[jira] [Created] (FELIX-5664) Update Jetty to 9.4.6.v20170531 to fix CVE-2017-9735

Antoine DESSAIGNE (JIRA) Fri, 07 Jul 2017 05:49:24 -0700

Antoine DESSAIGNE created FELIX-5664:
----------------------------------------


             Summary: Update Jetty to 9.4.6.v20170531 to fix CVE-2017-9735
                 Key: FELIX-5664
                 URL: https://issues.apache.org/jira/browse/FELIX-5664
             Project: Felix
          Issue Type: Bug
          Components: HTTP Service
    Affects Versions: http.jetty-3.4.2
            Reporter: Antoine DESSAIGNE


The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive 
to CVE-2017-9735, see:
* https://nvd.nist.gov/vuln/detail/CVE-2017-9735
* https://github.com/eclipse/jetty.project/issues/1556

The CVE fix has been released in Jetty 9.4.6.v20170531, so http.jetty need to 
be updated.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (FELIX-5664) Update Jetty to 9.4.6.v20170531 to fix CVE-2017-9735

Reply via email to