[jira] Closed: (GERONIMO-4268) Upgrade to Jetty 6.1.7 to include security fixes

Donald Woods (JIRA) Tue, 26 Aug 2008 14:13:47 -0700

     [ 
https://issues.apache.org/jira/browse/GERONIMO-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Donald Woods closed GERONIMO-4268.
----------------------------------

    Resolution: Fixed

r689228 in branches/2.0 (2.0.3-SNAPSHOT)

> Upgrade to Jetty 6.1.7 to include security fixes
> ------------------------------------------------
>
>                 Key: GERONIMO-4268
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4268
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: dependencies
>    Affects Versions: 2.0, 2.0.1, 2.0.2, 2.1
>            Reporter: Donald Woods
>            Assignee: Donald Woods
>            Priority: Critical
>             Fix For: 2.0.3, 2.1
>
>
> See http://svn.codehaus.org/jetty/jetty/branches/jetty-6.1/VERSION.txt
> Fixed in 6.1.7 -
>  - JETTY-386 CERT-553235 backout fix and replaced with 
> ContextHandler.setCompactPath(boolean)
> Fixed in 6.1.6rc1 -
>  - CERT VU#38616 handle single quotes in cookie names.
>  - JETTY-452 CERT VU#237888 Dump Servlet - prevent cross site scripting
> Fixed in 6.1.6rc0 -
>  - CVE-2007-5615 Added protection for response splitting with bad headers.
> Already fixed in 2.1.
> Creating as a placeholder for the 2.0.3 release.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-4268) Upgrade to Jetty 6.1.7 to include security fixes

Reply via email to