[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Jira Sun, 03 Mar 2024 21:56:10 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823039#comment-17823039
 ]


Jean-Baptiste Onofré commented on KARAF-7808:
---------------------------------------------

Yeah, I have the PRs almost ready. I will move forward on this Jira.

> Stepup Jetty and pax-web to solve CVE-2024-22201
> ------------------------------------------------
>
>                 Key: KARAF-7808
>                 URL: https://issues.apache.org/jira/browse/KARAF-7808
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.5
>         Environment: Linux
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: dependency-upgrade, security
>
> We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 
> 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business 
> critical. Please bump up to newer version that solves the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Reply via email to