Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-5664

Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: http.jetty-3.4.2
    • Fix Version/s: http.jetty-3.4.4
    • Component/s: HTTP Service
    • Labels:
      None

      Description

      The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive to CVE-2017-9735, see:

      The CVE fix has been released in Jetty 9.3.20.v20170531 or 9.4.6.v20170531, so http.jetty need to be updated.

        Attachments

          Activity

            People

            • Assignee:
              cziegeler Carsten Ziegeler
              Reporter:
              antoine.dessaigne Antoine DESSAIGNE
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: