Karthick created KARAF-7808:
-------------------------------
Summary: Stepup Jetty and pax-web to solve CVE-2024-22201
Key: KARAF-7808
URL: https://issues.apache.org/jira/browse/KARAF-7808
Project: Karaf
Issue Type: Dependency upgrade
Components: karaf
Affects Versions: 4.4.5
Environment: Linux
Reporter: Karthick
We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2
9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business
critical. Please bump up to newer version that solves the vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
