[jira] [Updated] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Jira Sun, 03 Mar 2024 21:56:09 -0800


     [ 
https://issues.apache.org/jira/browse/KARAF-7808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré updated KARAF-7808:
----------------------------------------
    Target Version/s: 4.5.0, 4.3.11, 4.4.6

> Stepup Jetty and pax-web to solve CVE-2024-22201
> ------------------------------------------------
>
>                 Key: KARAF-7808
>                 URL: https://issues.apache.org/jira/browse/KARAF-7808
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.5
>         Environment: Linux
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: dependency-upgrade, security
>
> We use Karaf 4.4.5 that packs pax-web 8.0.24 which brings in jetty/http2 
> 9.4.53. This Jetty version is affected by CVE CVE-2024-22201 that is business 
> critical. Please bump up to newer version that solves the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KARAF-7808) Stepup Jetty and pax-web to solve CVE-2024-22201

Reply via email to