From 7ca4ce089c5670142bf7bb7934efedfc0d6c4ee2 Mon Sep 17 00:00:00 2001
From: AnmolSun <124231245+AnmolSun@users.noreply.github.com>
Date: Mon, 29 Jan 2024 17:10:43 +0530
Subject: [PATCH 1/2] Upgrade jetty to 9.4.53 due to CVE-2023-44487

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0b1625b95..1fca50eba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -108,7 +108,7 @@
          <joda.time.version>2.9.9</joda.time.version>
          <avro.version>1.8.2</avro.version>
 
-         <jetty.version>9.4.44.v20210927</jetty.version>
+         <jetty.version>9.4.53.v20231009</jetty.version>
          <apache.jsp.version>8.0.33</apache.jsp.version>
 
          <jline.version>0.9.94</jline.version>

From 2286ff29d477504c071b85e22900e37541da7f52 Mon Sep 17 00:00:00 2001
From: AnmolSun <124231245+AnmolSun@users.noreply.github.com>
Date: Mon, 29 Jan 2024 17:13:45 +0530
Subject: [PATCH 2/2] Update release-log.txt with OOZIE-3720

---
 release-log.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/release-log.txt b/release-log.txt
index 7841defda..5ede8d303 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 5.3.0 release (trunk - unreleased)
 
+OOZIE-3720 Upgrade jetty to 9.4.53 due to CVE-2023-44487
 OOZIE-3717 When fork actions parallel submit, becasue ForkedActionStartXCommand and ActionStartXCommand has the same name, so ForkedActionStartXCommand would be lost, and cause deadlock (chenhd via dionusos)
 OOZIE-3715 Fix fork out more than one transitions submit , one transition submit fail can't execute KillXCommand (chenhd via dionusos)
 OOZIE-3716 Invocation of Main class completed Message is skipped when LauncherSecurityManager calls system exit (khr9603 via dionusos)