[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Updates for Jetty 8.1.x branches to address recent CVEs

Eclipse is well known for being an open source community that embraces commercial adoption. Maintenance is a major part of the life cycle of a software project. Many companies are big advocates for providing long term maintenance for Eclipse technologies to help adopters to stay on top of regular software updates to avoid problems upfront, as well as to react to problems that impede users.

However, the Jetty releases 8.1.x included in a few still very active Eclipse releases have reached Jetty End of Life. Users of the few earlier releases of Eclipse are still exposed to the recent CVEs because there are no fixes provided for the Jetty 8.1.x branches. Are there any plans to provide updates for Jetty 8.1.x branches to patch the vulnerabilities for Jetty 8.1.x users?

Eclipse Release Jetty Release in Eclipse Note
4.2.2 8.1.3.v20120522 Reached Jetty End of Life
4.3.2 8.1.14.v20131031 Reached Jetty End of Life
4.4.2 8.1.16.v20140903 Reached Jetty End of Life

Regards,
Kit Lo
Eclipse Babel Project Lead
IBM Eclipse SDK (IES) Technical Lead