[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Karthick (Jira) Sun, 03 Mar 2024 20:51:32 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823031#comment-17823031
 ]


Karthick commented on KARAF-7808:
---------------------------------

[~jbonofre] could you have a look at this?

> Stepup Jetty and pax-web to solve CVE-2024-22201
> ------------------------------------------------
>
>                 Key: KARAF-7808
>                 URL: https://issues.apache.org/jira/browse/KARAF-7808
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.5
>         Environment: Linux
>            Reporter: Karthick
>            Priority: Major
>              Labels: dependency-upgrade, security
>
> We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 
> 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business 
> critical. Please bump up to newer version that solves the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Reply via email to