Hi JB. PAX-WEB (and karaf ) will need to be updated to include Jetty 9.4.38 for the CVE-2020-27223 fix.
Cheers Paul From: "Jean-Baptiste Onofre" <j...@nanthrax.net> To: "user" <user@karaf.apache.org> Date: 26/02/2021 06:21 Subject: Re: Jetty security defect Hi Gerald, Karaf 4.3.1 will still use Pax Web 7.3.12 (with jetty update). Pax Web 8.x (with jetty, undertow updates and refactoring) is not yet fully ready. Regards JB Le 26 févr. 2021 à 07:20, Gerald Kallas - mailbox.org < catsh...@mailbox.org> a écrit : Hi all, which Karaf release does contain which Pax Web? When would Pax Web 8.0 be released? Tx in advance. Sent by my mobile device - Gerald Kallas Am 26.02.2021 um 07:05 schrieb Jean-Baptiste Onofre <j...@nanthrax.net>: Hi, Yes, Pax Web 7.2.22 includes update to Jetty 9.4.36. Regards JB Le 25 févr. 2021 à 19:18, Jackson, Douglas <douglas.s.jack...@siemens.com> a écrit : Hi! Is the new pax-web going into the karaf 4.2.11 release? It appears that release might be available sooner than the 4.3.1 release and I need to apply the fix fairly soon. Thanks, Doug
