This is an automated email from the ASF dual-hosted git repository. jinwoo pushed a commit to branch support/2.0 in repository https://gitbox.apache.org/repos/asf/geode.git
commit 1da008808cc430dc4569946c01fb54a4c938fc56 Author: Jinwoo Hwang <[email protected]> AuthorDate: Wed Mar 11 14:35:47 2026 -0400 GEODE-10568: Remediation of CVE-2026-1605 and CVE-2025-11143 (#7992) * GEODE-10568: Upgrade Jetty to 12.0.33 * GEODE-10568: Update integration test snapshots for Jetty 12.0.33 --- .../gradle/plugins/DependencyConstraints.groovy | 2 +- .../session/tests/GenericAppServerInstall.java | 2 +- .../integrationTest/resources/assembly_content.txt | 34 +++++++++++----------- .../resources/gfsh_dependency_classpath.txt | 34 +++++++++++----------- .../resources/dependency_classpath.txt | 34 +++++++++++----------- 5 files changed, 53 insertions(+), 53 deletions(-) diff --git a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy index a90712d830..cffd8e1772 100644 --- a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy +++ b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy @@ -82,7 +82,7 @@ class DependencyConstraints { // at o.a.g.sessions.tests.GenericAppServerInstall.java // Jetty 12.0.x for Jakarta EE 10 (Servlet 6.0) compatibility // Jetty 12 reorganized modules under ee10, ee9, ee8 packages - deps.put("jetty.version", "12.0.27") + deps.put("jetty.version", "12.0.33") // These versions are referenced in test.gradle, which is aggressively injected into all projects. deps.put("junit.version", "4.13.2") diff --git a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java index 4e5e13ff5d..b2fc46e851 100644 --- a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java +++ b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java @@ -34,7 +34,7 @@ import java.util.function.IntSupplier; * specific code outside of the {@link GenericAppServerVersion}. */ public class GenericAppServerInstall extends ContainerInstall { - private static final String JETTY_VERSION = "12.0.27"; + private static final String JETTY_VERSION = "12.0.33"; /** * Get the version number, download URL, and container name of a generic app server using diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt b/geode-assembly/src/integrationTest/resources/assembly_content.txt index 62a540f3d7..2dbd883f12 100644 --- a/geode-assembly/src/integrationTest/resources/assembly_content.txt +++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt @@ -920,9 +920,9 @@ lib/ST4-4.3.3.jar lib/angus-activation-2.0.0.jar lib/antlr-2.7.7.jar lib/antlr-runtime-3.5.2.jar -lib/asm-9.8.jar -lib/asm-commons-9.8.jar -lib/asm-tree-9.8.jar +lib/asm-9.9.1.jar +lib/asm-commons-9.9.1.jar +lib/asm-tree-9.9.1.jar lib/classgraph-4.8.147.jar lib/classmate-1.5.1.jar lib/commons-beanutils-1.11.0.jar @@ -985,20 +985,20 @@ lib/jakarta.xml.bind-api-4.0.2.jar lib/jaxb-core-4.0.2.jar lib/jaxb-runtime-4.0.2.jar lib/jboss-logging-3.4.3.Final.jar -lib/jetty-ee-12.0.27.jar -lib/jetty-ee10-annotations-12.0.27.jar -lib/jetty-ee10-plus-12.0.27.jar -lib/jetty-ee10-servlet-12.0.27.jar -lib/jetty-ee10-webapp-12.0.27.jar -lib/jetty-http-12.0.27.jar -lib/jetty-io-12.0.27.jar -lib/jetty-jndi-12.0.27.jar -lib/jetty-plus-12.0.27.jar -lib/jetty-security-12.0.27.jar -lib/jetty-server-12.0.27.jar -lib/jetty-session-12.0.27.jar -lib/jetty-util-12.0.27.jar -lib/jetty-xml-12.0.27.jar +lib/jetty-ee-12.0.33.jar +lib/jetty-ee10-annotations-12.0.33.jar +lib/jetty-ee10-plus-12.0.33.jar +lib/jetty-ee10-servlet-12.0.33.jar +lib/jetty-ee10-webapp-12.0.33.jar +lib/jetty-http-12.0.33.jar +lib/jetty-io-12.0.33.jar +lib/jetty-jndi-12.0.33.jar +lib/jetty-plus-12.0.33.jar +lib/jetty-security-12.0.33.jar +lib/jetty-server-12.0.33.jar +lib/jetty-session-12.0.33.jar +lib/jetty-util-12.0.33.jar +lib/jetty-xml-12.0.33.jar lib/jgroups-3.6.20.Final.jar lib/jline-builtins-3.26.3.jar lib/jline-console-3.26.3.jar diff --git a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt index 05408cc999..08a64ec378 100644 --- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt +++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt @@ -79,23 +79,23 @@ micrometer-core-1.14.0.jar HdrHistogram-2.2.2.jar fastutil-8.5.8.jar jakarta.resource-api-2.1.0.jar -jetty-ee10-annotations-12.0.27.jar -jetty-ee10-plus-12.0.27.jar +jetty-ee10-annotations-12.0.33.jar +jetty-ee10-plus-12.0.33.jar jakarta.enterprise.cdi-api-4.0.1.jar jakarta.interceptor-api-2.1.0.jar jakarta.annotation-api-2.1.1.jar -jetty-ee10-webapp-12.0.27.jar -jetty-ee10-servlet-12.0.27.jar +jetty-ee10-webapp-12.0.33.jar +jetty-ee10-servlet-12.0.33.jar jakarta.servlet-api-6.0.0.jar jakarta.transaction-api-2.0.1.jar joda-time-2.12.7.jar jna-platform-5.11.0.jar jna-5.11.0.jar -jetty-ee-12.0.27.jar -jetty-session-12.0.27.jar -jetty-plus-12.0.27.jar -jetty-security-12.0.27.jar -jetty-server-12.0.27.jar +jetty-ee-12.0.33.jar +jetty-session-12.0.33.jar +jetty-plus-12.0.33.jar +jetty-security-12.0.33.jar +jetty-server-12.0.33.jar snappy-0.5.jar jgroups-3.6.20.Final.jar shiro-cache-1.13.0.jar @@ -105,13 +105,13 @@ shiro-config-core-1.13.0.jar shiro-event-1.13.0.jar shiro-crypto-core-1.13.0.jar shiro-lang-1.13.0.jar -jetty-xml-12.0.27.jar -jetty-http-12.0.27.jar -jetty-io-12.0.27.jar +jetty-xml-12.0.33.jar +jetty-http-12.0.33.jar +jetty-io-12.0.33.jar spring-boot-starter-logging-3.3.5.jar jul-to-slf4j-2.0.16.jar -jetty-jndi-12.0.27.jar -jetty-util-12.0.27.jar +jetty-jndi-12.0.33.jar +jetty-util-12.0.33.jar slf4j-api-2.0.17.jar micrometer-observation-1.14.0.jar spring-jcl-6.1.14.jar @@ -126,9 +126,9 @@ jline-terminal-3.26.3.jar ST4-4.3.3.jar txw2-4.0.2.jar snakeyaml-2.3.jar -asm-commons-9.8.jar -asm-tree-9.8.jar -asm-9.8.jar +asm-commons-9.9.1.jar +asm-tree-9.9.1.jar +asm-9.9.1.jar reactive-streams-1.0.4.jar jline-native-3.26.3.jar antlr-runtime-3.5.2.jar diff --git a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt index 6c5dea8561..8bd2ba84dc 100644 --- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt +++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt @@ -48,10 +48,10 @@ spring-shell-core-3.3.3.jar commons-io-2.19.0.jar micrometer-core-1.14.0.jar jakarta.resource-api-2.1.0.jar -jetty-ee10-annotations-12.0.27.jar +jetty-ee10-annotations-12.0.33.jar spring-boot-starter-validation-3.3.5.jar spring-boot-starter-3.3.5.jar -jetty-ee10-plus-12.0.27.jar +jetty-ee10-plus-12.0.33.jar jakarta.enterprise.cdi-api-4.0.1.jar jakarta.interceptor-api-2.1.0.jar jakarta.annotation-api-2.1.1.jar @@ -89,15 +89,15 @@ commons-collections-3.2.2.jar commons-digester-2.1.jar commons-logging-1.3.5.jar HdrHistogram-2.2.2.jar -jetty-ee10-webapp-12.0.27.jar -jetty-ee10-servlet-12.0.27.jar +jetty-ee10-webapp-12.0.33.jar +jetty-ee10-servlet-12.0.33.jar jakarta.servlet-api-6.0.0.jar joda-time-2.12.7.jar -jetty-ee-12.0.27.jar -jetty-session-12.0.27.jar -jetty-plus-12.0.27.jar -jetty-security-12.0.27.jar -jetty-server-12.0.27.jar +jetty-ee-12.0.33.jar +jetty-session-12.0.33.jar +jetty-plus-12.0.33.jar +jetty-security-12.0.33.jar +jetty-server-12.0.33.jar shiro-cache-1.13.0.jar shiro-crypto-hash-1.13.0.jar shiro-crypto-cipher-1.13.0.jar @@ -105,11 +105,11 @@ shiro-config-core-1.13.0.jar shiro-event-1.13.0.jar shiro-crypto-core-1.13.0.jar shiro-lang-1.13.0.jar -jetty-xml-12.0.27.jar -jetty-http-12.0.27.jar -jetty-io-12.0.27.jar -jetty-jndi-12.0.27.jar -jetty-util-12.0.27.jar +jetty-xml-12.0.33.jar +jetty-http-12.0.33.jar +jetty-io-12.0.33.jar +jetty-jndi-12.0.33.jar +jetty-util-12.0.33.jar spring-boot-starter-logging-3.3.5.jar jul-to-slf4j-2.0.16.jar slf4j-api-2.0.17.jar @@ -117,9 +117,9 @@ micrometer-observation-1.14.0.jar micrometer-commons-1.14.0.jar LatencyUtils-2.0.3.jar spring-jcl-6.1.14.jar -asm-commons-9.8.jar -asm-tree-9.8.jar -asm-9.8.jar +asm-commons-9.9.1.jar +asm-tree-9.9.1.jar +asm-9.9.1.jar txw2-4.0.2.jar reactor-core-3.6.10.jar jline-console-3.26.3.jar
