Hi, Not a single one of the listed vulnerabilities is for org.eclipse.jetty.toolchain.setuid:jetty-setuid-java:1.0.4. They are all for older versions of Jetty itself for which there are updated versions of Dropwizard 2.1.x, 3.x, and 4.x.
If your security scanner is flagging this, you should switch to another provider for these kind of things. Please also note that Dropwizard 2.0.x is EOL since January 31, 2023 and will not receive any updates anymore. Best regards, Jochen > Am 29.06.2023 um 18:20 schrieb Minh Giang Tran <[email protected]>: > > Hi, > > We are currently using Dropwizard 2.0.x for our project. During the process > of scanning the Docker image built from our project, we have discovered > several vulnerabilities in the dependencies, including jetty-setuid-java > 1.0.4 (CVE-2017-7658 and CVE-2017-7657). > > Unfortunately, jetty-setuid-java 1.0.4 is the latest version available, and > even the latest version of Dropwizard still relies on it. > > In light of this situation, I would like to inquire about the best course of > action for excluding these vulnerabilities. Please find the details of the > jetty-setuid-java 1.0.4 vulnerability information at the following link: > > https://mvnrepository.com/artifact/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java/1.0.4 > > Thank you for your assistance. > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dropwizard-user/3cc3ce80-ab95-483d-9c34-22d6bd29791cn%40googlegroups.com > > <https://groups.google.com/d/msgid/dropwizard-user/3cc3ce80-ab95-483d-9c34-22d6bd29791cn%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/F1F415DA-17E0-4C70-885C-8DD105CBF777%40schalanda.name.
