[jira] [Updated] (ZOOKEEPER-5038) Upgrade Jetty to address CVE-2026-2332

ASF GitHub Bot (Jira) Wed, 20 May 2026 08:17:09 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-5038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated ZOOKEEPER-5038:
--------------------------------------
    Labels: pull-request-available  (was: )

> Upgrade Jetty to address CVE-2026-2332
> --------------------------------------
>
>                 Key: ZOOKEEPER-5038
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-5038
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: server
>    Affects Versions: 3.9.5, 3.8.6
>            Reporter: Jota Martos
>            Assignee: Dávid Paksy
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Jetty versions lower than 9.4.60 are affected by this CVE. 
> bq. Jetty incorrectly parses quoted strings in HTTP/1.1 chunked transfer 
> encoding extension values, enabling request smuggling attacks.
> You can find more information in the [security 
> advisory|https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-5038) Upgrade Jetty to address CVE-2026-2332

Reply via email to