forked from http4s/http4s
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
…ss `CVE-2024-6763` - Jetty versions from 7.0.0 up to 12.0.11 are affected by CVE-2024-6763 (Eclipse Jetty URI parsing of invalid authority). - http4s 0.22's http4s-jetty uses Jetty 9. - Jetty 9's community support ended in June 2022. - Community support for Jetty 10 and Jetty 11 ended in January 2024. - To solve the issue, http4s should use Jetty 12, the current stable version. - Updating the 0.22 version is for those who cannot use 0.23 as they are inextricably bound to cats-effect 2. - Jetty 12 requires Java 17, so dropping support for Java 8 and 11 is necessary. - Jetty has multiple versions supporting different versions of Jakarta EE (Java EE), but support for only Jakarta EE 8 is added to minimize changes, as the API namespace moved from `javax` to `jakarta` starting with Jakarta EE 9.
- Loading branch information
Showing
20 changed files
with
246 additions
and
430 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.