[JOC-716] Update Jetty version to 9.4.18 due to 3rd party vulnerability issues - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.10
Component/s: None
Labels:
None

CVE-ID:
CVE-2019-10241

Description

Current Situation

Jetty reports vulnerability issue with
- CVE-2019-10241
  - This vulnerability is not relevant to JOC Cockpit as the underlying functionality (directory listings) is not offered.
- CVE-2019-10247
  - This vulnerability is not relevant to JOC Cockpit as does not display the resource location path on a 404 page.

Desired Behavior

The Jetty release that ships with JOC Cockpit should be updated to a current 9.4.18 release.

Attachments

Activity

People

Assignee:: Oliver Haufe

Reporter:: Andreas Püschel

Approver:: Anuj Mandloi (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11 June 2019 10:14

Updated:: 29 July 2020 21:30

Resolved:: 12 June 2019 15:37