[jira] [Commented] (KARAF-7770) Update Eclipse Jetty to solve CVE-2023-36478

Jira Tue, 12 Dec 2023 01:52:03 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-7770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795658#comment-17795658
 ]


Jean-Baptiste Onofré commented on KARAF-7770:
---------------------------------------------

[~karthickm512] 4.4.5 is in preparation, I plan to start the vote this week for 
(hopefully) a release next week.

> Update Eclipse Jetty to solve CVE-2023-36478
> --------------------------------------------
>
>                 Key: KARAF-7770
>                 URL: https://issues.apache.org/jira/browse/KARAF-7770
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.3, 4.4.4
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: security
>
> As per [NVD - CVE-2023-36478 
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2023-36478], Eclipse Jetty 
> till 9.4.52 is affected by this vulnerability. To solve it, upgrade to 9.4.53 
> should be used. Hence this 3pp update is needed in Karaf.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-7770) Update Eclipse Jetty to solve CVE-2023-36478

Reply via email to