Re: Jetty security defect

2021-03-01 Thread Jean-Baptiste Onofre
> >> >> >> From:"Jean-Baptiste Onofre" > <mailto:j...@nanthrax.net>> >> To:"user" mailto:user@karaf.apache.org>> >> Date:26/02/2021 06:21 >> Subject:Re: Jetty security defect >>

Re: Jetty security defect

2021-03-01 Thread Serge Huber
t; > From:"Jean-Baptiste Onofre" > To: "user" > Date:26/02/2021 06:21 > Subject:Re: Jetty security defect > -- > > > > Hi Gerald, > > Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty up

Re: Jetty security defect

2021-03-01 Thread Jean-Baptiste Onofre
t; CVE-2020-27223 fix. > > Cheers > Paul > > > > From:"Jean-Baptiste Onofre" > To:"user" > Date: 26/02/2021 06:21 > Subject:Re: Jetty security defect > > > > Hi Gerald, > > Karaf 4.3.1 w

Re: Jetty security defect

2021-03-01 Thread Paul Stanley
Hi JB. PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the CVE-2020-27223 fix. Cheers Paul From: "Jean-Baptiste Onofre" To: "user" Date: 26/02/2021 06:21 Subject: Re: Jetty security defect Hi Gerald, Karaf 4.3.1 will stil

Re: Jetty security defect

2021-02-25 Thread Jean-Baptiste Onofre
Hi Gerald, Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update). Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully ready. Regards JB > Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org > a écrit : > > Hi all, which Karaf release does contain which Pax

Re: Jetty security defect

2021-02-25 Thread Gerald Kallas - mailbox.org
Hi all, which Karaf release does contain which Pax Web? When would Pax Web 8.0 be released? Tx in advance. Sent by my mobile device - Gerald Kallas > Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre : > > Hi, > > Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36. > > Regards > JB >

Re: Jetty security defect

2021-02-25 Thread Jean-Baptiste Onofre
Hi, Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36. Regards JB > Le 25 févr. 2021 à 19:18, Jackson, Douglas a > écrit : > > > Hi! > Is the new pax-web going into the karaf 4.2.11 release? > It appears that release might be available sooner than the 4.3.1 release and > I need to apply

RE: Jetty security defect

2021-02-25 Thread Jackson, Douglas
Hi! Is the new pax-web going into the karaf 4.2.11 release? It appears that release might be available sooner than the 4.3.1 release and I need to apply the fix fairly soon. Thanks, Doug

Re: Jetty security defect

2021-01-25 Thread Jean-Baptiste Onofre
Hi Doug, It’s already done in Pax Web. I just have to cut Karaf 4.3.1 release. But the way, Karaf by itself doesn’t define Jetty anymore: he leverages Pax Web or Felix Jetty. Regards JB > Le 25 janv. 2021 à 17:28, Jackson, Douglas a > écrit : > > Hi! > There seems to be a security defect

Jetty security defect

2021-01-25 Thread Jackson, Douglas
Hi! There seems to be a security defect against the Jetty Server used by karaf 4.3.0. In order to avoid it, we would need to upgrade to 9.4.36 or similar. Are there any plans to upgrade the Jetty used by karaf 4.3.x? Thanks, Doug