felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antoine DESSAIGNE (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FELIX-5664) Update Jetty to 9.4.6.v20170531 to fix CVE-2017-9735
Date Fri, 07 Jul 2017 12:49:00 GMT
Antoine DESSAIGNE created FELIX-5664:

             Summary: Update Jetty to 9.4.6.v20170531 to fix CVE-2017-9735
                 Key: FELIX-5664
                 URL: https://issues.apache.org/jira/browse/FELIX-5664
             Project: Felix
          Issue Type: Bug
          Components: HTTP Service
    Affects Versions: http.jetty-3.4.2
            Reporter: Antoine DESSAIGNE

The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive to CVE-2017-9735,
* https://nvd.nist.gov/vuln/detail/CVE-2017-9735
* https://github.com/eclipse/jetty.project/issues/1556

The CVE fix has been released in Jetty 9.4.6.v20170531, so http.jetty need to be updated.

This message was sent by Atlassian JIRA

View raw message