fix(sec): upgrade org.eclipse.jetty:jetty-http to 11.0.10

alibaba / otter

阿里巴巴分布式数据库同步系统(解决中美异地机房)

Apache License 2.0

8.02k stars 2.49k forks source link

fix(sec): upgrade org.eclipse.jetty:jetty-http to 11.0.10 #1090

Open denglunfuren opened 1 year ago

denglunfuren commented 1 year ago

What happened？

There are 1 security vulnerabilities found in org.eclipse.jetty:jetty-http 8.1.7.v20120910

CVE-2022-2047

What did I do？

Upgrade org.eclipse.jetty:jetty-http from 8.1.7.v20120910 to 11.0.10 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

CLAassistant commented 1 year ago

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}