Update Release notes for DSE 6.8 and 6.9

emerkle826 · emerkle826 · commit 042a016360e1 · 2026-02-10T10:18:39.000-06:00
This patch removes CVE-2024-6763 as fixed in 6.8.58 and 6.9.10 as scan have shown there is still an older version of Jetty being shipped. This will be addressed in the next releases of each. Also, CVE-2024-47554 is removed as Apache commins-io version 2.8.0 is still being pulled in via gremlin-console. This too will be addressed in the next release of each.
diff --git a/DSE_6.8_Release_Notes.md b/DSE_6.8_Release_Notes.md
@@ -133,7 +133,6 @@ If you're developing applications, please refer to the [Java Driver documentatio
 
 ## 6.8.58 DSE CVE
 * Upgraded the `net.minidev:json-smart` Java JSON parser package to version `2.5.2` to resolve a Denial of Service (DoS) vulnerability. (DSP-24851, [CVE-2024-57699](https://nvd.nist.gov/vuln/detail/CVE-2024-57699))
-* Upgraded Jetty to version `9.4.57.v20241219` and Apache Commons IO to version `2.19.0`. (DSP-24855, [CVE-2024-6763](https://nvd.nist.gov/vuln/detail/CVE-2024-6763), [CVE-2024-47554](https://nvd.nist.gov/vuln/detail/CVE-2024-47554))
 * Upgraded the Apache Commons BeanUtils library to version `1.11.0` to resolve a vulnerability. (DSP-24857, [CVE-2025-48734](https://nvd.nist.gov/vuln/detail/CVE-2025-48734))
 * Upgraded Netty to version `4.1.119.1.dse`, which is based on version `4.1.119.Final`. (DSP-24850, [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970))
 * Upgraded the protocol buffers (protobuf) to version `4.29.4` to support DSE core workloads. (DSP-24853, [CVE-2024-7254](https://nvd.nist.gov/vuln/detail/CVE-2024-7254))
diff --git a/DSE_6.9_Release_Notes.md b/DSE_6.9_Release_Notes.md
@@ -217,7 +217,6 @@ If you're developing applications, please refer to the [Java Driver documentatio
 
 ## 6.9.10 DSE CVE
 * Upgraded the `net.minidev:json-smart` Java JSON parser package to version `2.5.2`. (DSP-24851, [CVE-2024-57699](https://nvd.nist.gov/vuln/detail/CVE-2024-57699))
-* Upgraded Jetty to version `9.4.57.v20241219` and Apache Commons IO to version `2.19.0`. (DSP-24855, [CVE-2024-6763](https://nvd.nist.gov/vuln/detail/CVE-2024-6763), [CVE-2024-47554](https://nvd.nist.gov/vuln/detail/CVE-2024-47554))
 * Upgraded the Apache Commons BeanUtils library to version `1.11.0` to resolve a vulnerability. (DSP-24857, [CVE-2025-48734](https://nvd.nist.gov/vuln/detail/CVE-2025-48734))
 * Upgraded Netty to version `4.1.119.1.dse`, which is based on version `4.1.119.Final`. (DSP-24850, [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970))
 * Upgraded the protocol buffers (protobuf) to version `4.29.4` to support DSE core workloads. (DSP-24853, [CVE-2024-7254](https://nvd.nist.gov/vuln/detail/CVE-2024-7254))
