[jetty-users] Regarding support required for few vulnerabilities of Jett

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Regarding support required for few vulnerabilities of Jetty

From: Apoorva Maheshwari <apoorva.maheshwari@xxxxxxxxxxxx>
Date: Mon, 26 Jul 2021 14:40:34 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ACZlYQNoubrmAE9wVQrMWMHSKANFdpQDfl4XajFddOI=; b=ZV7qHHrH4tEigXmAtLHyu1f0BgeBB11zqqXfwLhR/kKXeM7I6DyoQTfqwiK+hTcbUQ+S7ti+3RRJ5e88UAMrFIYLvMjJ9HaRfaYPg+clUXu37Fqk+PUtt+2lhTgwLoiGPm6HFhtNE9KOXSb2Hf3siFrfktrsLaOqoJFCRxSuvO0VsZ3XeaL2xWGO4DrROGCupxS14KF+77dSZB4rJ4cmOiAmYXfbeFjL6mS750E8ejpuW3JuHaEOt1wDfqlVuPTnima28EM4n36lRP8Qxkz+4kVyMGbe+l9hnXeNYvNyIZF2f6S2q6BDAeFLPvGgwX7Nax9zJrfkqNO/LMlHa6Vd+Q==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cas/G3hXfs4DpdzMVhBdhfNFSXDjwDeIh73DCsevcBDWbKhcAilRkp/yNiFQLi/FsY7dZhHLIu79xbYW4Yjbw1JhWBNn7Z3BumkwkuWvKlrfXuIW837d6SpRn1E+am0cMqlMd9g3nrxcHDonc+9n0uaQl1A/o/b2OLDqdW5GOqIrN0rK1ET2p0VrQHFAki2WISakoBdxkb9zRJ7C2SVA5k6M/dAcoEkYcPLR41aFvtyRF/R05Hy//hgv4Lv414Uv732+N0f+VKh9RWvCMG5i7FpmjVtO50ZR0G0oDHzB4C/1w7PAG4k9754CqaVL2AY8uDt08Er+3bVQhk66fcrX4w==
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Thread-index: AdeCCoYSITJitqZSSmiou2ldmolKFAAIZrvg
Thread-topic: Regarding support required for few vulnerabilities of Jetty

Hi Team,

In one of our node we are currently using equinox version 4.16 with has jetty version 9.4.29. Latest version available for equinox upgrade is 4.20 which is using jetty 10.0.5 and jetty 10.x has dependency on Java-11. I have attached the current study document with this email. Let me know if you need any information.

Please confirm if you can share the fix for these open vulnerabilities as backport?

Eclipse Jetty denial of service in jetty-io CVE-2021-28165

Jetty Utility Servlets Double Decoding Information Disclosure Vulnerability CVE-2021-28169

https://nvd.nist.gov/vuln/detail/CVE-2021-34428 CVE-2021-34428

Quick response will be appreciated.

Thanks in advance.

Regards,

APOORVA MAHESHWARI

Sr. Software Engineer
BDGS, R&D
2nd Floor, ASF Insignia - Block B Kings Canyon,
Gwal Pahari, Gurgaon, Haryana 122003, India
Phone: 8860498817
apoorva.maheshwari@xxxxxxxxxxxx
www.ericsson.com

Attachment: AIR - C221-59 LCM Eclipse Equinox_Jetty.docx
Description: AIR - C221-59 LCM Eclipse Equinox_Jetty.docx

Follow-Ups:
- Re: [jetty-users] Regarding support required for few vulnerabilities of Jetty
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] Concurrent timeout exception
Next by Date: Re: [jetty-users] Regarding support required for few vulnerabilities of Jetty
Previous by thread: [jetty-users] Concurrent timeout exception
Next by thread: Re: [jetty-users] Regarding support required for few vulnerabilities of Jetty
Index(es):
- Date
- Thread

Breadcrumbs