Jetty upgrade due?

6 views
Skip to first unread message

Thad Guidry

unread,
Jun 1, 2022, 4:24:43 PMJun 1
to openref...@googlegroups.com
Hello,

I was informed through backchannels that several major Jetty security flaws have been fixed after 9.4 which we are currently using that might expose our users unnecessarily (depending on their local network config).
I looked over a few and didn't see anything especially risky for local deployment, but did not check in depth.

Should we plan to upgrade to latest Jetty 11.0.9 soon-ish?

Markus Koschany

unread,
Jun 1, 2022, 5:00:12 PMJun 1
to openref...@googlegroups.com
Hi,

> Should we plan to upgrade to latest Jetty 11.0.9 soon-ish?

In Debian we currently use Jetty 9.4.46 which has no known security
vulnerabilities. I believe it would suffice to update the pom.xml to this
version for now.


https://security-tracker.debian.org/tracker/source-package/jetty9

Thad Guidry

unread,
Jun 2, 2022, 2:36:11 PMJun 2
to openref...@googlegroups.com
Thanks for your input here Markus.

--
You received this message because you are subscribed to the Google Groups "OpenRefine Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine-dev/211529cc5581704add23afe76aa35c97970a8f8d.camel%40gmail.com.
Reply all
Reply to author
Forward
0 new messages