ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v202011…

…02 - CVE-2020-27218

Bump jetty.version to 9.4.35.v20201120.

The [release notes](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.35.v20201120)
mention [issue 5605](jetty/jetty.project#5605):

> java.io.IOException: unconsumed input during http request parsing

which seems to match the description of
[CVE-2020-27218](http://cve.circl.lu/cve/CVE-2020-27218)

Author: Damien Diederen <dd@crosstwine.com>

Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org>, Andor Molnar <anmolnar@apache.org>, Patrick D. Hunt <phunt@apache.org>

Closes apache#1552 from ztzg/jetty-upgrade-CVE-2020-27218

pom.xml

@@ -438,7 +438,7 @@
     <hamcrest.version>2.2</hamcrest.version>
     <commons-cli.version>1.4</commons-cli.version>
     <netty.version>4.1.50.Final</netty.version>
-    <jetty.version>9.4.34.v20201102</jetty.version>
+    <jetty.version>9.4.35.v20201120</jetty.version>
     <jackson.version>2.10.5</jackson.version>
     <jline.version>2.14.6</jline.version>
     <snappy.version>1.1.7.7</snappy.version>

zookeeper-server/src/main/resources/lib/jetty-client-9.4.34.v20201102.LICENSE.txt → zookeeper-server/src/main/resources/lib/jetty-client-9.4.35.v20201120.LICENSE.txt

@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

zookeeper-server/src/main/resources/lib/jetty-http-9.4.34.v20201102.LICENSE.txt → zookeeper-server/src/main/resources/lib/jetty-http-9.4.35.v20201120.LICENSE.txt

@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

zookeeper-server/src/main/resources/lib/jetty-io-9.4.34.v20201102.LICENSE.txt → zookeeper-server/src/main/resources/lib/jetty-io-9.4.35.v20201120.LICENSE.txt

@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.
 
 
 

zookeeper-server/src/main/resources/lib/jetty-security-9.4.34.v20201102.LICENSE.txt → zookeeper-server/src/main/resources/lib/jetty-security-9.4.35.v20201120.LICENSE.txt

@@ -1,8 +1,7 @@
 This program and the accompanying materials are made available under the
-terms of the Eclipse Public License 1.0 which is available at
-https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt
-or the Apache Software License 2.0 which is available at
-https://www.apache.org/licenses/LICENSE-2.0
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License
+2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.