Anyone mind if I commit this patch to upgrade Jetty so that we can address the CVE?
Also, what about cutting a new release to get this out there? Bruce ---------- Forwarded message ---------- From: Bruce Snyder (Updated) (JIRA) <[email protected]> Date: Wed, Feb 1, 2012 at 9:44 AM Subject: [jira] [Updated] (AMQ-3693) Upgrade Jetty to address CVE-2011-4461 To: [email protected] [ https://issues.apache.org/jira/browse/AMQ-3693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruce Snyder updated AMQ-3693: ------------------------------ Attachment: (was: upgrade-jetty.patch) > Upgrade Jetty to address CVE-2011-4461 > -------------------------------------- > > Key: AMQ-3693 > URL: https://issues.apache.org/jira/browse/AMQ-3693 > Project: ActiveMQ > Issue Type: Task > Affects Versions: 5.5.1 > Reporter: Bruce Snyder > Attachments: upgrade-jetty.patch > > > Upgrade Jetty to the 7.6.0 release when it becomes final so as to address a > DoS vulnerability. See the > [CVE-2011-4461|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461] > for more information. See also the attached patch for changes. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira -- perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );' ActiveMQ in Action: http://bit.ly/2je6cQ Blog: http://bruceblog.org/ Twitter: http://twitter.com/brucesnyder
