seems that moving to the latest jetty release that provides a fix ( 10.0.17
) is ok. I'll merge it today.
I've no other records of potentially affected deps on JBossTools.
Thanks for pointing this out early.
Le lun. 16 oct. 2023 à 11:48, Stephane Bouchet <sbouchet(a)redhat.com> a
écrit :
A quick search shows that jetty is impacted, and produced several
new
versions last week.
As the Target Platform is targeting 2023-09, I can check if we can update
to it.
Le lun. 16 oct. 2023 à 08:53, Aurélien Pupier <apupier(a)redhat.com> a
écrit :
> Hello,
>
> Has the Target Platform been checked to not contain dependencies affected
> by CVE-2023-44487 (HTTP/2 Rapid Reset) ?
> Do we want to check for it even if we are community only with very
> limited resources given that it seems to be a Major vulnerability?
>
> On Mon, Oct 16, 2023 at 8:00 AM Stephane Bouchet <sbouchet(a)redhat.com>
> wrote:
>
>> Hello,
>>
>> It's a reminder that JBossTools 4.29.0.Final release is on the way.
>>
>> The TP will be frozen tomorrow Tuesday EOD UTC [1] and all source
>> repositories will be frozen Wednesday EOD UTC.
>>
>> If you have pending PRs, please check them and make sure they are merged
>> before the code freeze.
>>
>> Thank you,
>>
>> Regards,
>>
>> [1] see
https://issues.redhat.com/browse/JBIDE-29058
>>
>> --
>>
>> Stéphane Bouchet
>>
>> Senior Software Engineer, R&D
>>
>> Remote France
>>
>> Red Hat <
https://www.redhat.com/>
>> <
https://www.redhat.com/>
>> _______________________________________________
>> jbosstools-dev mailing list -- jbosstools-dev(a)lists.jboss.org
>> To unsubscribe send an email to jbosstools-dev-leave(a)lists.jboss.org
>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>> List Archives:
>>
https://lists.jboss.org/archives/list/jbosstools-dev@lists.jboss.org/mess...
>>
>
--
Stéphane Bouchet
Senior Software Engineer, R&D
Remote France
Red Hat <
https://www.redhat.com/>
<
https://www.redhat.com/>