powered by Jive Software

OpenVAS reporting a severity level of High vulnerability with Openfire, CVE-2017-7658

Is there a way to update Eclipse Jetty to the latest version manually, or do I need to wait until this is done with an Openfire update?

You can try swapping out the Jetty libs in openfire/lib, but your best bet is probably to wait until 4.3.0 is available, which uses a newer Jetty.

https://issues.igniterealtime.org/browse/OF-1527

That said, if you’re really worried, do some analysis to work out if this vulnerability actual affects Openfire.

Greg