Please update security patches in org.eclipse.jetty:jetty* dependencies - Githubissues

slackapi / java-slack-sdk

Slack Developer Kit (including Bolt for Java) for any JVM language

https://slack.dev/java-slack-sdk/

MIT License

571 stars 212 forks source link

Please update security patches in org.eclipse.jetty:jetty* dependencies #1224

Closed otlg closed 10 months ago

otlg commented 10 months ago

(Describe your issue and goal here)

Category

[ ] bolt (Bolt for Java)
[X] bolt-{sub modules} (Bolt for Java - optional modules)
[ ] slack-api-client (Slack API Clients)
[ ] slack-api-model (Slack API Data Models)
[ ] *slack-api--kotlin-extension** (Kotlin Extensions for Slack API Clients)
[ ] slack-app-backend (The primitive layer of Bolt for Java)

Requirements

https://nvd.nist.gov/vuln/detail/CVE-2023-41900: For:

org.eclipse.jetty:jetty-io org.eclipse.jetty:jetty-server org.eclipse.jetty:jetty-util org.eclipse.jetty:jetty-webapp

Current version: 9.4.51.v20230217 Available patch: 9.4.52.v20230823

https://nvd.nist.gov/vuln/detail/CVE-2023-36479 For:

org.eclipse.jetty:jetty-server org.eclipse.jetty:jetty-util org.eclipse.jetty:jetty-webapp

Current version: 9.4.51.v20230217 Available patch: 9.4.52.v20230823

Thanks