[JOC-521] Update Jetty version to 9.4.12 due to 3rd party vulnerability issues in Jetty (CVE-2018-12538, CVE-2018-12536, CVE-2017-7658, CVE-2017-7657, CVE-2017-7656) - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.11, 1.12
Fix Version/s: 1.12.6
Component/s: None
Labels:
None

CVE-ID:
CVE-2018-12538, CVE-2018-12536, CVE-2017-7658, CVE-2017-7657, CVE-2017-7656

Description

Current Situation

Currently JOC Cockpit uses the Jetty Server version 9.3.11.
A number of vulnerabilities affect this version, see https://www.cvedetails.com/vulnerability-list/vendor_id-10410/product_id-34824/year-2018/Eclipse-Jetty.html

Desired Behavior

Due to vulnerability Issues of older Jetty releases the JOC Cockpit should use the current version 9.4.12 that fixes the issues.

Maintainer Notes

Release 1.11 that includes Jetty Server version 9.3.11 is at its end of life. Therefore no maintenance release is provided.
Users of release 1.11 should therefore upgrade to release 1.12.

Attachments

Issue Links

is duplicated by

SET-149 JOC Cockpit setup upgrade Jetty server version to minimum version 9.3.24.v20180605

Dismissed

is required by

SET-148 Setup should remove older Jetty release if newer release is used

Released

mentioned in: Page Loading...

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10 September 2018 14:37

Updated:: 08 December 2020 21:14

Resolved:: 10 September 2018 14:40