Hussain Towaileb created ASTERIXDB-3057:
-------------------------------------------
Summary: Upgrade jetty to 9.4.48
Key: ASTERIXDB-3057
URL: https://issues.apache.org/jira/browse/ASTERIXDB-3057
Project: Apache AsterixDB
Issue Type: Bug
Components: OTH - Other
Affects Versions: 0.9.9
Reporter: Hussain Towaileb
Assignee: Hussain Towaileb
Fix For: 0.9.9
jetty-util and jetty-util-ajax versions below 9.4.47 have the CVE:
[https://nvd.nist.gov/vuln/detail/CVE-2022-2048#range-8130163]
We have infected versions coming as transitive dependencies from the hadoop
3.3.2, hadoop seems to address this in 3.3.4 which is not released yet.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
