jar
- - http2-hpack-9.4.39.v20210325.jar
- - http2-http-client-transport-9.4.39.v20210325.jar
- - jetty-alpn-client-9.4.39.v20210325.jar
- - http2-server-9.4.39.v20210325.jar
- - jetty-alpn-java-client-9.4.39.v20210325.jar
- - jetty-client-9.4.39.v20210325.jar
- - jetty-http-9.4.39.v20210325.jar
- - jetty-io-9.4.39.v20210325.jar
- - jetty-jmx-9.4.39.v20210325.jar
- - jetty-security-9.4.39.v20210325.jar
- - jetty-server-9.4.39.v20210325.jar
- - jetty-servlet-9.4.39.v20210325.jar
- - jetty-util-9.4.39.v20210325.jar
- - jetty-util-ajax-9.4.39.v20210325.jar
+ - http2-client-9.4.42.v20210604.jar
+ - http2-common-9.4.42.v20210604.jar
+ - http2-hpack-9.4.42.v20210604.jar
+ - http2-http-client-transport-9.4.42.v20210604.jar
+ - jetty-alpn-client-9.4.42.v20210604.jar
+ - http2-server-9.4.42.v20210604.jar
+ - jetty-alpn-java-client-9.4.42.v20210604.jar
+ - jetty-client-9.4.42.v20210604.jar
+ - jetty-http-9.4.42.v20210604.jar
+ - jetty-io-9.4.42.v20210604.jar
+ - jetty-jmx-9.4.42.v20210604.jar
+ - jetty-security-9.4.42.v20210604.jar
+ - jetty-server-9.4.42.v20210604.jar
+ - jetty-servlet-9.4.42.v20210604.jar
+ - jetty-util-9.4.42.v20210604.jar
+ - jetty-util-ajax-9.4.42.v20210604.jar
* Apache BVal
- bval-jsr-2.0.0.jar
* Bytecode
