geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-4268) Upgrade to Jetty 6.1.7 to include security fixes
Date Tue, 26 Aug 2008 21:12:44 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Donald Woods closed GERONIMO-4268.
----------------------------------

    Resolution: Fixed

r689228 in branches/2.0 (2.0.3-SNAPSHOT)

> Upgrade to Jetty 6.1.7 to include security fixes
> ------------------------------------------------
>
>                 Key: GERONIMO-4268
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4268
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: dependencies
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Donald Woods
>            Assignee: Donald Woods
>            Priority: Critical
>             Fix For: 2.0.3, 2.1
>
>
> See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
> Fixed in 6.1.7 -
>  - JETTY-386 CERT-553235 backout fix and replaced with ContextHandler.setCompactPath(boolean)
> Fixed in 6.1.6rc1 -
>  - CERT VU#38616 handle single quotes in cookie names.
>  - JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
> Fixed in 6.1.6rc0 -
>  - CVE-2007-5615 Added protection for response splitting with bad headers.
> Already fixed in 2.1.
> Creating as a placeholder for the 2.0.3 release.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message