[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823031#comment-17823031 ]
Karthick commented on KARAF-7808: --------------------------------- [~jbonofre] could you have a look at this? > Stepup Jetty and pax-web to solve CVE-2024-22201 > ------------------------------------------------ > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf > Affects Versions: 4.4.5 > Environment: Linux > Reporter: Karthick > Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)