Projects
Mega:24.03:SP1:Everything
jetty
_service:tar_scm:CVE-2023-36479.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2023-36479.patch of Package jetty
From: Markus Koschany <apo@debian.org> Date: Wed, 27 Sep 2023 14:25:09 +0200 Subject: CVE-2023-36479 The org.eclipse.jetty.servlets.CGI Servlet should not be used anymore. Upstream recommends to use Fast CGI instead. Origin: https://github.com/eclipse/jetty.project/pull/9888 --- .../src/main/java/org/eclipse/jetty/servlets/CGI.java | 3 +++ .../test-jetty-webapp/src/main/webapp/WEB-INF/web.xml | 11 ----------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java index 6322290..55d8f9a 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java @@ -67,7 +67,10 @@ import org.eclipse.jetty.util.log.Logger; * <dt>ignoreExitState</dt> * <dd>If true then do not act on a non-zero exec exit status")</dd> * </dl> + * + * @deprecated do not use, no replacement, will be removed in a future release. */ +@Deprecated public class CGI extends HttpServlet { private static final long serialVersionUID = -6182088932884791074L; diff --git a/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml b/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml index 507771f..978595f 100644 --- a/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml +++ b/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml @@ -121,17 +121,6 @@ <url-pattern>/dispatch/*</url-pattern> </servlet-mapping> - <servlet> - <servlet-name>CGI</servlet-name> - <servlet-class>org.eclipse.jetty.servlets.CGI</servlet-class> - <load-on-startup>1</load-on-startup> - </servlet> - - <servlet-mapping> - <servlet-name>CGI</servlet-name> - <url-pattern>/cgi-bin/*</url-pattern> - </servlet-mapping> - <servlet> <servlet-name>Chat</servlet-name> <servlet-class>com.acme.ChatServlet</servlet-class>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2