On 2018-07-04, Ola Lundqvist <o...@inguza.com> wrote: > You are right, CVE-2011-XXXX first found to affect jetty (jetty 6) > could very well not be fixed in jetty 8 since jetty 8 was first > released in 2009.
Even if jetty 8 had been first released in 2018, you *still* could not conclude anything simply because "2011 is before 2018". All your statements about "CVE-YYYY-XXX can't affect foo because foo was released after year YYYY" are just plain wrong. Cheers, --Seb