You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2017/07/11 08:29:00 UTC
[jira] [Resolved] (FELIX-5664) Update Jetty to 9.3.20.v20170531 or
9.4.6.v20170531 to fix CVE-2017-9735
[ https://issues.apache.org/jira/browse/FELIX-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved FELIX-5664.
-------------------------------------
Resolution: Fixed
Updated in rev 1801567
> Update Jetty to 9.3.20.v20170531 or 9.4.6.v20170531 to fix CVE-2017-9735
> ------------------------------------------------------------------------
>
> Key: FELIX-5664
> URL: https://issues.apache.org/jira/browse/FELIX-5664
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-3.4.2
> Reporter: Antoine DESSAIGNE
> Assignee: Carsten Ziegeler
> Fix For: http.jetty-3.4.4
>
>
> The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive to CVE-2017-9735, see:
> * https://nvd.nist.gov/vuln/detail/CVE-2017-9735
> * https://github.com/eclipse/jetty.project/issues/1556
> The CVE fix has been released in Jetty 9.3.20.v20170531 or 9.4.6.v20170531, so http.jetty need to be updated.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)