geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-4268) Upgrade to Jetty 6.1.7 to include security fixes
Date Tue, 26 Aug 2008 20:40:44 GMT
Upgrade to Jetty 6.1.7 to include security fixes
------------------------------------------------

                 Key: GERONIMO-4268
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4268
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: dependencies
    Affects Versions: 2.1, 2.0.2, 2.0.1, 2.0
            Reporter: Donald Woods
            Assignee: Donald Woods
            Priority: Critical
             Fix For: 2.0.3, 2.1


See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
Fixed in 6.1.7 -
 - JETTY-386 CERT-553235 backout fix and replaced with ContextHandler.setCompactPath(boolean)
Fixed in 6.1.6rc1 -
 - CERT VU#38616 handle single quotes in cookie names.
 - JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
Fixed in 6.1.6rc0 -
 - CVE-2007-5615 Added protection for response splitting with bad headers.

Already fixed in 2.1.
Creating as a placeholder for the 2.0.3 release.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message