ksql icon indicating copy to clipboard operation
ksql copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

unpin jetty, get the version from common

Open janjwerner-confluent opened this issue 2 years ago • 5 comments
trafficstars

Description

Unpin jetty dependency version to use the version defined in common to address CVEs

janjwerner-confluent avatar Oct 09 '23 17:10 janjwerner-confluent 

Error: This repo is not allowlisted for Atlantis.

atlantis-infrasec-infra[bot] avatar Oct 09 '23 17:10 atlantis-infrasec-infra[bot]

CLA assistant check
All committers have signed the CLA.

cla-assistant[bot] avatar Oct 09 '23 17:10 cla-assistant[bot]

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

cla-assistant[bot] avatar Oct 09 '23 17:10 cla-assistant[bot]

@janjwerner-confluent unpinning it still lets it resolve to 9.4.51 it seems, as in the parent common pom that's the version declared.

tzulitai avatar Oct 13 '23 03:10 tzulitai

@tzulitai common has version 9.4.53 set: https://github.com/confluentinc/common/blob/a056b8be5baab3cee47f4be26b24b8896a706bf3/pom.xml#L61

janjwerner-confluent avatar Oct 13 '23 14:10 janjwerner-confluent

resolved in #10668

janjwerner-confluent avatar Jan 29 '25 16:01 janjwerner-confluent