You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@zookeeper.apache.org by "admxj (via GitHub)" <gi...@apache.org> on 2023/06/16 06:40:54 UTC
[GitHub] [zookeeper] admxj opened a new pull request, #2010: fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0
admxj opened a new pull request, #2010:
URL: https://github.com/apache/zookeeper/pull/2010
### What happened?
There are 1 security vulnerabilities found in org.eclipse.jetty:jetty-server 9.4.49.v20220914
- [CVE-2023-26049](https://www.oscs1024.com/hd/CVE-2023-26049)
### What did I do?
Upgrade org.eclipse.jetty:jetty-server from 9.4.49.v20220914 to 12.0.0.beta0 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] anmolnar commented on pull request #2010: fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0
Posted by "anmolnar (via GitHub)" <gi...@apache.org>.
anmolnar commented on PR #2010:
URL: https://github.com/apache/zookeeper/pull/2010#issuecomment-1595200522
@admxj Please a create a Jira for the issue first and let the community discuss the best solution.
We won't upgrade to a beta version of Jetty and according to @ctubbsii comment, we probably don't need it.
Closing.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] ctubbsii commented on pull request #2010: fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0
Posted by "ctubbsii (via GitHub)" <gi...@apache.org>.
ctubbsii commented on PR #2010:
URL: https://github.com/apache/zookeeper/pull/2010#issuecomment-1595141379
Version 9.4.51 already fixes this according to https://nvd.nist.gov/vuln/detail/CVE-2023-26049 and that's being done in #2007 . This is redundant, and I have no idea what OSCS is, or why the link to oscs1024 dot com, whatever that is.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] anmolnar closed pull request #2010: fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0
Posted by "anmolnar (via GitHub)" <gi...@apache.org>.
anmolnar closed pull request #2010: fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0
URL: https://github.com/apache/zookeeper/pull/2010
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org