[
https://issues.apache.org/jira/browse/ZOOKEEPER-4876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17890482#comment-17890482
]
Andor Molnar commented on ZOOKEEPER-4876:
-----------------------------------------
{quote}So: should we upgrade to 9.4.56 and suppress CVE-2024-6763?
{quote}
Yes, I think that's what we should do. I did a quick grep in source code for
{{HttpURI}} and we don't use it, so I believe we can suppress that CVE.
I bumped Jetty version and build is successful. Let me create a PR.
> jetty-http-9.4.53.v20231009.jar: CVE-2024-6763(3.7)
> ---------------------------------------------------
>
> Key: ZOOKEEPER-4876
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4876
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.8.4, 3.9.2, 3.10
> Reporter: Andor Molnar
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
