commit 359e5c259fdbc286ce3fecaebce68889588f09df
author Hussain Towaileb <Hussain.Towaileb@Couchbase.com> Mon Aug 01 06:46:31 2022 +0300
committer Hussain Towaileb <hussainht@gmail.com> Mon Aug 01 19:13:57 2022 +0000
tree 4f4fb64b25e7bea390a2710ca4941ff6f53a39ec
parent 8cd86de37c453dd9b9212c464ad7176f82dc87a4

[ASTERIXDB-3057][OTH]: Upgrade to jetty-util 9.4.48 to address CVEs

Details:
- CVEs:
  - https://nvd.nist.gov/vuln/detail/CVE-2022-2047
  - https://nvd.nist.gov/vuln/detail/CVE-2022-2048

Change-Id: I98a042024a31208e074a074657457efba781306b
Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/17043
Reviewed-by: Hussain Towaileb <hussainht@gmail.com>
Reviewed-by: Michael Blow <mblow@apache.org>
Tested-by: Hussain Towaileb <hussainht@gmail.com>

hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml

diff --git a/hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml b/hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml
index 985515c..b16904d 100644
--- a/hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml
+++ b/hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml
@@ -163,6 +163,15 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <!-- TODO(htowaileb): Remove after updating to hadoop 3.3.4 -->
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-util</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-util-ajax</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -185,6 +194,11 @@
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <!-- TODO(htowaileb): Remove after updating to hadoop 3.3.4 -->
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-util</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>