Robert Varga created KARAF-6078:
-----------------------------------
Summary: Misaligned versions of jetty between pax-web and standard
features
Key: KARAF-6078
URL: https://issues.apache.org/jira/browse/KARAF-6078
Project: Karaf
Issue Type: Bug
Components: karaf
Affects Versions: 4.1.7, 4.1.6
Reporter: Robert Varga
KARAF-5860 upgraded the jetty version brought it by pax-web, but did not
upgrade the version provided in features/standard, which was left at 9.3.21.
This means that depending on which feature downstreams are using, they may end
up with a vulnerable jetty version.
Furthermore, an offline distribution (like the one created for OpenDaylight)
will end up having both versions, leadining to unnecessary bloat.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
