[jira] [Assigned] (KARAF-8004) Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115

Jira Fri, 17 Oct 2025 16:01:41 -0700


     [ 
https://issues.apache.org/jira/browse/KARAF-8004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré reassigned KARAF-8004:
-------------------------------------------

    Target Version/s: 4.5.0, 4.4.9
            Assignee: Jean-Baptiste Onofré

> Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115
> -------------------------------------------------
>
>                 Key: KARAF-8004
>                 URL: https://issues.apache.org/jira/browse/KARAF-8004
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.8
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> There is a High severity vulnerability CVE-2025-5115 that affects Http2 
> (MadeYouReset) and there has been a fix released in 9.4.58 (Refer [Eclipse 
> Jetty affected by MadeYouReset HTTP/2 vulnerability | GitLab Advisory 
> Database|https://advisories.gitlab.com/pkg/maven/org.eclipse.jetty.http2/jetty-http2-common/CVE-2025-5115/])
>  
> As we get org.eclipse.jetty.http2/http2-common from pax-web-http , [included 
> in Karaf] please check and update to the latest released version (if 
> available) so that we are protected in upcoming Karaf release 4.4.9



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (KARAF-8004) Upgrade to Jetty 9.4.58 to mitigate CVE-2025-5115

Reply via email to