Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Disable jetty server version #3542

Merged
merged 1 commit into from Oct 14, 2023
Merged

fix: Disable jetty server version #3542

merged 1 commit into from Oct 14, 2023

Conversation

awellnitz-materna
Copy link
Contributor

What this PR changes/adds

In the JettyService class I have adjusted the HttpConnectionFactory and disabled the Jetty server version via the HttpConfiguration.

Why it does that

As mentioned in #3415, this issue can lead to a potential attacker finding a vulnerability in Jetty more quickly.

Linked Issue(s)

Closes #3415

@codecov-commenter
Copy link

codecov-commenter commented Oct 14, 2023
edited

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (7876288) 72.46% compared to head (d395318) 72.46%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3542   +/-   ##
=======================================
  Coverage   72.46%   72.46%           
=======================================
  Files         864      864           
  Lines       17364    17365    +1     
  Branches      988      988           
=======================================
+ Hits        12582    12583    +1     
  Misses       4370     4370           
  Partials      412      412
Files Coverage Δ
...n/java/org/eclipse/edc/web/jetty/JettyService.java 72.41% <100.00%> (+0.32%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@wolf4ood wolf4ood added enhancement New feature or request api Feature related to the (REST) api labels Oct 14, 2023
@jimmarino jimmarino merged commit 99ca0e5 into eclipse-edc:main Oct 14, 2023
18 of 21 checks passed
@awellnitz-materna awellnitz-materna deleted the feature/disable-jetty-server-version branch October 14, 2023 13:00
@augustocmleal augustocmleal mentioned this pull request Apr 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmarino jimmarino jimmarino approved these changes

@paullatzelsperger paullatzelsperger Awaiting requested review from paullatzelsperger paullatzelsperger is a code owner

Assignees
No one assigned
Labels
api Feature related to the (REST) api enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Avoid leaking version information about jetty runtime
4 participants
@awellnitz-materna @codecov-commenter @jimmarino @wolf4ood