[
https://issues.apache.org/jira/browse/KARAF-6078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved KARAF-6078.
-----------------------------------------
Resolution: Fixed
> Misaligned versions of jetty between pax-web and standard features
> ------------------------------------------------------------------
>
> Key: KARAF-6078
> URL: https://issues.apache.org/jira/browse/KARAF-6078
> Project: Karaf
> Issue Type: Dependency upgrade
> Components: karaf
> Affects Versions: 4.1.6, 4.1.7
> Reporter: Robert Varga
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 4.1.8
>
>
> KARAF-5860 upgraded the jetty version brought it by pax-web, but did not
> upgrade the version provided in features/standard, which was left at 9.3.21.
> This means that depending on which feature downstreams are using, they may
> end up with a vulnerable jetty version.
> Furthermore, an offline distribution (like the one created for OpenDaylight)
> will end up having both versions, leadining to unnecessary bloat.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
