You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Paul Stanley <Pa...@saaconsultants.com> on 2021/03/01 10:38:50 UTC
Re: Jetty security defect
Hi JB.
PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for
the CVE-2020-27223 fix.
Cheers
Paul
From: "Jean-Baptiste Onofre" <jb...@nanthrax.net>
To: "user" <us...@karaf.apache.org>
Date: 26/02/2021 06:21
Subject: Re: Jetty security defect
Hi Gerald,
Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).
Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet
fully ready.
Regards
JB
Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <
catshout@mailbox.org> a écrit :
Hi all, which Karaf release does contain which Pax Web? When would Pax Web
8.0 be released?
Tx in advance.
Sent by my mobile device
- Gerald Kallas
Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <jb...@nanthrax.net>:
Hi,
Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
Regards
JB
Le 25 févr. 2021 à 19:18, Jackson, Douglas <do...@siemens.com>
a écrit :
Hi!
Is the new pax-web going into the karaf 4.2.11 release?
It appears that release might be available sooner than the 4.3.1 release
and I need to apply the fix fairly soon.
Thanks,
Doug
Re: Jetty security defect
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Yes, correct, both 4.2 and 4.3 will get the Jetty upgrade.
Regards
JB
> Le 1 mars 2021 à 14:55, Serge Huber <sh...@apache.org> a écrit :
>
> Thanks for the work guys !
>
> Am I understanding correctly that both Karaf 4.2 and 4.3 will get this Jetty upgrade?
>
> Regards,
> Serge...
>
> On Mon, Mar 1, 2021 at 2:30 PM Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
> Hi Paul,
>
> Thanks for the update. I’m cutting a new Pax Web release and update in Karaf now.
>
> Thanks again !
>
> Regards
> JB
>
>> Le 1 mars 2021 à 11:38, Paul Stanley <Paul.Stanley@saaconsultants.com <ma...@saaconsultants.com>> a écrit :
>>
>> Hi JB.
>>
>> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the CVE-2020-27223 fix.
>>
>> Cheers
>> Paul
>>
>>
>>
>> From: "Jean-Baptiste Onofre" <jb@nanthrax.net <ma...@nanthrax.net>>
>> To: "user" <user@karaf.apache.org <ma...@karaf.apache.org>>
>> Date: 26/02/2021 06:21
>> Subject: Re: Jetty security defect
>>
>>
>>
>> Hi Gerald,
>>
>> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).
>>
>> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully ready.
>>
>> Regards
>> JB
>>
>> Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <http://mailbox.org/> <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>
>> Hi all, which Karaf release does contain which Pax Web? When would Pax Web 8.0 be released?
>>
>> Tx in advance.
>>
>> Sent by my mobile device
>> - Gerald Kallas
>>
>> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>>
>> Hi,
>>
>> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
>>
>> Regards
>> JB
>>
>> Le 25 févr. 2021 à 19:18, Jackson, Douglas <douglas.s.jackson@siemens.com <ma...@siemens.com>> a écrit :
>>
>> Hi!
>> Is the new pax-web going into the karaf 4.2.11 release?
>> It appears that release might be available sooner than the 4.3.1 release and I need to apply the fix fairly soon.
>> Thanks,
>> Doug
>>
>>
>>
>>
>
Re: Jetty security defect
Posted by Serge Huber <sh...@apache.org>.
Thanks for the work guys !
Am I understanding correctly that both Karaf 4.2 and 4.3 will get this
Jetty upgrade?
Regards,
Serge...
On Mon, Mar 1, 2021 at 2:30 PM Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> Hi Paul,
>
> Thanks for the update. I’m cutting a new Pax Web release and update in
> Karaf now.
>
> Thanks again !
>
> Regards
> JB
>
> Le 1 mars 2021 à 11:38, Paul Stanley <Pa...@saaconsultants.com> a
> écrit :
>
> Hi JB.
>
> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for
> the CVE-2020-27223 fix.
>
> Cheers
> Paul
>
>
>
> From: "Jean-Baptiste Onofre" <jb...@nanthrax.net>
> To: "user" <us...@karaf.apache.org>
> Date: 26/02/2021 06:21
> Subject: Re: Jetty security defect
> ------------------------------
>
>
>
> Hi Gerald,
>
> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).
>
> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet
> fully ready.
>
> Regards
> JB
>
> Le 26 févr. 2021 à 07:20, Gerald Kallas - *mailbox.org*
> <http://mailbox.org/> <*catshout@mailbox.org* <ca...@mailbox.org>> a
> écrit :
>
> Hi all, which Karaf release does contain which Pax Web? When would Pax Web
> 8.0 be released?
>
> Tx in advance.
>
> Sent by my mobile device
> - Gerald Kallas
>
> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <*jb@nanthrax.net*
> <jb...@nanthrax.net>>:
>
> Hi,
>
> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
>
> Regards
> JB
>
> Le 25 févr. 2021 à 19:18, Jackson, Douglas <
> *douglas.s.jackson@siemens.com* <do...@siemens.com>> a écrit :
>
>
> Hi!
> Is the new pax-web going into the karaf 4.2.11 release?
> It appears that release might be available sooner than the 4.3.1 release
> and I need to apply the fix fairly soon.
> Thanks,
> Doug
>
>
>
>
>
>
Re: Jetty security defect
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi Paul,
Thanks for the update. I’m cutting a new Pax Web release and update in Karaf now.
Thanks again !
Regards
JB
> Le 1 mars 2021 à 11:38, Paul Stanley <Pa...@saaconsultants.com> a écrit :
>
> Hi JB.
>
> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the CVE-2020-27223 fix.
>
> Cheers
> Paul
>
>
>
> From: "Jean-Baptiste Onofre" <jb...@nanthrax.net>
> To: "user" <us...@karaf.apache.org>
> Date: 26/02/2021 06:21
> Subject: Re: Jetty security defect
>
>
>
> Hi Gerald,
>
> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).
>
> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully ready.
>
> Regards
> JB
>
> Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <http://mailbox.org/> <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>
> Hi all, which Karaf release does contain which Pax Web? When would Pax Web 8.0 be released?
>
> Tx in advance.
>
> Sent by my mobile device
> - Gerald Kallas
>
> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>
> Hi,
>
> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
>
> Regards
> JB
>
> Le 25 févr. 2021 à 19:18, Jackson, Douglas <douglas.s.jackson@siemens.com <ma...@siemens.com>> a écrit :
>
> Hi!
> Is the new pax-web going into the karaf 4.2.11 release?
> It appears that release might be available sooner than the 4.3.1 release and I need to apply the fix fairly soon.
> Thanks,
> Doug
>
>
>
>