Details
-
Dependency upgrade
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
4.3.9
-
None
Description
As per CVE https://nvd.nist.gov/vuln/detail/CVE-2023-26048 , Jetty version till 9.4.50 is impacted in a multipart issue. This is howwver fixed by jetty in later versions. We use Apache Karaf that brings the Jetty through pax-web. Please stepup the components so that the final karaf runtime has 9.4.51 Jetty in it.
Other CVE https://nvd.nist.gov/vuln/detail/CVE-2023-26049 is also fixed by this stepup
Attachments
Issue Links
- is duplicated by
-
KARAF-7745 Upgrade to Pax Web 8.0.22 & Jetty 9.4.52.v20230823
-
- Resolved
-