[jira] [Commented] (CXF-9068) Vulnerability (Denial of Service) in jetty server

Freeman Yue Fang (Jira) Mon, 02 Dec 2024 17:30:24 -0800


    [ 
https://issues.apache.org/jira/browse/CXF-9068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902480#comment-17902480
 ]


Freeman Yue Fang commented on CXF-9068:
---------------------------------------

Hi [~bocamel],

FYI, the upcoming CXF 4.1 will support Jetty 12. For the CXF 4.0.x, please use 
Jetty 11.x.

Freeman

> Vulnerability (Denial of Service) in jetty server
> -------------------------------------------------
>
>                 Key: CXF-9068
>                 URL: https://issues.apache.org/jira/browse/CXF-9068
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 4.0.5
>            Reporter: Milan Siebenbürger
>            Priority: Major
>
> Hello,
>  
> snyk.io has discovered a vulnerability in Jetty Server 
> ([https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186142] ), which 
> was introduced via org.apache.cxf:cxf-rt-transports-http-jetty@4.0.5 
>  
> Is it possible to fix or mitigate this issue?
> thanks
> Milan Siebenbürger



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9068) Vulnerability (Denial of Service) in jetty server

Reply via email to