Skip to content

fix(security): Upgrade Jetty to 12.0.29 to resolve CVE-2025-5115 #26609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

fix(security): Upgrade Jetty to 12.0.29 to resolve CVE-2025-5115 #26609

wants to merge 2 commits into from

Conversation

@mehradpk
Copy link
Contributor

@mehradpk mehradpk commented Nov 13, 2025

Description

Upgrade Jetty to 12.0.29 to resolve CVE-2025-5115

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.
  • If adding new dependencies, verified they have an OpenSSF Scorecard score of 5.0 or higher (or obtained explicit TSC approval for lower scores).

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade Jetty to 12.0.29 to resolve `CVE-2025-5115 <https://github.com/advisories/GHSA-mmxm-8w33-wc4h>`_.

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Nov 13, 2025
@mehradpk mehradpk mentioned this pull request Nov 13, 2025
Open
@mehradpk mehradpk changed the title Upgrade Jetty to 12.0.29 to resolve CVE-2025-5115 fix(security): Upgrade Jetty to 12.0.29 to resolve CVE-2025-5115 Nov 13, 2025
@mehradpk mehradpk force-pushed the jetty-upgrade-cve-fix branch from 3eef2ca to 0f833aa Compare November 19, 2025 07:35
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Nov 19, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@mehradpk mehradpk force-pushed the jetty-upgrade-cve-fix branch 2 times, most recently from 00ef3e9 to 0727f16 Compare November 19, 2025 07:41
@mehradpk mehradpk force-pushed the jetty-upgrade-cve-fix branch from 0727f16 to 34586ef Compare November 19, 2025 07:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steveburnett steveburnett Awaiting requested review from steveburnett steveburnett will be requested when the pull request is marked ready for review steveburnett is a code owner

@elharo elharo Awaiting requested review from elharo elharo will be requested when the pull request is marked ready for review elharo is a code owner

@sdruzkin sdruzkin Awaiting requested review from sdruzkin sdruzkin will be requested when the pull request is marked ready for review sdruzkin is a code owner

@shangxinli shangxinli Awaiting requested review from shangxinli shangxinli will be requested when the pull request is marked ready for review shangxinli is a code owner

@jaystarshot jaystarshot Awaiting requested review from jaystarshot jaystarshot will be requested when the pull request is marked ready for review jaystarshot is a code owner

@hantangwangd hantangwangd Awaiting requested review from hantangwangd hantangwangd will be requested when the pull request is marked ready for review hantangwangd is a code owner

@ZacBlanco ZacBlanco Awaiting requested review from ZacBlanco ZacBlanco will be requested when the pull request is marked ready for review ZacBlanco is a code owner

@vinothchandar vinothchandar Awaiting requested review from vinothchandar vinothchandar will be requested when the pull request is marked ready for review vinothchandar is a code owner

@7c00 7c00 Awaiting requested review from 7c00 7c00 will be requested when the pull request is marked ready for review 7c00 is a code owner

@shrinidhijoshi shrinidhijoshi Awaiting requested review from shrinidhijoshi shrinidhijoshi will be requested when the pull request is marked ready for review shrinidhijoshi is a code owner

@pdabre12 pdabre12 Awaiting requested review from pdabre12 pdabre12 will be requested when the pull request is marked ready for review pdabre12 is a code owner

@feilong-liu feilong-liu Awaiting requested review from feilong-liu feilong-liu will be requested when the pull request is marked ready for review feilong-liu is a code owner

@ClarenceThreepwood ClarenceThreepwood Awaiting requested review from ClarenceThreepwood ClarenceThreepwood will be requested when the pull request is marked ready for review ClarenceThreepwood is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

from:IBM PR from IBM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mehradpk @prestodb-ci