Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-7692

Upgrade Pax Web 8.0.21 / Jetty to 9.4.52

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 4.3.9
    • None
    • karaf

    Description

      As per CVE https://nvd.nist.gov/vuln/detail/CVE-2023-26048 , Jetty version till 9.4.50 is impacted in a multipart issue. This is howwver fixed by jetty in later versions. We use Apache Karaf that brings the Jetty through pax-web. Please stepup the components so that the final karaf runtime has 9.4.51 Jetty in it.

       

      Other CVE https://nvd.nist.gov/vuln/detail/CVE-2023-26049 is also fixed by this stepup

      Attachments

        Issue Links

          is duplicated by

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-7745 Upgrade to Pax Web 8.0.22 & Jetty 9.4.52.v20230823

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              karthickm512 Karthick
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: