felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (FELIX-5664) Update Jetty to 9.3.20.v20170531 or 9.4.6.v20170531 to fix CVE-2017-9735
Date Tue, 11 Jul 2017 08:26:00 GMT

     [ https://issues.apache.org/jira/browse/FELIX-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Carsten Ziegeler reassigned FELIX-5664:
---------------------------------------

    Assignee: Carsten Ziegeler

> Update Jetty to 9.3.20.v20170531 or 9.4.6.v20170531 to fix CVE-2017-9735
> ------------------------------------------------------------------------
>
>                 Key: FELIX-5664
>                 URL: https://issues.apache.org/jira/browse/FELIX-5664
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http.jetty-3.4.2
>            Reporter: Antoine DESSAIGNE
>            Assignee: Carsten Ziegeler
>             Fix For: http.jetty-3.4.4
>
>
> The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive to CVE-2017-9735,
see:
> * https://nvd.nist.gov/vuln/detail/CVE-2017-9735
> * https://github.com/eclipse/jetty.project/issues/1556
> The CVE fix has been released in Jetty 9.3.20.v20170531 or 9.4.6.v20170531, so http.jetty
need to be updated.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message