karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-6078) Misaligned versions of jetty between pax-web and standard features
Date Tue, 08 Jan 2019 10:21:00 GMT

    [ https://issues.apache.org/jira/browse/KARAF-6078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736968#comment-16736968
] 

ASF subversion and git services commented on KARAF-6078:
--------------------------------------------------------

Commit 749d74ee364b7b9b265d70fc2ad5775f799db545 in karaf's branch refs/heads/karaf-4.1.x from
Robert Varga
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=749d74e ]

[KARAF-6078] bump jetty to 9.3.24.v20180605


> Misaligned versions of jetty between pax-web and standard features
> ------------------------------------------------------------------
>
>                 Key: KARAF-6078
>                 URL: https://issues.apache.org/jira/browse/KARAF-6078
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.1.6, 4.1.7
>            Reporter: Robert Varga
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.1.8
>
>
> KARAF-5860 upgraded the jetty version brought it by pax-web, but did not upgrade the
version provided in features/standard, which was left at 9.3.21.
> This means that depending on which feature downstreams are using, they may end up with
a vulnerable jetty version.
> Furthermore, an offline distribution (like the one created for OpenDaylight) will end
up having both versions, leadining to unnecessary bloat.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message