Update jetty version to 9.4.35.v20201120

Includes a fix for CVE-2020-27218 [1] that affects versions prior to 9.4.35.v20201120. As of: [2] new dependency was added to jetty-servlet: jetty-util-ajax. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-27218 [2] https://github.com/eclipse/jetty.project/issues/5539 Change-Id: I51549c9588f5748f36e145f8c4b347f97c08b4d8
2021-01-10 23:33:52 +01:00
parent 96ccc2388a
commit d1319c64d7
3 changed files with 27 additions and 10 deletions
--- a/lib/jetty/BUILD
+++ b/lib/jetty/BUILD
@@ -4,7 +4,10 @@ java_library(
    name = "servlet",
    data = ["//lib:LICENSE-Apache2.0"],
    visibility = ["//visibility:public"],
-    exports = ["@jetty-servlet//jar"],
+    exports = [
+        ":util-ajax",
+        "@jetty-servlet//jar",
+    ],
    runtime_deps = [":security"],
 )

@@ -69,3 +72,9 @@ java_library(
    data = ["//lib:LICENSE-Apache2.0"],
    exports = ["@jetty-util//jar"],
 )
+
+java_library(
+    name = "util-ajax",
+    data = ["//lib:LICENSE-Apache2.0"],
+    exports = ["@jetty-util-ajax//jar"],
+)