Eclipse Jetty - Update to Latest Version?
4 views
Skip to first unread message
Elliott, Cory
Mar 12, 2024, 3:19:43 PMMar 12
to qz-p...@googlegroups.com
Jetty 10.0.16 is currently packaged in QZ Tray 2.2.3.
When will the latest release of Jetty (10.0.20) be included?
Is this something we can patch ourselves?
Looking to mitigate some HTTP/2 & DoS vulnerabilities.
When will the latest release of Jetty (10.0.20) be included?
Is this something we can patch ourselves?
Looking to mitigate some HTTP/2 & DoS vulnerabilities.
|
||||||||||
|
||||||||||
|
2650 Warrenville Road • Suite 300 • Downers Grove, IL 60515 |
||||||||||
|
||||||||||
|
|
Tres Finocchiaro
Mar 12, 2024, 5:53:57 PMMar 12
to Elliott, Cory, qz-print
The dependencies are bundled, so they cannot be patched outside of recompiling.
Furthermore, the dependencies are currently managed manually (e.g. versus Maven or Ivy) so there's no quick way to PR this yet.
With regards to (I presume CVE-2023-44487) this is probably throwing 7.5 (HIGH) on reports, but actually severity must be weighed against exposure. For example, environments using a centralized QZ Tray print-server would be higher risk. Environments allowing WAN access even moreso.
Regardless, the two best ways to track this are to email sup...@qz.io (Premium clients) or open a GitHub bug report. The latch will be available in QZ Tray 2.2.4, but the release date for this release is currently undecided.
--
You received this message because you are subscribed to the Google Groups "qz-print" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qz-print+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qz-print/PH0PR18MB4874142488129EE4F26C0550C92B2%40PH0PR18MB4874.namprd18.prod.outlook.com.
Elliott, Cory
Mar 12, 2024, 5:55:23 PMMar 12
to Tres Finocchiaro, qz-print
Noted - Thanks, Tres.
From: Tres Finocchiaro <tres.fin...@gmail.com>
Sent: Tuesday, March 12, 2024 4:53 PM
To: Elliott, Cory <cell...@ugn.com>
Cc: qz-print <qz-p...@googlegroups.com>
Subject: Re: Eclipse Jetty - Update to Latest Version?
Sent: Tuesday, March 12, 2024 4:53 PM
To: Elliott, Cory <cell...@ugn.com>
Cc: qz-print <qz-p...@googlegroups.com>
Subject: Re: Eclipse Jetty - Update to Latest Version?
Tres Finocchiaro
Mar 13, 2024, 10:53:12 AMMar 13
to Elliott, Cory, qz-print
FYI, We'll be moving to a more Maven-style dependency technique once https://github.com/qzind/tray/pull/1216 is resolved. That will make updating sweeping dependencies (such as Jetty) much easier.
-Tres
To view this discussion on the web visit https://groups.google.com/d/msgid/qz-print/PH0PR18MB4874F87D2087D13625C5763AC92B2%40PH0PR18MB4874.namprd18.prod.outlook.com.
Reply all
Reply to author
Forward
0 new messages