So our IT security has done a scan and found out the 6.4.0 uber-jar we're using has some vulternability.
I need to find out which uber-jar version has a fix for this vulnerability.
PS. we're currently on 6.4.2 and our uber-jar is on 6.4.0
Thank you.
EDIT: this is vulnerability: "CVE-2017-7658" eclipse jetty server
Solved! Go to Solution.
Views
Replies
Total Likes
Hello @jayv25585659
There are couple of options:
6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.
Hello @jayv25585659
There are couple of options:
6.4 is very old version. You should consider upgrading AEM. A lot of issues might have already been resolved.
Hi @jayv25585659 ,
We had a similar kind of vulnerability on the log4j reference through uber jar. We went and raised an adobe ticket and in our case the CSE was able to respond with resolution as not exploitable or the other case will be they will recommend you to upgrade to the latest AEM version and the Uber jar where the fix would have made on the latest Eclipse Jetty Server 9.5x and above.
The AEM Uber jar includes all AEM APIs as a single dependency in your Maven project’s pom.xml. It is always a best practice to include the Uber Jar as a single dependency instead of including individual AEM API dependencies. When upgrading the code base, change the version of the Uber Jar to point to the target version of AEM. If your project was developed on a version of AEM before the existence of the Uber Jar, remove all individual AEM API dependencies. Replace them with a single inclusion of the Uber Jar for the target version of AEM. Recompile the code base against the new version of the Uber Jar. Update any deprecated APIs or methods so they are compatible with the target version of AEM.
Try updating uber jar to 6.4.2
https://mvnrepository.com/artifact/com.adobe.aem/uber-jar/6.4.2
Views
Likes
Replies
Views
Likes
Replies