[jira] [Updated] (KARAF-8004) Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115

Jira Thu, 18 Sep 2025 11:13:30 -0700


     [ 
https://issues.apache.org/jira/browse/KARAF-8004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré updated KARAF-8004:
----------------------------------------
    Summary: Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115  (was: Upgrade 
http2-common to 9.4.58 to mitigate CVE-2025-5115)

> Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115
> -------------------------------------------------
>
>                 Key: KARAF-8004
>                 URL: https://issues.apache.org/jira/browse/KARAF-8004
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.8
>            Reporter: Karthick
>            Priority: Major
>
> There is a High severity vulnerability CVE-2025-5115 that affects Http2 
> (MadeYouReset) and there has been a fix released in 9.4.58 (Refer [Eclipse 
> Jetty affected by MadeYouReset HTTP/2 vulnerability | GitLab Advisory 
> Database|https://advisories.gitlab.com/pkg/maven/org.eclipse.jetty.http2/jetty-http2-common/CVE-2025-5115/])
>  
> As we get org.eclipse.jetty.http2/http2-common from pax-web-http , [included 
> in Karaf] please check and update to the latest released version (if 
> available) so that we are protected in upcoming Karaf release 4.4.9



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KARAF-8004) Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115

Reply via email to