[
https://issues.apache.org/jira/browse/CXF-9068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902476#comment-17902476
]
John Yin commented on CXF-9068:
-------------------------------
Hi [~reta],
Tried to use Jetty 12.0.15 with CXF 4.0.5, but Spring Boot cannot create the
CXF http:engine because it cannot find
org.eclipse.jetty.server.session.SessionHandler, which does not exist (or was
renamed) in Jetty 12.
Any suggestion would be greatly appreciated.
Thanks,
John
> Vulnerability (Denial of Service) in jetty server
> -------------------------------------------------
>
> Key: CXF-9068
> URL: https://issues.apache.org/jira/browse/CXF-9068
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 4.0.5
> Reporter: Milan Siebenbürger
> Priority: Major
>
> Hello,
>
> snyk.io has discovered a vulnerability in Jetty Server
> ([https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186142] ), which
> was introduced via org.apache.cxf:cxf-rt-transports-http-jetty@4.0.5
>
> Is it possible to fix or mitigate this issue?
> thanks
> Milan Siebenbürger
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
