[
https://issues.apache.org/jira/browse/ATLAS-4923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899182#comment-17899182
]
Madhan Neethiraj commented on ATLAS-4923:
-----------------------------------------
{quote}do we have any plan to upgrade jetty to 12.0.12 according to this
vulnerability?
{quote}
[~sonnyhcl] - thank you for raising attention to this. Looking at the details
of this vulnerability, it is relevant only if HttpURI class is used by an
application that uses jetty library. Jetty library itself is not impacted by
this issue. So, there is no plan to upgrade to 12.x version.
> Bump dependent component versions (dependabot) for commons-fileupload, testng
> -----------------------------------------------------------------------------
>
> Key: ATLAS-4923
> URL: https://issues.apache.org/jira/browse/ATLAS-4923
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-core
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.4.0
>
> Attachments: ATLAS-4923-2.patch
>
>
> Update version of following dependent components as suggested by dependabot:
> * commons-fileupload [https://github.com/apache/atlas/pull/227]
> * testng [https://github.com/apache/atlas/pull/230]
> In addition, jetty version is updated from 9.4.53.v20231009 to
> 9.4.56.v20240826.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
