Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-7808

Stepup Jetty and pax-web to solve CVE-2024-22201

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.4.5
    • 4.4.6
    • karaf

    • Linux

    Description

      We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business critical. Please bump up to newer version that solves the vulnerability.

      Attachments

        Issue Links

          is blocked by

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-7814 Upgrade to Pax Web 8.0.27 / Jetty 9.4.54.v20240208

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              karthickm512 Karthick
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: