Integrated: 8145: Upgrade Jetty to version 10.0.17
Virag Purnam
vpurnam at openjdk.org
Tue Nov 14 04:38:40 UTC 2023
On Wed, 8 Nov 2023 05:50:06 GMT, Virag Purnam <vpurnam at openjdk.org> wrote:
> Default jetty with Eclipse 4.29 is 10.0.15. But this version of jetty has some vulnerabilities mentioned below.
>
> Vulnerabilities: ([jetty-project_10.0.15](https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-project/10.0.15))
> [CVE-2023-42503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503)
> [CVE-2023-41900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900)
> [CVE-2023-40167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167)
> [CVE-2023-39410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410)
> [CVE-2023-36479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479)
> [CVE-2023-36478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478)
> [CVE-2023-2976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976)
> [CVE-2020-8908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908)
>
> Vulnerabilities have been fixed in 10.0.17. Currently JMC is using 10.0.12.
> So, we should use the jetty 10.0.17.
This pull request has now been integrated.
Changeset: 2a076d22
Author: Virag Purnam <vpurnam at openjdk.org>
URL: https://git.openjdk.org/jmc/commit/2a076d2217920f6b4517a8bf2d9182f6fabcd9a7
Stats: 18 lines in 5 files changed: 0 ins; 0 del; 18 mod
8145: Upgrade Jetty to version 10.0.17
Reviewed-by: aptmac, bdutheil
-------------
PR: https://git.openjdk.org/jmc/pull/532
More information about the jmc-dev
mailing list