ambari icon indicating copy to clipboard operation
ambari copied to clipboard
verified publisher icon apache

AMBARI-25724 : Bump up jetty to 9.4.48.v20220622 to resolve CVEs

Open AnanyaSingh2121 opened this issue 3 years ago • 5 comments

What changes were proposed in this pull request?

Bump up jetty to 9.4.48.v20220622

How was this patch tested?

Verified it was built ok. Started the server and installed a few services.

AnanyaSingh2121 avatar Aug 27 '22 14:08 AnanyaSingh2121

@AnanyaSingh2121 Should we move to 9.4.49 if possible. That will help addressing few more CVEs Version 9.4.49.v20220914

mnpoonia avatar Oct 03 '22 10:10 mnpoonia

@AnanyaSingh2121 Can you please check the latest comment by @mnpoonia .?

brahmareddybattula avatar Dec 26 '22 18:12 brahmareddybattula

@AnanyaSingh2121 Should we move to 9.4.49 if possible. That will help addressing few more CVEs Version 9.4.49.v20220914

+1 to this

virajjasani avatar Dec 27 '22 05:12 virajjasani

Worth exploring another release version available as well https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.4.50.v20221201 ?

virajjasani avatar Dec 27 '22 05:12 virajjasani