A jira has been raised in jetty to fix this issue:
http://jira.codehaus.org/browse/JETTY-1152
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
this bug should be closed.
the CERT never applied to jetty 5 (which is what debian uses)
and was fixed some time ago in jetty 6
Please see
http://docs.codehaus.org/display/JETTY/Jetty+Security
Note that it would also be good for debian to upgrade to jetty 6
cheers
Hi,
I see that debian is still shipping Jetty 5 rather than jetty 6 (which has
these issues
fixed).
Long overdue, I've created a patch for jetty 5 to fix these minor security
issues.
see: http://docs.codehaus.org/display/JETTY/Jetty+Security
patch attached.
regards
? .classpath
? .project
Debs for jetty 6.1.11 are available
http://dist.codehaus.org/jetty/jetty-6.1.11/debian/
what needs to be done to get these into the next release?
cheers
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
Note,
due to security problems found in 6.1.5, it is best that all jetty6
efforts be switched to 6.1.7.
see http://docs.codehaus.org/display/JETTY/Jetty+Security
We are also now making debs for Jetty6 with every release:
http://dist.codehaus.org/jetty/jetty-6.1.7/debian/
These are built
While Jetty can run on a 1.4 JVM, perhaps in debian it may just be
simpler to build it only run with 1.5 and later.
After all, java was only really open sourced from 1.5.
cheers
___
pkg-java-maintainers mailing list
http://svn.codehaus.org/jetty/jetty/trunk
build with mvn install
cd contrib/debian
mvn install
and then the debs are in contrib/debian/target
cheers
Greg Wilkins wrote:
Hi,
I'd like to create some debian packages for Jetty 6 (and hightide 6) and I'm
looking for somebody who know more
The patch to fix this issue for 5.1.10 is available
http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52r2=1.53
___
pkg-java-maintainers mailing list
Hi security team and Jetty package maintainers,
I'm the main developer of the Jetty Java HTTP Server.
I have been contacted by a Nico Golde @ debian.org asking
about the availability of a fix for a security vulnerability for
the debian package of Jetty but that the maintainers had
no time to
9 matches
Mail list logo