[
https://issues.apache.org/jira/browse/KARAF-7770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795633#comment-17795633
]
Karthick commented on KARAF-7770:
---------------------------------
Hi, There are more and more vulnerabilities on Jetty, like CVE-2023-36478 which
are solved in 9.4.53. Hence this upgrade is very important for our releases and
we do not see Karaf 4.4.5 that might step this Jetty is still not put on vote.
Could you please provide timelines for this release so that we can commit to
our customers based on that?
> Update Eclipse Jetty to solve CVE-2023-36478
> --------------------------------------------
>
> Key: KARAF-7770
> URL: https://issues.apache.org/jira/browse/KARAF-7770
> Project: Karaf
> Issue Type: Dependency upgrade
> Components: karaf
> Affects Versions: 4.4.3, 4.4.4
> Reporter: Karthick
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Labels: security
>
> As per [NVD - CVE-2023-36478
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2023-36478], Eclipse Jetty
> till 9.4.52 is affected by this vulnerability. To solve it, upgrade to 9.4.53
> should be used. Hence this 3pp update is needed in Karaf.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
