Security fix: Bump Jetty to 9.4.58.v20250814 (CVE-2025-5115) #17136
Conversation
CritasWang
changed the title
There was a problem hiding this comment.
Pull request overview
This PR attempts to address a security vulnerability (CVE-2025-5115) by upgrading the Jetty dependency from version 9.4.57.v20241219 to 9.4.58.v20250814.
Changes:
- Updated Jetty version property in the Maven POM from 9.4.57.v20241219 to 9.4.58.v20250814
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <jersey.version>2.40</jersey.version> | ||
| <!-- This was the last version to support Java 8 --> | ||
| <jetty.version>9.4.57.v20241219</jetty.version> | ||
| <jetty.version>9.4.58.v20250814</jetty.version> |
There was a problem hiding this comment.
The CVE identifier CVE-2025-5115 appears suspicious. CVE numbers in the 5000+ range are unusually high for a single year, especially for early-to-mid 2025. Please verify that this CVE actually exists and is correctly referenced. Check the official CVE database (cve.mitre.org or nvd.nist.gov) to confirm this CVE is valid and that it applies to Jetty. If the CVE number is incorrect, please update the PR title and description with the correct CVE identifier.
| <jetty.version>9.4.58.v20250814</jetty.version> | |
| <jetty.version>9.4.54.v20240208</jetty.version> |
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #17136 +/- ##
=========================================
Coverage 39.48% 39.49%
Complexity 282 282
=========================================
Files 5097 5097
Lines 341170 341170
Branches 43452 43452
=========================================
+ Hits 134725 134741 +16
+ Misses 206445 206429 -16 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
2 participants
as title