Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Updates for Jetty 8.1.x branches to address recent CVEs

No, there are currently no plans to revisit these End of Life releases of Jetty. 


jesse mcconnell

On Thu, Sep 6, 2018 at 12:29 PM Kit Lo <kitlo@xxxxxxxxxx> wrote:

Eclipse is well known for being an open source community that embraces commercial adoption. Maintenance is a major part of the life cycle of a software project. Many companies are big advocates for providing long term maintenance for Eclipse technologies to help adopters to stay on top of regular software updates to avoid problems upfront, as well as to react to problems that impede users.

However, the Jetty releases 8.1.x included in a few still very active Eclipse releases have reached Jetty End of Life. Users of the few earlier releases of Eclipse are still exposed to the recent CVEs because there are no fixes provided for the Jetty 8.1.x branches. Are there any plans to provide updates for Jetty 8.1.x branches to patch the vulnerabilities for Jetty 8.1.x users?

Eclipse Release Jetty Release in Eclipse Note
4.2.2 8.1.3.v20120522 Reached Jetty End of Life
4.3.2 8.1.14.v20131031 Reached Jetty End of Life
4.4.2 8.1.16.v20140903 Reached Jetty End of Life

Kit Lo
Eclipse Babel Project Lead
IBM Eclipse SDK (IES) Technical Lead

jetty-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Back to the top