From 7f335ff48670ef7b0df4de41f5d7909e189d1abf Mon Sep 17 00:00:00 2001
From: Rishabh Singh <6513075+findingrish@users.noreply.github.com>
Date: Fri, 15 Nov 2024 10:55:02 +0530
Subject: [PATCH] Resolve CVEs: Upgrade jetty version and suppress azure cve
(#17385)
---
licenses.yaml | 2 +-
owasp-dependency-check-suppressions.xml | 5 +++--
pom.xml | 2 +-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 40305fc55c66..6e573b1bb07d 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -2065,7 +2065,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 9.4.54.v20240208
+version: 9.4.56.v20240826
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 1f461854f6a3..8168a2cf58c6 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -649,10 +649,12 @@
^pkg:maven/com\.azure/azure*@*.*$
CVE-2023-36052
+ CVE-2024-43591
@@ -745,5 +747,4 @@
]]>
CVE-2024-45772
-
diff --git a/pom.xml b/pom.xml
index a2d7c2aa3f04..1de0ce502cf7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@
32.0.1-jre
4.1.0
1.3
- 9.4.54.v20240208
+ 9.4.56.v20240826
1.19.4
2.12.7.20221012
1.9.13