|Re: [jetty-dev] Regarding support required for few vulnerabilities of Jetty|
In one of our node we are currently using equinox version 4.16 with has jetty version 9.4.29. Latest version available for equinox upgrade is 4.20 which is using jetty 10.0.5 and jetty 10.x has dependency on Java-11. I have attached the current study document with this email. Let me know if you need any information.
Please confirm if you can share the fix for these open vulnerabilities as backport?
Eclipse Jetty denial of service in jetty-io CVE-2021-28165
Jetty Utility Servlets Double Decoding Information Disclosure Vulnerability CVE-2021-28169
Quick response will be appreciated.
Thanks in advance.
jetty-dev mailing list
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-dev
Back to the top