diff --git a/dependencies.md b/dependencies.md
index 1f3a747..7e7c591 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -23,57 +23,59 @@
### Test Dependencies
-| Dependency | License |
-| ------------------------------------------ | --------------------------------------------------------------------------------------- |
-| [scalatest][23] | [the Apache License, ASL Version 2.0][24] |
-| [scalatestplus-mockito][25] | [Apache-2.0][24] |
-| [mockito-core][26] | [MIT][27] |
-| [Test containers for Exasol on Docker][28] | [MIT License][29] |
-| [Test Database Builder for Java][30] | [MIT License][31] |
-| [Matcher for SQL Result Sets][32] | [MIT License][33] |
-| [Extension integration tests library][34] | [MIT License][35] |
-| [embedded-kafka-schema-registry][36] | [MIT][27] |
-| [Apache Kafka][20] | [The Apache License, Version 2.0][14] |
-| [JSON in Java][37] | [Public Domain][38] |
-| [Apache ZooKeeper - Server][39] | [Apache License, Version 2.0][5] |
-| [jose4j][40] | [The Apache Software License, Version 2.0][14] |
-| [Jetty :: HTTP2 :: Server][41] | [Apache Software License - Version 2.0][24]; [Eclipse Public License - Version 1.0][42] |
-| [kafka-streams-avro-serde][43] | [Apache License 2.0][11] |
-| [avro4s-core][44] | [MIT][27] |
-| [Testcontainers :: Kafka][45] | [MIT][46] |
-| [Joda-Time][47] | [Apache License, Version 2.0][5] |
-| [ClassGraph][48] | [The MIT License (MIT)][46] |
-| [Protocol Buffers [Core]][49] | [BSD-3-Clause][50] |
+| Dependency | License |
+| ------------------------------------------- | -------------------------------------------------------------------------------------- |
+| [scalatest][23] | [the Apache License, ASL Version 2.0][24] |
+| [scalatestplus-mockito][25] | [Apache-2.0][24] |
+| [mockito-core][26] | [MIT][27] |
+| [Test containers for Exasol on Docker][28] | [MIT License][29] |
+| [Test Database Builder for Java][30] | [MIT License][31] |
+| [Matcher for SQL Result Sets][32] | [MIT License][33] |
+| [Extension integration tests library][34] | [MIT License][35] |
+| [embedded-kafka-schema-registry][36] | [MIT][27] |
+| [Apache Kafka][20] | [The Apache License, Version 2.0][14] |
+| [JSON in Java][37] | [Public Domain][38] |
+| [Apache ZooKeeper - Server][39] | [Apache License, Version 2.0][5] |
+| [jose4j][40] | [The Apache Software License, Version 2.0][14] |
+| [Jetty :: HTTP2 :: Server][41] | [Eclipse Public License - Version 2.0][42]; [Apache Software License - Version 2.0][1] |
+| [Core :: HTTP][43] | [Eclipse Public License - Version 2.0][42]; [Apache Software License - Version 2.0][1] |
+| [Jetty :: Utility Servlets and Filters][44] | [Eclipse Public License - Version 2.0][42]; [Apache Software License - Version 2.0][1] |
+| [kafka-streams-avro-serde][45] | [Apache License 2.0][11] |
+| [avro4s-core][46] | [MIT][27] |
+| [Testcontainers :: Kafka][47] | [MIT][48] |
+| [Joda-Time][49] | [Apache License, Version 2.0][5] |
+| [ClassGraph][50] | [The MIT License (MIT)][48] |
+| [Protocol Buffers [Core]][51] | [BSD-3-Clause][52] |
### Plugin Dependencies
| Dependency | License |
| ------------------------------------------------------- | --------------------------------------------- |
-| [SonarQube Scanner for Maven][51] | [GNU LGPL 3][52] |
-| [Apache Maven Toolchains Plugin][53] | [Apache-2.0][5] |
-| [Apache Maven Compiler Plugin][54] | [Apache-2.0][5] |
-| [Apache Maven Enforcer Plugin][55] | [Apache-2.0][5] |
-| [Maven Flatten Plugin][56] | [Apache Software Licenese][5] |
-| [org.sonatype.ossindex.maven:ossindex-maven-plugin][57] | [ASL2][14] |
-| [scala-maven-plugin][58] | [Public domain (Unlicense)][59] |
-| [ScalaTest Maven Plugin][60] | [the Apache License, ASL Version 2.0][24] |
-| [Apache Maven Javadoc Plugin][61] | [Apache-2.0][5] |
-| [Maven Surefire Plugin][62] | [Apache-2.0][5] |
-| [Versions Maven Plugin][63] | [Apache License, Version 2.0][5] |
-| [duplicate-finder-maven-plugin Maven Mojo][64] | [Apache License 2.0][11] |
-| [Apache Maven Assembly Plugin][65] | [Apache-2.0][5] |
-| [Apache Maven JAR Plugin][66] | [Apache-2.0][5] |
-| [Artifact reference checker and unifier][67] | [MIT License][68] |
-| [Maven Failsafe Plugin][69] | [Apache-2.0][5] |
-| [JaCoCo :: Maven Plugin][70] | [EPL-2.0][71] |
-| [error-code-crawler-maven-plugin][72] | [MIT License][73] |
-| [Reproducible Build Maven Plugin][74] | [Apache 2.0][14] |
-| [Project Keeper Maven plugin][75] | [The MIT License][76] |
-| [OpenFastTrace Maven Plugin][77] | [GNU General Public License v3.0][78] |
-| [Scalastyle Maven Plugin][79] | [Apache 2.0][11] |
-| [spotless-maven-plugin][80] | [The Apache Software License, Version 2.0][5] |
-| [scalafix-maven-plugin][81] | [BSD-3-Clause][50] |
-| [Exec Maven Plugin][82] | [Apache License 2][5] |
+| [SonarQube Scanner for Maven][53] | [GNU LGPL 3][54] |
+| [Apache Maven Toolchains Plugin][55] | [Apache-2.0][5] |
+| [Apache Maven Compiler Plugin][56] | [Apache-2.0][5] |
+| [Apache Maven Enforcer Plugin][57] | [Apache-2.0][5] |
+| [Maven Flatten Plugin][58] | [Apache Software Licenese][5] |
+| [org.sonatype.ossindex.maven:ossindex-maven-plugin][59] | [ASL2][14] |
+| [scala-maven-plugin][60] | [Public domain (Unlicense)][61] |
+| [ScalaTest Maven Plugin][62] | [the Apache License, ASL Version 2.0][24] |
+| [Apache Maven Javadoc Plugin][63] | [Apache-2.0][5] |
+| [Maven Surefire Plugin][64] | [Apache-2.0][5] |
+| [Versions Maven Plugin][65] | [Apache License, Version 2.0][5] |
+| [duplicate-finder-maven-plugin Maven Mojo][66] | [Apache License 2.0][11] |
+| [Apache Maven Assembly Plugin][67] | [Apache-2.0][5] |
+| [Apache Maven JAR Plugin][68] | [Apache-2.0][5] |
+| [Artifact reference checker and unifier][69] | [MIT License][70] |
+| [Maven Failsafe Plugin][71] | [Apache-2.0][5] |
+| [JaCoCo :: Maven Plugin][72] | [EPL-2.0][42] |
+| [error-code-crawler-maven-plugin][73] | [MIT License][74] |
+| [Reproducible Build Maven Plugin][75] | [Apache 2.0][14] |
+| [Project Keeper Maven plugin][76] | [The MIT License][77] |
+| [OpenFastTrace Maven Plugin][78] | [GNU General Public License v3.0][79] |
+| [Scalastyle Maven Plugin][80] | [Apache 2.0][11] |
+| [spotless-maven-plugin][81] | [The Apache Software License, Version 2.0][5] |
+| [scalafix-maven-plugin][82] | [BSD-3-Clause][52] |
+| [Exec Maven Plugin][83] | [Apache License 2][5] |
## Extension
@@ -81,7 +83,7 @@
| Dependency | License |
| ----------------------------------------- | ------- |
-| [@exasol/extension-manager-interface][83] | MIT |
+| [@exasol/extension-manager-interface][84] | MIT |
[0]: https://www.scala-lang.org/
[1]: https://www.apache.org/licenses/LICENSE-2.0
@@ -124,46 +126,47 @@
[38]: https://github.com/stleary/JSON-java/blob/master/LICENSE
[39]: http://zookeeper.apache.org/zookeeper
[40]: https://bitbucket.org/b_c/jose4j/
-[41]: https://eclipse.org/jetty/http2-parent/http2-server
-[42]: https://www.eclipse.org/org/documents/epl-v10.php
-[43]: http://confluent.io/kafka-streams-avro-serde
-[44]: https://github.com/sksamuel/avro4s
-[45]: https://java.testcontainers.org
-[46]: http://opensource.org/licenses/MIT
-[47]: https://www.joda.org/joda-time/
-[48]: https://github.com/classgraph/classgraph
-[49]: https://developers.google.com/protocol-buffers/protobuf-java/
-[50]: https://opensource.org/licenses/BSD-3-Clause
-[51]: http://sonarsource.github.io/sonar-scanner-maven/
-[52]: http://www.gnu.org/licenses/lgpl.txt
-[53]: https://maven.apache.org/plugins/maven-toolchains-plugin/
-[54]: https://maven.apache.org/plugins/maven-compiler-plugin/
-[55]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
-[56]: https://www.mojohaus.org/flatten-maven-plugin/
-[57]: https://sonatype.github.io/ossindex-maven/maven-plugin/
-[58]: http://github.com/davidB/scala-maven-plugin
-[59]: http://unlicense.org/
-[60]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
-[61]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[62]: https://maven.apache.org/surefire/maven-surefire-plugin/
-[63]: https://www.mojohaus.org/versions/versions-maven-plugin/
-[64]: https://basepom.github.io/duplicate-finder-maven-plugin
-[65]: https://maven.apache.org/plugins/maven-assembly-plugin/
-[66]: https://maven.apache.org/plugins/maven-jar-plugin/
-[67]: https://github.com/exasol/artifact-reference-checker-maven-plugin/
-[68]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE
-[69]: https://maven.apache.org/surefire/maven-failsafe-plugin/
-[70]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[71]: https://www.eclipse.org/legal/epl-2.0/
-[72]: https://github.com/exasol/error-code-crawler-maven-plugin/
-[73]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
-[74]: http://zlika.github.io/reproducible-build-maven-plugin
-[75]: https://github.com/exasol/project-keeper/
-[76]: https://github.com/exasol/project-keeper/blob/main/LICENSE
-[77]: https://github.com/itsallcode/openfasttrace-maven-plugin
-[78]: https://www.gnu.org/licenses/gpl-3.0.html
-[79]: http://www.scalastyle.org
-[80]: https://github.com/diffplug/spotless
-[81]: https://github.com/evis/scalafix-maven-plugin
-[82]: https://www.mojohaus.org/exec-maven-plugin
-[83]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz
+[41]: https://jetty.org/http2-parent/http2-server
+[42]: https://www.eclipse.org/legal/epl-2.0/
+[43]: https://jetty.org/jetty-core/jetty-http
+[44]: https://jetty.org/jetty-servlets
+[45]: http://confluent.io/kafka-streams-avro-serde
+[46]: https://github.com/sksamuel/avro4s
+[47]: https://java.testcontainers.org
+[48]: http://opensource.org/licenses/MIT
+[49]: https://www.joda.org/joda-time/
+[50]: https://github.com/classgraph/classgraph
+[51]: https://developers.google.com/protocol-buffers/protobuf-java/
+[52]: https://opensource.org/licenses/BSD-3-Clause
+[53]: http://sonarsource.github.io/sonar-scanner-maven/
+[54]: http://www.gnu.org/licenses/lgpl.txt
+[55]: https://maven.apache.org/plugins/maven-toolchains-plugin/
+[56]: https://maven.apache.org/plugins/maven-compiler-plugin/
+[57]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
+[58]: https://www.mojohaus.org/flatten-maven-plugin/
+[59]: https://sonatype.github.io/ossindex-maven/maven-plugin/
+[60]: http://github.com/davidB/scala-maven-plugin
+[61]: http://unlicense.org/
+[62]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
+[63]: https://maven.apache.org/plugins/maven-javadoc-plugin/
+[64]: https://maven.apache.org/surefire/maven-surefire-plugin/
+[65]: https://www.mojohaus.org/versions/versions-maven-plugin/
+[66]: https://basepom.github.io/duplicate-finder-maven-plugin
+[67]: https://maven.apache.org/plugins/maven-assembly-plugin/
+[68]: https://maven.apache.org/plugins/maven-jar-plugin/
+[69]: https://github.com/exasol/artifact-reference-checker-maven-plugin/
+[70]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE
+[71]: https://maven.apache.org/surefire/maven-failsafe-plugin/
+[72]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[73]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[74]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[75]: http://zlika.github.io/reproducible-build-maven-plugin
+[76]: https://github.com/exasol/project-keeper/
+[77]: https://github.com/exasol/project-keeper/blob/main/LICENSE
+[78]: https://github.com/itsallcode/openfasttrace-maven-plugin
+[79]: https://www.gnu.org/licenses/gpl-3.0.html
+[80]: http://www.scalastyle.org
+[81]: https://github.com/diffplug/spotless
+[82]: https://github.com/evis/scalafix-maven-plugin
+[83]: https://www.mojohaus.org/exec-maven-plugin
+[84]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz
diff --git a/doc/changes/changes_1.7.8.md b/doc/changes/changes_1.7.8.md
index 1efad64..52798a9 100644
--- a/doc/changes/changes_1.7.8.md
+++ b/doc/changes/changes_1.7.8.md
@@ -4,9 +4,9 @@ Code name:
## Summary
-## Features
+## Security
-* ISSUE_NUMBER: description
+* #106: CVE-2024-47561: org.apache.avro:avro:jar:1.11.3:compile
## Dependency Updates
@@ -15,3 +15,9 @@ Code name:
#### Compile Dependency Updates
* Updated `org.apache.avro:avro:1.11.3` to `1.11.4`
+
+#### Test Dependency Updates
+
+* Updated `org.eclipse.jetty.http2:http2-server:9.4.54.v20240208` to `11.0.24`
+* Added `org.eclipse.jetty:jetty-http:12.0.14`
+* Added `org.eclipse.jetty:jetty-servlets:11.0.24`
diff --git a/pom.xml b/pom.xml
index f544467..2ac7293 100644
--- a/pom.xml
+++ b/pom.xml
@@ -218,10 +218,24 @@
test
-
+
org.eclipse.jetty.http2
http2-server
- 9.4.54.v20240208
+ 11.0.24
+ test
+
+
+
+ org.eclipse.jetty
+ jetty-http
+ 12.0.14
+ test
+
+
+
+ org.eclipse.jetty
+ jetty-servlets
+ 11.0.24
test
@@ -463,8 +477,6 @@
ossindex-maven-plugin
-
- CVE-2023-36479