It looks like Jetty 7 and Jetty 8 are not affected, only Jetty 9. So I think we are safe :-) Investigating...
Uwe ----- Uwe Schindler H.-H.-Meier-Allee 63, D-28213 Bremen http://www.thetaphi.de eMail: [email protected] > -----Original Message----- > From: Uwe Schindler [mailto:[email protected]] > Sent: Tuesday, March 03, 2015 1:44 PM > To: [email protected] > Subject: Security release because of Jetty Security issue: #JetLeak > > Hi, > > due to the security leak in the Jetty webserver we should think about > updating the Solr releases: As a Lucene 4.10.4 release is in the RC phase, we > should better delay it and check if the bundled Jetty is vulnerable. > > http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote- > leakage-of-shared-buffers-in-je.html > > Here is a testing scipt to check our release: > https://github.com/GDSSecurity/Jetleak-Testing-Script > > Uwe > > ----- > Uwe Schindler > H.-H.-Meier-Allee 63, D-28213 Bremen > http://www.thetaphi.de > eMail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
