(pulsar) branch master updated: [fix][sec] Upgrade Jetty to address CVE-2026-5795 (#25532)

lhotari Wed, 15 Apr 2026 15:28:00 -0700

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git



The following commit(s) were added to refs/heads/master by this push:
     new e05c2129aad [fix][sec] Upgrade Jetty to address CVE-2026-5795 (#25532)
e05c2129aad is described below

commit e05c2129aad5a8620b1fda88ee2a5f79bc86a365
Author: Lari Hotari <[email protected]>
AuthorDate: Thu Apr 16 01:26:27 2026 +0300

    [fix][sec] Upgrade Jetty to address CVE-2026-5795 (#25532)
---
 distribution/server/src/assemble/LICENSE.bin.txt | 72 ++++++++++++------------
 distribution/shell/src/assemble/LICENSE.bin.txt  | 24 ++++----
 gradle/libs.versions.toml                        |  2 +-
 3 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt 
b/distribution/server/src/assemble/LICENSE.bin.txt
index b4b7b370328..9b62c442b83 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -392,43 +392,43 @@ The Apache Software License, Version 2.0
     - org.asynchttpclient-async-http-client-2.12.4.jar
     - org.asynchttpclient-async-http-client-netty-utils-2.12.4.jar
  * Jetty
-    - org.eclipse.jetty-jetty-alpn-client-12.1.7.jar
-    - org.eclipse.jetty-jetty-alpn-conscrypt-server-12.1.7.jar
-    - org.eclipse.jetty-jetty-alpn-server-12.1.7.jar
-    - org.eclipse.jetty-jetty-annotations-12.1.7.jar
-    - org.eclipse.jetty-jetty-client-12.1.7.jar
-    - org.eclipse.jetty-jetty-http-12.1.7.jar
-    - org.eclipse.jetty-jetty-io-12.1.7.jar
-    - org.eclipse.jetty-jetty-jndi-12.1.7.jar
-    - org.eclipse.jetty-jetty-plus-12.1.7.jar
-    - org.eclipse.jetty-jetty-security-12.1.7.jar
-    - org.eclipse.jetty-jetty-server-12.1.7.jar
-    - org.eclipse.jetty-jetty-session-12.1.7.jar
-    - org.eclipse.jetty-jetty-util-12.1.7.jar
-    - org.eclipse.jetty-jetty-xml-12.1.7.jar
-    - org.eclipse.jetty.compression-jetty-compression-common-12.1.7.jar
-    - org.eclipse.jetty.compression-jetty-compression-gzip-12.1.7.jar
-    - org.eclipse.jetty.compression-jetty-compression-server-12.1.7.jar
-    - org.eclipse.jetty.ee-jetty-ee-webapp-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-annotations-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-nested-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-plus-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-proxy-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-security-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-servlet-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-servlets-12.1.7.jar
-    - org.eclipse.jetty.ee8-jetty-ee8-webapp-12.1.7.jar
-    - org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-api-12.1.7.jar
-    - 
org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-common-12.1.7.jar
-    - 
org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-server-12.1.7.jar
-    - org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-servlet-12.1.7.jar
+    - org.eclipse.jetty-jetty-alpn-client-12.1.8.jar
+    - org.eclipse.jetty-jetty-alpn-conscrypt-server-12.1.8.jar
+    - org.eclipse.jetty-jetty-alpn-server-12.1.8.jar
+    - org.eclipse.jetty-jetty-annotations-12.1.8.jar
+    - org.eclipse.jetty-jetty-client-12.1.8.jar
+    - org.eclipse.jetty-jetty-http-12.1.8.jar
+    - org.eclipse.jetty-jetty-io-12.1.8.jar
+    - org.eclipse.jetty-jetty-jndi-12.1.8.jar
+    - org.eclipse.jetty-jetty-plus-12.1.8.jar
+    - org.eclipse.jetty-jetty-security-12.1.8.jar
+    - org.eclipse.jetty-jetty-server-12.1.8.jar
+    - org.eclipse.jetty-jetty-session-12.1.8.jar
+    - org.eclipse.jetty-jetty-util-12.1.8.jar
+    - org.eclipse.jetty-jetty-xml-12.1.8.jar
+    - org.eclipse.jetty.compression-jetty-compression-common-12.1.8.jar
+    - org.eclipse.jetty.compression-jetty-compression-gzip-12.1.8.jar
+    - org.eclipse.jetty.compression-jetty-compression-server-12.1.8.jar
+    - org.eclipse.jetty.ee-jetty-ee-webapp-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-annotations-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-nested-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-plus-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-proxy-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-security-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-servlet-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-servlets-12.1.8.jar
+    - org.eclipse.jetty.ee8-jetty-ee8-webapp-12.1.8.jar
+    - org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-api-12.1.8.jar
+    - 
org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-common-12.1.8.jar
+    - 
org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-jetty-server-12.1.8.jar
+    - org.eclipse.jetty.ee8.websocket-jetty-ee8-websocket-servlet-12.1.8.jar
     - org.eclipse.jetty.toolchain-jetty-servlet-api-4.0.9.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-core-client-12.1.7.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-core-common-12.1.7.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-core-server-12.1.7.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-jetty-api-12.1.7.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-jetty-client-12.1.7.jar
-    - org.eclipse.jetty.websocket-jetty-websocket-jetty-common-12.1.7.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-core-client-12.1.8.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-core-common-12.1.8.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-core-server-12.1.8.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-jetty-api-12.1.8.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-jetty-client-12.1.8.jar
+    - org.eclipse.jetty.websocket-jetty-websocket-jetty-common-12.1.8.jar
  * SnakeYaml -- org.yaml-snakeyaml-2.0.jar
  * RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar
  * Google Error Prone Annotations - 
com.google.errorprone-error_prone_annotations-2.45.0.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt 
b/distribution/shell/src/assemble/LICENSE.bin.txt
index c03d09f6575..5cac3d1763d 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -404,18 +404,18 @@ The Apache Software License, Version 2.0
     - async-http-client-2.12.4.jar
     - async-http-client-netty-utils-2.12.4.jar
  * Jetty
-    - jetty-alpn-client-12.1.7.jar
-    - jetty-client-12.1.7.jar
-    - jetty-compression-common-12.1.7.jar
-    - jetty-compression-gzip-12.1.7.jar
-    - jetty-http-12.1.7.jar
-    - jetty-io-12.1.7.jar
-    - jetty-util-12.1.7.jar
-    - jetty-websocket-core-client-12.1.7.jar
-    - jetty-websocket-core-common-12.1.7.jar
-    - jetty-websocket-jetty-api-12.1.7.jar
-    - jetty-websocket-jetty-client-12.1.7.jar
-    - jetty-websocket-jetty-common-12.1.7.jar
+    - jetty-alpn-client-12.1.8.jar
+    - jetty-client-12.1.8.jar
+    - jetty-compression-common-12.1.8.jar
+    - jetty-compression-gzip-12.1.8.jar
+    - jetty-http-12.1.8.jar
+    - jetty-io-12.1.8.jar
+    - jetty-util-12.1.8.jar
+    - jetty-websocket-core-client-12.1.8.jar
+    - jetty-websocket-core-common-12.1.8.jar
+    - jetty-websocket-jetty-api-12.1.8.jar
+    - jetty-websocket-jetty-client-12.1.8.jar
+    - jetty-websocket-jetty-common-12.1.8.jar
  * SnakeYaml -- snakeyaml-2.0.jar
  * Google Error Prone Annotations - error_prone_annotations-2.45.0.jar
  * Javassist -- javassist-3.25.0-GA.jar
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 848a8c4b104..2f3f383e8ca 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -27,7 +27,7 @@ bookkeeper = "4.17.3"
 zookeeper = "3.9.5"
 netty = "4.1.132.Final"
 netty-iouring = "0.0.26.Final"
-jetty = "12.1.7"
+jetty = "12.1.8"
 jersey = "2.42"
 jackson = "2.21.2"
 jackson-annotations = "2.21"

(pulsar) branch master updated: [fix][sec] Upgrade Jetty to address CVE-2026-5795 (#25532)

Reply via email to