You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2022/09/26 11:15:23 UTC

[GitHub] [zookeeper] symat commented on pull request #1866: ZOOKEEPER-4532: Bump jetty to 9.4.46.v20220331(avoids CVE-2022-22965)

symat commented on PR #1866:
URL: https://github.com/apache/zookeeper/pull/1866#issuecomment-1257873500

   Thank you @edwin092 , [CVE-2022-2048](https://github.com/advisories/GHSA-wgmr-mf83-7x4j) indeed looks scary and it does affect ZooKeeper. Unfortunately we need at least jetty 9.4.47 to fix it, so this PR in its current form is not enough. 
   
   @fu-turer - can you update your PR to go up to Jetty 9.4.47? Then I can merge it to all active branches.
   Or if you have no time for it, then I can submit an other PR for [ZOOKEEPER-4599](https://issues.apache.org/jira/browse/ZOOKEEPER-4599)
   Thank you!!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org