[jira] [Updated] (FELIX-5664) Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735

Carsten Ziegeler (JIRA) Tue, 11 Jul 2017 02:09:49 -0700

     [ 
https://issues.apache.org/jira/browse/FELIX-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler updated FELIX-5664:
------------------------------------
    Summary: Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735  (was: 
Update Jetty to 9.3.20.v20170531 or 9.4.6.v20170531 to fix CVE-2017-9735)

> Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735
> -----------------------------------------------------
>
>                 Key: FELIX-5664
>                 URL: https://issues.apache.org/jira/browse/FELIX-5664
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http.jetty-3.4.2
>            Reporter: Antoine DESSAIGNE
>            Assignee: Carsten Ziegeler
>             Fix For: http.jetty-3.4.4
>
>
> The current http.jetty version uses Jetty 9.3.15.v20161220 which is sensitive 
> to CVE-2017-9735, see:
> * https://nvd.nist.gov/vuln/detail/CVE-2017-9735
> * https://github.com/eclipse/jetty.project/issues/1556
> The CVE fix has been released in Jetty 9.3.20.v20170531 or 9.4.6.v20170531, 
> so http.jetty need to be updated.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (FELIX-5664) Update Jetty to 9.3.20.v20170531 to fix CVE-2017-9735

Reply via email to