On 2021/10/27 12:58:12 Dana Milan wrote: > Hi, > . > Can anyone provide a clarification of how jetty is being used by Ignite > 2.8.1 and whether there is another way to avoid its vulnerabilities when > using Ignite besides upgrading to a newer Ignite version? > To be more specific, if I don't enable REST API (by not moving > ignite-rest-http from libs/optional to libs directory), will it eliminate > these vulnerabilities from my Ignite node? > > Thanks a lot, > Dana >
I guess so. If vulnerability present in particular JAR by excluding this
JAR from classpath, CVE should not affect you environment.
- CVE-2021-2816[3,4,5] vulnerabilities and Ignite 2.8.1 Dana Milan
- RE: CVE-2021-2816[3,4,5] vulnerabilities and Ignite 2.8.1 Ilya Korol
