subject:"Jetty security defect"

Re: Jetty security defect

2021-03-01 Thread Jean-Baptiste Onofre

Yes, correct, both 4.2 and 4.3 will get the Jetty upgrade.

Regards
JB

> Le 1 mars 2021 à 14:55, Serge Huber  a écrit :
> 
> Thanks for the work guys !
> 
> Am I understanding correctly that both Karaf 4.2 and 4.3 will get this Jetty 
> upgrade? 
> 
> Regards,
>   Serge... 
> 
> On Mon, Mar 1, 2021 at 2:30 PM Jean-Baptiste Onofre  <mailto:j...@nanthrax.net>> wrote:
> Hi Paul,
> 
> Thanks for the update. I’m cutting a new Pax Web release and update in Karaf 
> now.
> 
> Thanks again !
> 
> Regards
> JB
> 
>> Le 1 mars 2021 à 11:38, Paul Stanley > <mailto:paul.stan...@saaconsultants.com>> a écrit :
>> 
>> Hi JB. 
>> 
>> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the 
>> CVE-2020-27223 fix. 
>> 
>> Cheers 
>> Paul 
>> 
>> 
>> 
>> From:"Jean-Baptiste Onofre" > <mailto:j...@nanthrax.net>> 
>> To:"user" mailto:user@karaf.apache.org>> 
>> Date:26/02/2021 06:21 
>> Subject:Re: Jetty security defect 
>> 
>> 
>> 
>> Hi Gerald, 
>> 
>> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update). 
>> 
>> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully 
>> ready. 
>> 
>> Regards 
>> JB 
>> 
>> Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <http://mailbox.org/> 
>> mailto:catsh...@mailbox.org>> a écrit : 
>> 
>> Hi all, which Karaf release does contain which Pax Web? When would Pax Web 
>> 8.0 be released? 
>> 
>> Tx in advance.
>> 
>> Sent by my mobile device 
>> - Gerald Kallas 
>> 
>> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre > <mailto:j...@nanthrax.net>>:
>> 
>> Hi, 
>> 
>> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36. 
>> 
>> Regards 
>> JB 
>> 
>> Le 25 févr. 2021 à 19:18, Jackson, Douglas > <mailto:douglas.s.jack...@siemens.com>> a écrit : 
>>  
>> Hi!
>> Is the new pax-web going into the karaf 4.2.11 release?
>> It appears that release might be available sooner than the 4.3.1 release and 
>> I need to apply the fix fairly soon.
>> Thanks,
>> Doug
>> 
>> 
>> 
>> 
>

Re: Jetty security defect

2021-03-01 Thread Serge Huber

Thanks for the work guys !

Am I understanding correctly that both Karaf 4.2 and 4.3 will get this
Jetty upgrade?

Regards,
  Serge...

On Mon, Mar 1, 2021 at 2:30 PM Jean-Baptiste Onofre  wrote:

> Hi Paul,
>
> Thanks for the update. I’m cutting a new Pax Web release and update in
> Karaf now.
>
> Thanks again !
>
> Regards
> JB
>
> Le 1 mars 2021 à 11:38, Paul Stanley  a
> écrit :
>
> Hi JB.
>
> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for
> the CVE-2020-27223 fix.
>
> Cheers
> Paul
>
>
>
> From:"Jean-Baptiste Onofre" 
> To:    "user" 
> Date:26/02/2021 06:21
> Subject:Re: Jetty security defect
> --
>
>
>
> Hi Gerald,
>
> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).
>
> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet
> fully ready.
>
> Regards
> JB
>
> Le 26 févr. 2021 à 07:20, Gerald Kallas - *mailbox.org*
> <http://mailbox.org/> <*catsh...@mailbox.org* > a
> écrit :
>
> Hi all, which Karaf release does contain which Pax Web? When would Pax Web
> 8.0 be released?
>
> Tx in advance.
>
> Sent by my mobile device
> - Gerald Kallas
>
> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <*j...@nanthrax.net*
> >:
>
> Hi,
>
> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
>
> Regards
> JB
>
> Le 25 févr. 2021 à 19:18, Jackson, Douglas <
> *douglas.s.jack...@siemens.com* > a écrit :
>
>
> Hi!
> Is the new pax-web going into the karaf 4.2.11 release?
> It appears that release might be available sooner than the 4.3.1 release
> and I need to apply the fix fairly soon.
> Thanks,
> Doug
>
>
>
>
>
>

Re: Jetty security defect

2021-03-01 Thread Jean-Baptiste Onofre

Hi Paul,

Thanks for the update. I’m cutting a new Pax Web release and update in Karaf 
now.

Thanks again !

Regards
JB

> Le 1 mars 2021 à 11:38, Paul Stanley  a 
> écrit :
> 
> Hi JB. 
> 
> PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the 
> CVE-2020-27223 fix. 
> 
> Cheers 
> Paul 
> 
> 
> 
> From:"Jean-Baptiste Onofre"  
> To:"user"  
> Date:    26/02/2021 06:21 
> Subject:Re: Jetty security defect 
> 
> 
> 
> Hi Gerald, 
> 
> Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update). 
> 
> Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully 
> ready. 
> 
> Regards 
> JB 
> 
> Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <http://mailbox.org/> 
> mailto:catsh...@mailbox.org>> a écrit : 
> 
> Hi all, which Karaf release does contain which Pax Web? When would Pax Web 
> 8.0 be released? 
> 
> Tx in advance.
> 
> Sent by my mobile device 
> - Gerald Kallas 
> 
> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre  <mailto:j...@nanthrax.net>>:
> 
> Hi, 
> 
> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36. 
> 
> Regards 
> JB 
> 
> Le 25 févr. 2021 à 19:18, Jackson, Douglas  <mailto:douglas.s.jack...@siemens.com>> a écrit : 
>  
> Hi!
> Is the new pax-web going into the karaf 4.2.11 release?
> It appears that release might be available sooner than the 4.3.1 release and 
> I need to apply the fix fairly soon.
> Thanks,
> Doug
> 
> 
> 
>

Re: Jetty security defect

2021-03-01 Thread Paul Stanley

Hi JB.

PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for 
the CVE-2020-27223 fix.

Cheers
Paul



From:   "Jean-Baptiste Onofre" 
To: "user" 
Date:   26/02/2021 06:21
Subject:    Re: Jetty security defect



Hi Gerald,

Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).

Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet 
fully ready.

Regards
JB

Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org <
catsh...@mailbox.org> a écrit :

Hi all, which Karaf release does contain which Pax Web? When would Pax Web 
8.0 be released?

Tx in advance.

Sent by my mobile device
- Gerald Kallas

Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre :

Hi,

Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.

Regards
JB

Le 25 févr. 2021 à 19:18, Jackson, Douglas  
a écrit :

 
Hi!
Is the new pax-web going into the karaf 4.2.11 release?
It appears that release might be available sooner than the 4.3.1 release 
and I need to apply the fix fairly soon.
Thanks,
Doug

Re: Jetty security defect

2021-02-25 Thread Jean-Baptiste Onofre

Hi Gerald,

Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update).

Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully 
ready.

Regards
JB

> Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org  
> a écrit :
> 
> Hi all, which Karaf release does contain which Pax Web? When would Pax Web 
> 8.0 be released?
> 
> Tx in advance.
> 
> Sent by my mobile device
> - Gerald Kallas
> 
>> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre :
>> 
>> Hi,
>> 
>> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
>> 
>> Regards
>> JB
>> 
>>> Le 25 févr. 2021 à 19:18, Jackson, Douglas >> > a écrit :
>>> 
>>>  
>>> Hi!
>>> Is the new pax-web going into the karaf 4.2.11 release?
>>> It appears that release might be available sooner than the 4.3.1 release 
>>> and I need to apply the fix fairly soon.
>>> Thanks,
>>> Doug
>>

Re: Jetty security defect

2021-02-25 Thread Gerald Kallas - mailbox.org

Hi all, which Karaf release does contain which Pax Web? When would Pax Web 8.0 
be released?

Tx in advance.

Sent by my mobile device
- Gerald Kallas

> Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre :
> 
> Hi,
> 
> Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.
> 
> Regards
> JB
> 
>> Le 25 févr. 2021 à 19:18, Jackson, Douglas  a 
>> écrit :
>> 
>>  
>> Hi!
>> Is the new pax-web going into the karaf 4.2.11 release?
>> It appears that release might be available sooner than the 4.3.1 release and 
>> I need to apply the fix fairly soon.
>> Thanks,
>> Doug
>

Re: Jetty security defect

2021-02-25 Thread Jean-Baptiste Onofre

Hi,

Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36.

Regards
JB

> Le 25 févr. 2021 à 19:18, Jackson, Douglas  a 
> écrit :
> 
>  
> Hi!
> Is the new pax-web going into the karaf 4.2.11 release?
> It appears that release might be available sooner than the 4.3.1 release and 
> I need to apply the fix fairly soon.
> Thanks,
> Doug

RE: Jetty security defect

2021-02-25 Thread Jackson, Douglas


Hi!
Is the new pax-web going into the karaf 4.2.11 release?
It appears that release might be available sooner than the 4.3.1 release and I 
need to apply the fix fairly soon.
Thanks,
Doug

Re: Jetty security defect

2021-01-25 Thread Jean-Baptiste Onofre

Hi Doug,

It’s already done in Pax Web.

I just have to cut Karaf 4.3.1 release.

But the way, Karaf by itself doesn’t define Jetty anymore: he leverages Pax Web 
or Felix Jetty.

Regards
JB

> Le 25 janv. 2021 à 17:28, Jackson, Douglas  a 
> écrit :
> 
> Hi!
> There seems to be a security defect against the Jetty Server used by karaf 
> 4.3.0.
> In order to avoid it, we would need to upgrade to 9.4.36 or similar.
> Are there any plans to upgrade the Jetty used by karaf 4.3.x?
> Thanks,
> Doug

Jetty security defect

2021-01-25 Thread Jackson, Douglas

Hi!
There seems to be a security defect against the Jetty Server used by karaf 
4.3.0.
In order to avoid it, we would need to upgrade to 9.4.36 or similar.
Are there any plans to upgrade the Jetty used by karaf 4.3.x?
Thanks,
Doug

Re: Jetty security defect

Re: Jetty security defect

Re: Jetty security defect

Re: Jetty security defect

Re: Jetty security defect

Re: Jetty security defect

Re: Jetty security defect

RE: Jetty security defect

Re: Jetty security defect

Jetty security defect

10 matches

Site Navigation

Mail list logo

Footer information