Update to dropwizard-core 1.2.2 - Githubissues

rdesantis / hauldata

Database Process Automation made easy.

Apache License 2.0

1 stars 0 forks source link

Update to dropwizard-core 1.2.2 #94

Open rdesantis opened 5 years ago

rdesantis commented 5 years ago

ManageDbp currently uses Dropwizard-core 1.2.2 which uses Jetty 9.4.7. Jetty 9.x has security vulnerabilities:

CVE-2017-7656 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7656 CVE-2017-7657 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7657 CVE-2017-7658 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7658

Update to a recent version of Dropwizard (latest is 1.3.7) that uses more recent Jetty version.

https://mvnrepository.com/artifact/io.dropwizard/dropwizard-core

rdesantis commented 4 years ago

Better to convert to a pure JERSEY/JETTY server. No need for Dropwizard.