[
https://issues.apache.org/jira/browse/KARAF-7770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17801710#comment-17801710
]
Karthick commented on KARAF-7770:
---------------------------------
Hi Jean, sorry to push, but we are still awaiting Karaf 4.4.5 which we thought
should be available around Christmas. Could you please quote some timeline?
> Update Eclipse Jetty to solve CVE-2023-36478
> --------------------------------------------
>
> Key: KARAF-7770
> URL: https://issues.apache.org/jira/browse/KARAF-7770
> Project: Karaf
> Issue Type: Dependency upgrade
> Components: karaf
> Affects Versions: 4.4.3, 4.4.4
> Reporter: Karthick
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Labels: security
>
> As per [NVD - CVE-2023-36478
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2023-36478], Eclipse Jetty
> till 9.4.52 is affected by this vulnerability. To solve it, upgrade to 9.4.53
> should be used. Hence this 3pp update is needed in Karaf.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
