Details
-
Fix
-
Status: Released (View Workflow)
-
Blocker
-
Resolution: Fixed
-
1.11, 1.12
-
None
-
None
-
CVE-2018-12538, CVE-2018-12536, CVE-2017-7658, CVE-2017-7657, CVE-2017-7656
Description
Current Situation
- Currently JOC Cockpit uses the Jetty Server version 9.3.11.
- A number of vulnerabilities affect this version, see https://www.cvedetails.com/vulnerability-list/vendor_id-10410/product_id-34824/year-2018/Eclipse-Jetty.html
Desired Behavior
- Due to vulnerability Issues of older Jetty releases the JOC Cockpit should use the current version 9.4.12 that fixes the issues.
Maintainer Notes
- Release 1.11 that includes Jetty Server version 9.3.11 is at its end of life. Therefore no maintenance release is provided.
- Users of release 1.11 should therefore upgrade to release 1.12.