holgerfriedrich
commented
2 months ago @wborn FYI
I have already created a branch for core which uses Karaf 4.4.6-SNAPSHOT. Luckily we have already upgraded to 4.4.5, which is very close to the upcoming 4.4.6.
I am stuck with one problem: Currently, 4.4.x branch contains an update of ASM package to 9.7, breaking the feature verification (xtext is on 9.6). I am not able to modify the dependencies to make it work.
If I roll back Karaf 4.4.6-SNAPSHOT to 9.6, I am able to compile.
https://github.com/apache/karaf/pull/1832#issuecomment-2029262743
Jetty is affected by CVE-2024-22201 (in short: leaking file descriptors when TCP connections are in state congested).
This is fixed in Jetty 9.4.54, which will be integrated in the upcoming Karaf 4.4.6 release. See https://github.com/apache/karaf/activity?ref=karaf-4.4.x
This ticket is to track activities related to the integration of Karaf 4.4.6.