Upgrade to Jetty 6.1.7 to include security fixes
------------------------------------------------
Key: GERONIMO-4268
URL: https://issues.apache.org/jira/browse/GERONIMO-4268
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: dependencies
Affects Versions: 2.1, 2.0.2, 2.0.1, 2.0
Reporter: Donald Woods
Assignee: Donald Woods
Priority: Critical
Fix For: 2.0.3, 2.1
See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
Fixed in 6.1.7 -
- JETTY-386 CERT-553235 backout fix and replaced with
ContextHandler.setCompactPath(boolean)
Fixed in 6.1.6rc1 -
- CERT VU#38616 handle single quotes in cookie names.
- JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
Fixed in 6.1.6rc0 -
- CVE-2007-5615 Added protection for response splitting with bad headers.
Already fixed in 2.1.
Creating as a placeholder for the 2.0.3 release.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
