[
https://issues.apache.org/jira/browse/ZOOKEEPER-4932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18011297#comment-18011297
]
Andor Molnar commented on ZOOKEEPER-4932:
-----------------------------------------
According to ZOOKEEPER-4876 ZooKeeper is not vulnerable to CVE-2024-6763, but
looks like we accidentally removed it from Owasp suppressions.
Let me put it back with this ticket.
We cannot upgrade to the latest version of Jetty, because it doesn't support
Java 8 anymore.
cc [~eolivelli] [~kezhuw]
h1.
> The newest version of zookeeper includes Jetty versiob 9.4.57.x which has
> CVE-2024-6763 issue
> ---------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4932
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4932
> Project: ZooKeeper
> Issue Type: Bug
> Components: build
> Reporter: Satyapira Pradhan
> Assignee: Andor Molnar
> Priority: Major
>
> Hi,
> Can you please help me on below request.
> The newest version of zookeeper includes Jetty version 9.4.57.x which has
> CVE-2024-6763 issue. When can the Jetty version will be upgraded to 12.0.12
> or greater for zookeeper 3.9.4 or greater version
> https://github.com/apache/zookeeper/blob/release-3.9.3-2/pom.xml#L563
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
