RFR: 8145: Upgrade Jetty to version 10.0.17 [v2]
Virag Purnam
vpurnam at openjdk.org
Wed Nov 8 18:53:26 UTC 2023
> Default jetty with Eclipse 4.29 is 10.0.15. But this version of jetty has some vulnerabilities mentioned below.
>
> Vulnerabilities: ([jetty-project_10.0.15](https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-project/10.0.15))
> [CVE-2023-42503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503)
> [CVE-2023-41900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900)
> [CVE-2023-40167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167)
> [CVE-2023-39410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410)
> [CVE-2023-36479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479)
> [CVE-2023-36478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478)
> [CVE-2023-2976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976)
> [CVE-2020-8908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908)
>
> Vulnerabilities have been fixed in 10.0.17. Currently JMC is using 10.0.12.
> So, we should use the jetty 10.0.17.
Virag Purnam has updated the pull request incrementally with one additional commit since the last revision:
8145: Upgrade Jetty to version 10.0.17
-------------
Changes:
- all: https://git.openjdk.org/jmc/pull/532/files
- new: https://git.openjdk.org/jmc/pull/532/files/71c94f5c..a1437df6
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jmc&pr=532&range=01
- incr: https://webrevs.openjdk.org/?repo=jmc&pr=532&range=00-01
Stats: 5 lines in 1 file changed: 0 ins; 0 del; 5 mod
Patch: https://git.openjdk.org/jmc/pull/532.diff
Fetch: git fetch https://git.openjdk.org/jmc.git pull/532/head:pull/532
PR: https://git.openjdk.org/jmc/pull/532
More information about the jmc-dev
mailing list