Upgrade Jetty Dependency to 9.4.24 or newer.
18 views
Skip to first unread message
Rasmus Olesen
Jan 23, 2020, 6:35:37 AM1/23/20
to OPS4J
For some reason i can't access the Jira bug reporting system. its just an infinite loop of cant sign up because account already exists and cant login because you account is doesnt have access...
So i hope that someone else will create a issue for this upgrade.
Jetty 9.4.21 to 9.4.23 are all affected by the following CVE
PAX currently builds against 9.4.22
I know that newer of versions of Jetty might be "api"/runtime compatible, but it would still be nice to have PAX building against a newer and non CVE affected jetty version.
/Rasmus
Grzegorz Grzybek
Jan 24, 2020, 12:52:35 PM1/24/20
to op...@googlegroups.com
Hello
I'm reviewing Pax Web now and I'll take care of the upgrade. Which Pax Web version are you using? 7.2.x?
regards
Grzegorz Grzybek
--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/a21deba1-653e-4d04-b005-c9ed1f19f152%40googlegroups.com.
Rasmus Olesen
Jan 24, 2020, 1:24:28 PM1/24/20
to op...@googlegroups.com
Awesome
We are currently using version 7.3.5.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAAdXmhoSv%2B8BX6S-GBZwQQBWc8Ww62%2BGPb6OxevkFOM9FB0wJA%40mail.gmail.com.
Grzegorz Grzybek
Feb 20, 2020, 3:10:29 AM2/20/20
to op...@googlegroups.com
Hello
Jean-Baptiste - I saw you're upgrading Jetty in pax-web. Will you do it in 7.2.x and 7.3.x?
regards
Grzegorz Grzybek
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAA_naH8bEwc1L8KeAP%3DZrcHDQWbVREMut-2HMo4b8Q-OFxwySw%40mail.gmail.com.
Jean-Baptiste Onofré
Feb 20, 2020, 3:26:28 AM2/20/20
to op...@googlegroups.com
Hi
Yes I’m upgrading to jetty 9.4.26 in pax web 7.2 and 7.3.
I just have to fix a package change about jaspi.
It should be done today.
Regards
JB
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAAdXmhqo-dL4Q0e6uDHyNAeYDzcq8iuc4BDGiX%2B4nKZqWfdiVA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages