Upgrade jetty version to 9.4 latest. customer priority 1

Description

This jira has been opend as a bug and not improvement because the upgrade should solve the following vulnerabilities:
Vulnerabilities (CVE-2016-5018, CVE-2016-6796, CVE-2016-1336, CVE-2016-6794) exist in apache-jsp library which is used by both tomcat and jetty. As you have noticed, it is fixed in 8.0.52 which is only available in latest Jetty 9.4.x releases. So the correct resolution of this issue would be to add support for jetty 9.4.x in XAP.

The customer is particularly effected by this component due to the use of jetty 9.3 in XAP.
Customer priority 1

Workaround

None

Acceptance Test

None

Status

Assignee

Unassigned

Reporter

Yuval Dori

Labels

None

Priority

Medium

SalesForce Case ID

12165

Fix versions

None

Commitment Version/s

None

Due date

None

Product

XAP

Edition

Premium

Platform

All