Hi, I already released 7.2.x and 7.3.x with Jetty 9.4.40 update. I will tackle 7.4.x.
Regards JB > Le 17 mai 2021 à 11:13, 'Fabien S' via OPS4J <[email protected]> a écrit > : > > Hi all, > Would you have any idea when a new version 7.4.2 of Pax Web would be > available? In the projects of my company, we have to make the decision either > to wait for it, or to release our software without upgrading Pax Web (and > possibly applying some workarounds to prevent the Deny of service > vulnerability). > > Cheers, > Fabien > > On Tuesday, 13 April 2021 at 09:18:01 UTC+2 [email protected] wrote: > I’m doing on all branches. > > Regards > JB > > >> Le 13 avr. 2021 à 08:30, Grzegorz Grzybek <[email protected] >> <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5>> a écrit : >> > >> Hello >> >> Yes - an upgrade to Jetty 9.4.39 is fine. Just no need to do it in `main` >> branch, because I've already updated it locally in very not-ready-yet code. >> >> regards >> Grzegorz >> >> wt., 13 kwi 2021 o 08:25 'Fabien S' via OPS4J <[email protected] >> <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5>> napisał(a): >> Hi, thank you a lot for your help and explanations! >> Regarding the vulnerability, maybe it's possible to include in the code of >> the application this work-around: >> https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w >> >> <https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w> >> but I'm not sure it would handle all the cases, so relying on an official >> fix from Jetty would be safer. >> >> Cheers, >> Fabien >> >> On Monday, 12 April 2021 at 20:50:48 UTC+2 [email protected] >> <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5> wrote: >> Hello >> >> Just an information about Pax Web and main branch. I've recently renamed >> "master-improvements" branch to "main" - I had two goals with this action: >> - show that my long-developed "master-improvements" branch, where I've >> literally refactored big part of Pax Web (to adjust to new Whiteboard >> requirements) is ready to be worked on by others >> - adjust to new standards, where "main" is the new "master" >> >> Unfortunately this new "main" branch is still far from being released (I had >> few months break again and I have to "feel" it again) and usual practice, >> where some change is always made in newest branch and then backported to >> maintenance branches. "main" branch is MUCH different than pax-web-7.2.x – >> pax-web-7.4.x branches. >> >> Also, remember that 3 active maintenance branches of Pax Web are: >> - pax-web-7.2.x - the branch used by Karaf 4.2.x, with Jetty 9, Tomcat 8 >> and Undertow 1.x - the branch using Servlet API 3.1 >> - pax-web-7.3.x - the "tech preview branch 1" with Jetty 9, Tomcat 9 and >> Undertow 2.0.x - the branch using Servlet API 4 >> - pax-web-7.4.x - the "tech preview branch 2" with Jetty 9, Tomcat 9 and >> Undertow 2.2.x - the branch using Servlet API 4 and Undertow 2.2.x which >> "got back" OSGi metadata since 2.2.5.Final >> (https://issues.redhat.com/browse/UNDERTOW-1852 >> <https://issues.redhat.com/browse/UNDERTOW-1852>) >> >> Karaf 4.3.x chose pax-web-7.3.x despite it's still not proper OSGi CMPN 7 >> implementation (the goal is to have Pax Web 8 compliant to OSGi CMPN 7 >> specification, but it reaaaaaaaaaally required lots of fundamental changes, >> I was describing for at least a year). >> >> I hope this clarifies the state of Pax Web. >> >> kind regards >> Grzegorz Grzybek >> >> pon., 12 kwi 2021 o 20:26 Jean-Baptiste Onofré <[email protected] <>> >> napisał(a): >> Hi, >> >> It’s already plan and I have Pax Web releases on the way, including this and >> other fixes. >> >> So, don’t worry, we will have the Pax Web releases tomorrow. >> >> Regards >> JB >> >>> Le 12 avr. 2021 à 18:25, 'Fabien S' via OPS4J <[email protected] <>> a >>> écrit : >>> >>> I created this issue about the upgrade to Jetty 9.4.39.v20210325 because >>> some lower version are impacted by CVE-2021-28165. >>> >>> https://github.com/ops4j/org.ops4j.pax.web/issues/1594 >>> <https://github.com/ops4j/org.ops4j.pax.web/issues/1594> >>> >>> I wanted to try to do the change by myself, and I hoped that creating a >>> pull request would allow me to run the regression tests but in fact I don't >>> know how to trigger these tests. I'm not even sure that I created a commit >>> for the right target branch. Could anybody assist me please? >>> >>> Cheers, >>> Fabien >>> >>> -- >>> -- >>> ------------------ >>> OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - >>> [email protected] <> >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "OPS4J" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ops4j/c195a8ad-7e90-47ff-b4ff-aa0435e58528n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ops4j/c195a8ad-7e90-47ff-b4ff-aa0435e58528n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - >> [email protected] <> >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ops4j/98638032-D996-4E58-BC9E-42B18FD34872%40gmail.com >> >> <https://groups.google.com/d/msgid/ops4j/98638032-D996-4E58-BC9E-42B18FD34872%40gmail.com?utm_medium=email&utm_source=footer>. >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - >> [email protected] <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5> >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ops4j/744966d3-b9a5-42b6-adf1-4aeb394b8ec4n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ops4j/744966d3-b9a5-42b6-adf1-4aeb394b8ec4n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - >> [email protected] <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5> >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <applewebdata://3281DD9C-1A8A-4E9A-9366-FC2457521BD5>. > >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ops4j/CAAdXmhoyHLbwWbek3iu6R%2B0wYAqpkaUR0nYSeF%2B%2BT2WFqtjYXg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ops4j/CAAdXmhoyHLbwWbek3iu6R%2B0wYAqpkaUR0nYSeF%2B%2BT2WFqtjYXg%40mail.gmail.com?utm_medium=email&utm_source=footer>. > > > -- > -- > ------------------ > OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - [email protected] > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ops4j/a4795c89-9d7a-4aae-882d-c3ef951ca3b3n%40googlegroups.com > > <https://groups.google.com/d/msgid/ops4j/a4795c89-9d7a-4aae-882d-c3ef951ca3b3n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/ACAE1424-EF08-4DEA-884A-0D011F09295B%40gmail.com.
