[
https://issues.apache.org/jira/browse/FELIX-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler closed FELIX-5664.
-----------------------------------
> Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735
> -----------------------------------------------------
>
> Key: FELIX-5664
> URL: https://issues.apache.org/jira/browse/FELIX-5664
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-3.4.2
> Reporter: Antoine DESSAIGNE
> Assignee: Carsten Ziegeler
> Fix For: http.jetty-3.4.4
>
>
> The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive
> to CVE-2017-9735, see:
> * https://nvd.nist.gov/vuln/detail/CVE-2017-9735
> * https://github.com/eclipse/jetty.project/issues/1556
> The CVE fix has been released in Jetty 9.3.20.v20170531 or 9.4.6.v20170531,
> so http.jetty need to be updated.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
