Hi
As we just upgrade openfire to version 4.9.2, but we still have the CVE-2024-6763 which address the jetty issue. So my question is do you have any plan to address CVE-2024-6763 or 4.9.2 does not affect by this CVE issue.
Thanks,
Joe
Hi
As we just upgrade openfire to version 4.9.2, but we still have the CVE-2024-6763 which address the jetty issue. So my question is do you have any plan to address CVE-2024-6763 or 4.9.2 does not affect by this CVE issue.
Thanks,
Joe
This seems to relate to URI parsing of invalid authority · Advisory · jetty/jetty.project · GitHub which reportedly has been fixed in Jetty 12.0.12.
In Openfire 5.0.0, Jetty has been upgraded to a version that is newer than that. This should mean that this particular vulnerability has been addressed.