Geronimo
  1. Geronimo
  2. GERONIMO-4268

Upgrade to Jetty 6.1.7 to include security fixes

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.0.1, 2.0.2, 2.1
    • Fix Version/s: 2.0.3, 2.1
    • Component/s: dependencies
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
      Fixed in 6.1.7 -

      • JETTY-386 CERT-553235 backout fix and replaced with ContextHandler.setCompactPath(boolean)
        Fixed in 6.1.6rc1 -
      • CERT VU#38616 handle single quotes in cookie names.
      • JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
        Fixed in 6.1.6rc0 -
      • CVE-2007-5615 Added protection for response splitting with bad headers.

      Already fixed in 2.1.
      Creating as a placeholder for the 2.0.3 release.

        Activity

        Hide
        Donald Woods added a comment -

        r689228 in branches/2.0 (2.0.3-SNAPSHOT)

        Show
        Donald Woods added a comment - r689228 in branches/2.0 (2.0.3-SNAPSHOT)

          People

          • Assignee:
            Donald Woods
            Reporter:
            Donald Woods
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development