RFR: 8145: Upgrade Jetty to version 10.0.17
Virag Purnam
vpurnam at openjdk.org
Wed Nov 8 05:56:43 UTC 2023
Default jetty with Eclipse 4.29 is 10.0.15. But this version of jetty has some vulnerabilities mentioned below.
Vulnerabilities: ([jetty-project_10.0.15](https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-project/10.0.15))
[CVE-2023-42503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503)
[CVE-2023-41900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900)
[CVE-2023-40167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167)
[CVE-2023-39410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410)
[CVE-2023-36479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479)
[CVE-2023-36478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478)
[CVE-2023-2976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976)
[CVE-2020-8908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908)
Vulnerabilities have been fixed in 10.0.17. Currently JMC is using 10.0.12.
So, we should use the jetty 10.0.17.
-------------
Commit messages:
- 8145: Upgrade Jetty to version 10.0.17
Changes: https://git.openjdk.org/jmc/pull/532/files
Webrev: https://webrevs.openjdk.org/?repo=jmc&pr=532&range=00
Issue: https://bugs.openjdk.org/browse/JMC-8145
Stats: 13 lines in 4 files changed: 0 ins; 0 del; 13 mod
Patch: https://git.openjdk.org/jmc/pull/532.diff
Fetch: git fetch https://git.openjdk.org/jmc.git pull/532/head:pull/532
PR: https://git.openjdk.org/jmc/pull/532
More information about the jmc-dev
mailing list