[JOC-1751] Upgrade Jetty 11.0.17 to 11.0.20 due to vulnerability CVE-2024-22201 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.8, 2.6.5
Fix Version/s: 2.5.9, 2.6.6, 2.7.0
Component/s: None
Labels:
None

CVE-ID:
CVE-2024-22201

Description

Current Situation

JS7 JOC Cockpit ships with Jetty 11.0.17
A vulnerability affects this version: https://nvd.nist.gov/vuln/detail/CVE-2024-22201

Impact

We rate the impact to our software being low as JS7 JOC ships with Jetty and the default usage of HTTP/1.
Customers using HTTP/2 need to configure this on their own and therefore have to take appropriate measures themselves.

Desired Behavior

JS7 JOC Cockpit should ship with the latest version 11.0.20 of Jetty which solves the vulnerability issue.

Attachments

Activity

People

Assignee:: Oliver Haufe

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pramokshi Narawariya

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11 March 2024 07:36

Updated:: 08 April 2024 17:03

Resolved:: 11 March 2024 16:07