[JOC-1658] Upgrade Jetty 11.0.15 to 11.0.17 due to vulnerability CVE-2023-44487 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.5, 2.6.2
Fix Version/s: 2.5.6, 2.6.3
Component/s: None
Labels:
None

CVE-ID:
CVE-2023-44487

Description

Current Situation

JS7 JOC Cockpit ships with Jetty 11.0.15
A vulnerability affects this library:: https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Impact

We rate the impact to our software being low as JS7 JOC ships with Jetty and the default usage of HTTP/1.
Customers using HTTP/2 need to configure this on their own and therefore have to take appropriate measures themselves.

Desired Behavior

JS7 JOC Cockpit should ship with the latest version 11.0.17 of Jetty which contains an improvement for the vulnerability issue.

Attachments

Issue Links

is related to

JOC-1627 Update Jetty from 11.0.15 to 11.0.16 due to vulnerability CVE-2023-36479

Released

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pramokshi Narawariya

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01 November 2023 09:56

Updated:: 09 November 2023 13:53

Resolved:: 01 November 2023 12:38