karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Varga (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-6078) Misaligned versions of jetty between pax-web and standard features
Date Tue, 08 Jan 2019 09:33:00 GMT
Robert Varga created KARAF-6078:
-----------------------------------

             Summary: Misaligned versions of jetty between pax-web and standard features
                 Key: KARAF-6078
                 URL: https://issues.apache.org/jira/browse/KARAF-6078
             Project: Karaf
          Issue Type: Bug
          Components: karaf
    Affects Versions: 4.1.7, 4.1.6
            Reporter: Robert Varga


KARAF-5860 upgraded the jetty version brought it by pax-web, but did not upgrade the version
provided in features/standard, which was left at 9.3.21.

This means that depending on which feature downstreams are using, they may end up with a vulnerable
jetty version.

Furthermore, an offline distribution (like the one created for OpenDaylight) will end up having
both versions, leadining to unnecessary bloat.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message