Re: jetty CVE triage: jetty8 ignored?

Sébastien Delafond Tue, 03 Jul 2018 08:01:27 -0700

On 2018-07-03, Ola Lundqvist <o...@inguza.com> wrote:
> jetty8 appears first 2012.
> jetty9 appears first 2015.
>
> This means that CVE entries before 2012 are not relevant for jetty8
> and before 2015 not relevant for jetty9.


That's just wrong; for instance, a CVE-2011-XXXX first found to affect
jetty7 could very well not be fixed yet in jetty8.

Cheers,

--Seb

Re: jetty CVE triage: jetty8 ignored?

Reply via email to