Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1751

Upgrade Jetty 11.0.17 to 11.0.20 due to vulnerability CVE-2024-22201

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.8, 2.6.5
    • 2.5.9, 2.6.6, 2.7.0
    • None
    • None
    • CVE-2024-22201

    Description

      Current Situation

      Impact

      • We rate the impact to our software being low as JS7 JOC ships with Jetty and the default usage of HTTP/1.
      • Customers using HTTP/2 need to configure this on their own and therefore have to take appropriate measures themselves.

      Desired Behavior

      • JS7 JOC Cockpit should ship with the latest version 11.0.20 of Jetty which solves the vulnerability issue.

      Attachments

        Activity

          People

            oh Oliver Haufe
            sp Santiago Aucejo Petzoldt
            Pramokshi Narawariya Pramokshi Narawariya
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: