Upgrade minor jetty version to fix vulnerability

apache / druid

Apache Druid: a high performance real-time analytics database.

https://druid.apache.org/

Apache License 2.0

13.52k stars 3.71k forks source link

Upgrade minor jetty version to fix vulnerability #17477

Closed ashibhardwaj closed 5 days ago

ashibhardwaj commented 1 week ago

Upgrading jetty from version 9.4.54.v20240208 to 9.4.56.v20240826 to fix CVE-2024-8184.

Refer: https://avd.aquasec.com/nvd/cve-2024-8184 (org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks)

Akshat-Jain commented 1 week ago

Hi @ashibhardwaj, thanks for contributing to Druid! It appears that this change is already included in the following patch by @findingrish: https://github.com/apache/druid/pull/17385.