Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-521

Update Jetty version to 9.4.12 due to vulnerability issues in Jetty (CVE-2018-12538, CVE-2018-12536, CVE-2017-7658, CVE-2017-7657, CVE-2017-7656)

    XMLWordPrintable

    Details

    • Type: Fix
    • Status: Released (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.11, 1.12
    • Fix Version/s: 1.12.6
    • Component/s: None
    • Labels:
      None
    • CVE-ID:
      CVE-2018-12538, CVE-2018-12536, CVE-2017-7658, CVE-2017-7657, CVE-2017-7656

      Description

      Current Situation

      Desired Behavior

      • Due to vulnerability Issues of older Jetty releases the JOC Cockpit should use the current version 9.4.12 that fixes the issues.

      Maintainer Notes

      • Release 1.11 that includes Jetty Server version 9.3.11 is at its end of life. Therefore no maintenance release is provided.
      • Users of release 1.11 should therefore upgrade to release 1.12.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sp Santiago Aucejo Petzoldt
                Reporter:
                sp Santiago Aucejo Petzoldt
                Approver:
                Oliver Haufe
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: