Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-716

Update Jetty version to 9.4.18 due to vulnerability issues

    XMLWordPrintable

    Details

    • Type: Fix
    • Status: Released (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.12.10
    • Component/s: None
    • Labels:
      None
    • CVE-ID:
      CVE-2019-10241

      Description

      Current Situation

      • Jetty reports vulnerability issue with
        • CVE-2019-10241
          • This vulnerability is not relevant to JOC Cockpit as the underlying functionality (directory listings) is not offered.
        • CVE-2019-10247
          • This vulnerability is not relevant to JOC Cockpit as does not display the resource location path on a 404 page.

      Desired Behavior

      • The Jetty release that ships with JOC Cockpit should be updated to a current 9.4.18 release.

        Attachments

          Activity

            People

            • Assignee:
              oh Oliver Haufe
              Reporter:
              ap Andreas PĆ¼schel
              Approver:
              Anuj Mandloi
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: