You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/14 18:55:32 UTC
[GitHub] [pulsar] klwilson227 opened a new issue #8060: CVE-2019-17638 jetty server
klwilson227 opened a new issue #8060:
URL: https://github.com/apache/pulsar/issues/8060
**Describe the bug**
The jetty server used has a CVE against it.
https://nvd.nist.gov/vuln/detail/CVE-2019-17638
Issue path: /pulsar/lib/org.eclipse.jetty-jetty-server-9.4.29.v20200521.jar:jetty-server _nl_ No additional information provided by the scanner.
Reference Info:
https://github.com/advisories/GHSA-x3rh-m7vp-35f2
Severity Rating: 9.4 critical.
Currently bundled
Run CVE STAT scan against the pulsar-core 2.6 docker image.
**Expected behavior**
Expect CVE scan/report to be clear in the product.
**Desktop (please complete the following information):**
- OS: all
**Additional context**
Add any other context about the problem here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie closed issue #8060: CVE-2019-17638 jetty server
Posted by GitBox <gi...@apache.org>.
sijie closed issue #8060:
URL: https://github.com/apache/pulsar/issues/8060
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server
Posted by GitBox <gi...@apache.org>.
zymap commented on issue #8060:
URL: https://github.com/apache/pulsar/issues/8060#issuecomment-696506018
Hi @klwilson227 , It seems already addressed by the PR #8035 according to https://www.eclipse.org/jetty/security-reports.html
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] zymap commented on issue #8060: CVE-2019-17638 jetty server
Posted by GitBox <gi...@apache.org>.
zymap commented on issue #8060:
URL: https://github.com/apache/pulsar/issues/8060#issuecomment-696506018
Hi @klwilson227 , It seems already addressed by the PR #8035 according to https://www.eclipse.org/jetty/security-reports.html
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #8060: CVE-2019-17638 jetty server
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #8060:
URL: https://github.com/apache/pulsar/issues/8060#issuecomment-700835624
It is fixed by #8035
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org