anmolnar commented on PR #2288: URL: https://github.com/apache/zookeeper/pull/2288#issuecomment-3144580090
> Hi @anmolnar, I think it is deleted by #2220 in bumping jetty to [`9.4.57.v20241219`](https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.57.v20241219) which includes [patch](https://github.com/jetty/jetty.project/pull/12532) to fix [CVE-2024-6763](https://github.com/advisories/GHSA-qh8g-58pp-2wxh). That's interesting. It was told that they're not backporting patches to EOL versions anymore and OWASP is still flagging the version. ``` 16:07:29 jetty-http-9.4.57.v20241219.jar (pkg:maven/org.eclipse.jetty/jetty-http@9.4.57.v20241219, cpe:2.3:a:eclipse:jetty:9.4.57:20241219:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.57:20241219:*:*:*:*:*:*, cpe:2.3:a:mortbay_jetty:jetty:9.4.57:20241219:*:*:*:*:*:*) : CVE-2024-6763 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
