joakime commented on PR #24232: URL: https://github.com/apache/pulsar/pull/24232#issuecomment-2916549441
> Jetty 9.4.57.v20241219 contains backported [CVE-2024-6763](https://github.com/advisories/GHSA-qh8g-58pp-2wxh) fix in [jetty/jetty.project#12532](https://github.com/jetty/jetty.project/pull/12532) although it's not explicitly mentioned and most security scanners don't yet contain the information that it's been addressed in 9.4.57. This is intentional, this is the "Unsupported when Assigned" behavior, as Jetty 9 is EOL (End of Life) * https://github.com/jetty/jetty.project/issues/7958 * https://github.com/jetty/jetty.project/issues/10485 If you still need `javax.servlet` namespace support, use the `ee8` environment in Jetty 12. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
