Karthick created KARAF-8004:
-------------------------------
Summary: Upgrade http2-common to 9.4.50 to mitigate CVE-2025-5115
Key: KARAF-8004
URL: https://issues.apache.org/jira/browse/KARAF-8004
Project: Karaf
Issue Type: Dependency upgrade
Components: karaf
Affects Versions: 4.4.8
Reporter: Karthick
There is a High severity vulnerability CVE-2025-5115 that affects Http2
(MadeYouReset) and there has been a fix released in 9.4.58 (Refer [Eclipse
Jetty affected by MadeYouReset HTTP/2 vulnerability | GitLab Advisory
Database|https://advisories.gitlab.com/pkg/maven/org.eclipse.jetty.http2/jetty-http2-common/CVE-2025-5115/])
As we get org.eclipse.jetty.http2/http2-common from pax-web-http , [included in
Karaf] please check and update to the latest released version (if available) so
that we are protected in upcoming Karaf release 4.4.9
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
