The P2 repositories at eclipse.org are for consumption by other Eclipse projects only. They are not meant to be publicly used as you are doing.
If you require Jetty 9.4.x series on a P2 repo, you are expected to build the P2 repositories in your own infrastructure. Note that P2 repositories as a whole are now deprecated and are going away in light of the new Tycho features that can provide P2 like features but from a maven repository. Joakim Erdfelt / joa...@webtide.com On Mon, Jul 26, 2021 at 9:40 AM Apoorva Maheshwari via jetty-users < jetty-users@eclipse.org> wrote: > Hi Team, > > > > In one of our node we are currently using equinox version 4.16 with has > jetty version 9.4.29. Latest version available for equinox upgrade is 4.20 > which is using jetty 10.0.5 and jetty 10.x has dependency on Java-11. I > have attached the current study document with this email. Let me know if > you need any information. > > > > Please confirm if you can share the fix for these open vulnerabilities as > backport? > > > > Eclipse Jetty denial of service in jetty-io CVE-2021-28165 > > > > Jetty Utility Servlets Double Decoding Information Disclosure > Vulnerability CVE-2021-28169 > > > > https://nvd.nist.gov/vuln/detail/CVE-2021-34428 CVE-2021-34428 > > > > Quick response will be appreciated. > > > > Thanks in advance. > > > Regards, > > *APOORVA MAHESHWARI * > > Sr. Software Engineer > BDGS, R&D > 2nd Floor, ASF Insignia - Block B Kings Canyon, > Gwal Pahari, Gurgaon, Haryana 122003, India > Phone: 8860498817 > apoorva.maheshw...@ericsson.com > www.ericsson.com > > <http://www.ericsson.com/current_campaign> > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
