[jbosstools-issues] [JBoss JIRA] (JBIDE-24648) update target platform to include jetty 9.4.6 (CVE issue)

Nick Boldt (JIRA) issues at jboss.org
Tue Jul 4 12:03:00 EDT 2017 

     [ https://issues.jboss.org/browse/JBIDE-24648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Boldt updated JBIDE-24648:
-------------------------------
    Description: 
Fedora and RHEL have updated to Jetty 9.4.6 due to this CVE:

* https://bugzilla.redhat.com/show_bug.cgi?id=1464158

Currently, JBT/devstudio target platform includes Jetty 9.4.5, as that's what was in Oxygen.0.RC4.

But we could move to a newer version if we want to have the same version in linux and in windows/OSX versions of JBT/devstudio.

Affected manifest files (which require jetty bundles from *[9.4.0,9.5.0)*)

* [1] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim.eclipse/META-INF/MANIFEST.MF
* [2] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim/META-INF/MANIFEST.MF 
* [3] ./jbosstools-aerogear/cordovasim/tests/org.jboss.tools.cordovasim.eclipse.test/META-INF/MANIFEST.MF 
* [4] ./jbosstools-base/foundation/tests/org.jboss.tools.foundation.core.test/META-INF/MANIFEST.MF
* [5] ./jbosstools-browsersim/plugins/org.jboss.tools.browsersim.ui/META-INF/MANIFEST.MF  
* [6] ./jbosstools-central/central/tests/org.jboss.tools.central.test/META-INF/MANIFEST.MF  
* [7] ./jbosstools-livereload/plugins/org.jboss.tools.livereload.core/META-INF/MANIFEST.MF  
* [8] ./jbosstools-livereload/tests/org.jboss.tools.livereload.test/META-INF/MANIFEST.MF 
* [9] ./jbosstools-server/jmx/tests/org.jboss.tools.jmx.jolokia.test/META-INF/MANIFEST.MF 


  was:
Fedora and RHEL have updated to Jetty 9.4.6 due to this CVE:

*https://bugzilla.redhat.com/show_bug.cgi?id=1464158

Currently, JBT/devstudio target platform includes Jetty 9.4.5, as that's what was in Oxygen.0.RC4.

But we could move to a newer version if we want to have the same version in linux and in windows/OSX versions of JBT/devstudio.

Affected manifest files (which require jetty bundles from *[9.4.0,9.5.0)*)

* [1] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim.eclipse/META-INF/MANIFEST.MF
* [2] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim/META-INF/MANIFEST.MF 
* [3] ./jbosstools-aerogear/cordovasim/tests/org.jboss.tools.cordovasim.eclipse.test/META-INF/MANIFEST.MF 
* [4] ./jbosstools-base/foundation/tests/org.jboss.tools.foundation.core.test/META-INF/MANIFEST.MF
* [5] ./jbosstools-browsersim/plugins/org.jboss.tools.browsersim.ui/META-INF/MANIFEST.MF  
* [6] ./jbosstools-central/central/tests/org.jboss.tools.central.test/META-INF/MANIFEST.MF  
* [7] ./jbosstools-livereload/plugins/org.jboss.tools.livereload.core/META-INF/MANIFEST.MF  
* [8] ./jbosstools-livereload/tests/org.jboss.tools.livereload.test/META-INF/MANIFEST.MF 
* [9] ./jbosstools-server/jmx/tests/org.jboss.tools.jmx.jolokia.test/META-INF/MANIFEST.MF 




> update target platform to include jetty 9.4.6 (CVE issue)
> ---------------------------------------------------------
>
>                 Key: JBIDE-24648
>                 URL: https://issues.jboss.org/browse/JBIDE-24648
>             Project: Tools (JBoss Tools)
>          Issue Type: Bug
>            Reporter: Nick Boldt
>            Assignee: Nick Boldt
>             Fix For: 4.5.0.AM2
>
>
> Fedora and RHEL have updated to Jetty 9.4.6 due to this CVE:
> * https://bugzilla.redhat.com/show_bug.cgi?id=1464158
> Currently, JBT/devstudio target platform includes Jetty 9.4.5, as that's what was in Oxygen.0.RC4.
> But we could move to a newer version if we want to have the same version in linux and in windows/OSX versions of JBT/devstudio.
> Affected manifest files (which require jetty bundles from *[9.4.0,9.5.0)*)
> * [1] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim.eclipse/META-INF/MANIFEST.MF
> * [2] ./jbosstools-aerogear/cordovasim/plugins/org.jboss.tools.cordovasim/META-INF/MANIFEST.MF 
> * [3] ./jbosstools-aerogear/cordovasim/tests/org.jboss.tools.cordovasim.eclipse.test/META-INF/MANIFEST.MF 
> * [4] ./jbosstools-base/foundation/tests/org.jboss.tools.foundation.core.test/META-INF/MANIFEST.MF
> * [5] ./jbosstools-browsersim/plugins/org.jboss.tools.browsersim.ui/META-INF/MANIFEST.MF  
> * [6] ./jbosstools-central/central/tests/org.jboss.tools.central.test/META-INF/MANIFEST.MF  
> * [7] ./jbosstools-livereload/plugins/org.jboss.tools.livereload.core/META-INF/MANIFEST.MF  
> * [8] ./jbosstools-livereload/tests/org.jboss.tools.livereload.test/META-INF/MANIFEST.MF 
> * [9] ./jbosstools-server/jmx/tests/org.jboss.tools.jmx.jolokia.test/META-INF/MANIFEST.MF 



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jbosstools-issues mailing list