Jetty upgrade due?
8 vues
Accéder directement au premier message non lu
Thad Guidry
1 juin 2022, 16:24:4301/06/2022
à openref...@googlegroups.com
Hello,
I was informed through backchannels that several major Jetty security flaws have been fixed after 9.4 which we are currently using that might expose our users unnecessarily (depending on their local network config).
I looked over a few and didn't see anything especially risky for local deployment, but did not check in depth.
I looked over a few and didn't see anything especially risky for local deployment, but did not check in depth.
Should we plan to upgrade to latest Jetty 11.0.9 soon-ish?
Markus Koschany
1 juin 2022, 17:00:1201/06/2022
à openref...@googlegroups.com
Hi,
> Should we plan to upgrade to latest Jetty 11.0.9 soon-ish?
In Debian we currently use Jetty 9.4.46 which has no known security
vulnerabilities. I believe it would suffice to update the pom.xml to this
version for now.
https://security-tracker.debian.org/tracker/source-package/jetty9
> Should we plan to upgrade to latest Jetty 11.0.9 soon-ish?
vulnerabilities. I believe it would suffice to update the pom.xml to this
version for now.
https://security-tracker.debian.org/tracker/source-package/jetty9
Thad Guidry
2 juin 2022, 14:36:1102/06/2022
à openref...@googlegroups.com
Thanks for your input here Markus.
--
You received this message because you are subscribed to the Google Groups "OpenRefine Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine-dev/211529cc5581704add23afe76aa35c97970a8f8d.camel%40gmail.com.
Répondre à tous
Répondre à l'auteur
Transférer
0 nouveau message