Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Fixed
-
None
-
None
-
Security Level: Default (Default Security Scheme)
-
Horizon 2020 - Nov 11-Nov 24
-
No
Description
GitHub detected a high severity vulnerability against our Jetty web server, seeĀ https://github.com/advisories/GHSA-g3wg-6mcf-8jj6. To mitigate the vulnerability we have to upgrade our Jetty web server from 9.4.30.v20200611 to 9.4.34.v20201102.
The dependency bot from GitHub was not able to upgrade the latest version because we have a version limit in our pom.xml for the web app:
<dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-webapp</artifactId> <version>[9.4.33,)</version> </dependency>
or set a custom temp directory as workaround
java -Djava.io.tmpdir=/var/web/work -jar start.jar