[GERONIMO-4268] Upgrade to Jetty 6.1.7 to include security fixes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0, 2.0.1, 2.0.2, 2.1
Fix Version/s: 2.0.3, 2.1
Component/s: dependencies
Security Level: public (Regular issues)
Labels:
None

Description

See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
Fixed in 6.1.7 -

JETTY-386 CERT-553235 backout fix and replaced with ContextHandler.setCompactPath(boolean)
Fixed in 6.1.6rc1 -
CERT VU#38616 handle single quotes in cookie names.
JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
Fixed in 6.1.6rc0 -
CVE-2007-5615 Added protection for response splitting with bad headers.

Already fixed in 2.1.
Creating as a placeholder for the 2.0.3 release.

Attachments

Activity

People

Assignee:: Donald Woods

Reporter:: Donald Woods

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Aug/08 20:39

Updated:: 26/Aug/08 21:11

Resolved:: 26/Aug/08 21:11