You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2022/07/13 08:37:19 UTC

[GitHub] [bookkeeper] nicoloboschi opened a new pull request, #3404: [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

nicoloboschi opened a new pull request, #3404:
URL: https://github.com/apache/bookkeeper/pull/3404

   
   ### Motivation
   Owasp check fails because jetty 9.4.44 is marked as vulnerable due to [CVE-2022-2047](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2047)
   
   Note that Jetty 9.4.x is EOL after `9.4.48.v20220622` 
   
   ### Changes
   
   * Upgrade to latest 9.4.x (9.4.48.v20220622)
   (see https://github.com/eclipse/jetty.project/releases)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 commented on pull request #3404: [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

Posted by GitBox <gi...@apache.org>.

hangc0276 commented on PR #3404:
URL: https://github.com/apache/bookkeeper/pull/3404#issuecomment-1183316106

   rerun failure checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] nicoloboschi commented on pull request #3404: [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

Posted by GitBox <gi...@apache.org>.

nicoloboschi commented on PR #3404:
URL: https://github.com/apache/bookkeeper/pull/3404#issuecomment-1183084375

   rerun failure checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] nicoloboschi merged pull request #3404: [security] Upgrade Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

Posted by GitBox <gi...@apache.org>.

nicoloboschi merged PR #3404:
URL: https://github.com/apache/bookkeeper/pull/3404


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org