[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201
[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17827854#comment-17827854 ] Jean-Baptiste Onofré commented on KARAF-7808: - The release will be in vote this week. > Stepup Jetty and pax-web to solve CVE-2024-22201 > > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf >Affects Versions: 4.4.5 > Environment: Linux >Reporter: Karthick >Assignee: Jean-Baptiste Onofré >Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201
[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17827845#comment-17827845 ] Karthick commented on KARAF-7808: - Hi Jean, so now we can expect karaf 4.4.6 release? > Stepup Jetty and pax-web to solve CVE-2024-22201 > > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf >Affects Versions: 4.4.5 > Environment: Linux >Reporter: Karthick >Assignee: Jean-Baptiste Onofré >Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201
[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17825145#comment-17825145 ] Karthick commented on KARAF-7808: - Hi Jean, hope you are progressing on this > Stepup Jetty and pax-web to solve CVE-2024-22201 > > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf >Affects Versions: 4.4.5 > Environment: Linux >Reporter: Karthick >Assignee: Jean-Baptiste Onofré >Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201
[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823039#comment-17823039 ] Jean-Baptiste Onofré commented on KARAF-7808: - Yeah, I have the PRs almost ready. I will move forward on this Jira. > Stepup Jetty and pax-web to solve CVE-2024-22201 > > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf >Affects Versions: 4.4.5 > Environment: Linux >Reporter: Karthick >Assignee: Jean-Baptiste Onofré >Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201
[ https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823031#comment-17823031 ] Karthick commented on KARAF-7808: - [~jbonofre] could you have a look at this? > Stepup Jetty and pax-web to solve CVE-2024-22201 > > > Key: KARAF-7808 > URL: https://issues.apache.org/jira/browse/KARAF-7808 > Project: Karaf > Issue Type: Dependency upgrade > Components: karaf >Affects Versions: 4.4.5 > Environment: Linux >Reporter: Karthick >Priority: Major > Labels: dependency-upgrade, security > > We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 > 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business > critical. Please bump up to newer version that solves the vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)
