Skip to content

Commit

Permalink
resolve jetty CVE check by using latest 9.x version. revert using pla…
Browse files Browse the repository at this point in the history
…tform

Signed-off-by: Haidong <[email protected]>
  • Loading branch information
Haidong committed Oct 7, 2023
1 parent 926dd1a commit 45d97ae
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
13 changes: 12 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@ subprojects {
}
dependencies {
implementation platform('com.fasterxml.jackson:jackson-bom:2.15.0')
implementation platform('org.eclipse.jetty:jetty-bom:9.4.52.v20230823')
implementation platform('io.micrometer:micrometer-bom:1.10.5')
implementation libs.guava.core
implementation libs.slf4j.api
Expand Down Expand Up @@ -146,6 +145,18 @@ subprojects {
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-http') {
version {
require '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-server') {
version {
require '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.jetbrains.kotlin:kotlin-stdlib') {
version {
require '1.8.21'
Expand Down
8 changes: 4 additions & 4 deletions data-prepper-plugins/kafka-connect-plugins/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ dependencies {
implementation 'javax.validation:validation-api:2.0.1.Final'
implementation libs.reflections.core
implementation 'io.micrometer:micrometer-core'
implementation 'org.eclipse.jetty:jetty-server:9.4.51.v20230217'
implementation 'org.eclipse.jetty:jetty-servlet:9.4.51.v20230217'
implementation 'org.eclipse.jetty:jetty-servlets:9.4.51.v20230217'
implementation 'org.eclipse.jetty:jetty-client:9.4.51.v20230217'
implementation 'org.eclipse.jetty:jetty-server:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-servlet:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-servlets:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-client:9.4.52.v20230823'
implementation ('io.confluent:kafka-schema-registry:7.5.0') {
exclude group: 'org.glassfish.jersey.containers', module: 'jersey-container-servlet'
exclude group: 'org.glassfish.jersey.inject', module: 'jersey-hk2'
Expand Down

0 comments on commit 45d97ae

Please sign in to comment.