[jira] [Commented] (FELIX-6826) Update to Jetty 12.0.34

Thu, 30 Apr 2026 12:19:07 -0700 


    [ 
https://issues.apache.org/jira/browse/FELIX-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18077420#comment-18077420
 ] 

Stevon commented on FELIX-6826:
-------------------------------

jetty-http-12.0.32.jar has a reported vulnerability

[https://nvd.nist.gov/vuln/detail/CVE-2026-2332]

those that bring in 
[https://mvnrepository.com/artifact/org.apache.felix/org.apache.felix.http.jetty12]
 1.1.8 will be vulnerable to this.

I suggest a new release of Jetty12, with an upgrade to the patched Jetty HTTP 
lib.

> Update to Jetty 12.0.34
> -----------------------
>
>                 Key: FELIX-6826
>                 URL: https://issues.apache.org/jira/browse/FELIX-6826
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>            Reporter: Stevon
>            Assignee: Paul Rütter
>            Priority: Major
>
> [https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34|https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.34]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to