Update jetty version to 9.4.35.v20201120

Includes a fix for CVE-2020-27218 [1] that affects versions prior to 9.4.35.v20201120. As of: [2] new dependency was added to jetty-servlet: jetty-util-ajax. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-27218 [2] jetty/jetty.project#5539 Change-Id: I51549c9588f5748f36e145f8c4b347f97c08b4d8
wikimedia · Jan 12, 2021 · d1319c6 · d1319c6
1 parent 96ccc23
commit d1319c6
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 10 deletions.
diff --git a/Documentation/licenses.txt b/Documentation/licenses.txt
@@ -73,6 +73,7 @@ Apache2.0
 * jetty:server
 * jetty:servlet
 * jetty:util
+* jetty:util-ajax
 * log:json-smart
 * log:jsonevent-layout
 * log:log4j

diff --git a/WORKSPACE b/WORKSPACE
@@ -873,54 +873,61 @@ maven_jar(
     sha1 = "7e060dd5b19431e6d198e91ff670644372f60fbd",
 )
 
-JETTY_VERS = "9.4.33.v20201020"
+JETTY_VERS = "9.4.35.v20201120"
 
 maven_jar(
     name = "jetty-servlet",
     artifact = "org.eclipse.jetty:jetty-servlet:" + JETTY_VERS,
-    sha1 = "101609e8e5365c4406e4448099459eb605ac551f",
+    sha1 = "3e61bcb471e1bfc545ce866cbbe33c3aedeec9b1",
 )
 
 maven_jar(
     name = "jetty-security",
     artifact = "org.eclipse.jetty:jetty-security:" + JETTY_VERS,
-    sha1 = "c150bf2aca6cb1636e7195f844a2bb156546e50e",
+    sha1 = "80dc2f422789c78315de76d289b7a5b36c3232d5",
 )
 
 maven_jar(
     name = "jetty-server",
     artifact = "org.eclipse.jetty:jetty-server:" + JETTY_VERS,
-    sha1 = "f586ff2ee048ad2575866c1833d854288f402307",
+    sha1 = "513502352fd689d4730b2935421b990ada8cc818",
 )
 
 maven_jar(
     name = "jetty-jmx",
     artifact = "org.eclipse.jetty:jetty-jmx:" + JETTY_VERS,
-    sha1 = "56b723070eeafc51b943cd9bf1a064a037e806a7",
+    sha1 = "38812031940a466d626ab5d9bbbd9d5d39e9f735",
 )
 
 maven_jar(
     name = "jetty-continuation",
     artifact = "org.eclipse.jetty:jetty-continuation:" + JETTY_VERS,
-    sha1 = "f672e58d528fc83060558ab4fc6a797c8137dfcb",
+    sha1 = "09f021e5895471f622ec8f95e28f5815ea7ee192",
 )
 
 maven_jar(
     name = "jetty-http",
     artifact = "org.eclipse.jetty:jetty-http:" + JETTY_VERS,
-    sha1 = "ad28940f89ffde6ec1bd1656fe3f8493b01ba3c2",
+    sha1 = "45d35131a35a1e76991682174421e8cdf765fb9f",
 )
 
 maven_jar(
     name = "jetty-io",
     artifact = "org.eclipse.jetty:jetty-io:" + JETTY_VERS,
-    sha1 = "9e4b0048285b71f4769908780f957a470eca11da",
+    sha1 = "eb9460700b99b71ecd82a53697f5ff99f69b9e1c",
 )
 
 maven_jar(
     name = "jetty-util",
     artifact = "org.eclipse.jetty:jetty-util:" + JETTY_VERS,
-    sha1 = "c88807f210ab216aa831b48569ef50bd797384bc",
+    sha1 = "ef61b83f9715c3b5355b633d9f01d2834f908ece",
+)
+
+maven_jar(
+    name = "jetty-util-ajax",
+    artifact = "org.eclipse.jetty:jetty-util-ajax:" + JETTY_VERS,
+    sha1 = "ebbb43912c6423bedb3458e44aee28eeb4d66f27",
+    src_sha1 = "b3acea974a17493afb125a9dfbe783870ce1d2f9",
 )
 
 maven_jar(

diff --git a/lib/jetty/BUILD b/lib/jetty/BUILD
@@ -4,7 +4,10 @@ java_library(
     name = "servlet",
     data = ["//lib:LICENSE-Apache2.0"],
     visibility = ["//visibility:public"],
-    exports = ["@jetty-servlet//jar"],
+    exports = [
+        ":util-ajax",
+        "@jetty-servlet//jar",
+    ],
     runtime_deps = [":security"],
 )
 
@@ -69,3 +72,9 @@ java_library(
     data = ["//lib:LICENSE-Apache2.0"],
     exports = ["@jetty-util//jar"],
 )
+
+java_library(
+    name = "util-ajax",
+    data = ["//lib:LICENSE-Apache2.0"],
+    exports = ["@jetty-util-ajax//jar"],
+)