[ https://issues.apache.org/jira/browse/CXF-9068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902489#comment-17902489 ]
John Yin commented on CXF-9068: ------------------------------- Hi [~ffang], Thanks! I was just editing my previous comment with "Now the latest release of Jetty 11 (11.0.24) has a vulnerability. Need to move to Jetty 12." When will CXF 4.1 be available? Thanks, John > Vulnerability (Denial of Service) in jetty server > ------------------------------------------------- > > Key: CXF-9068 > URL: https://issues.apache.org/jira/browse/CXF-9068 > Project: CXF > Issue Type: Bug > Components: Transports > Affects Versions: 4.0.5 > Reporter: Milan Siebenbürger > Priority: Major > > Hello, > > snyk.io has discovered a vulnerability in Jetty Server > ([https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186142] ), which > was introduced via org.apache.cxf:cxf-rt-transports-http-jetty@4.0.5 > > Is it possible to fix or mitigate this issue? > thanks > Milan Siebenbürger -- This message was sent by Atlassian Jira (v8.20.10#820010)