[jetty-dev] Security Issues Jetty 9 / Older Version effected ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-dev] Security Issues Jetty 9 / Older Version effected ?

From: Frank Simon <fs@xxxxxxxxxxxxxxx>
Date: Fri, 27 Feb 2015 08:50:56 -0800
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Dear Jetty Community,

we saw this morning the following notice:

http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html

Obviously Jetty 9 is effected. We still use Jetty 6 (yes we know, but to switch to jetty 8 or 9 is not a small task).

In earlier times there was a great overview:

http://wiki.eclipse.org/Jetty/Jetty_Security_Reports#Known_Jetty_6_Issues

but it seems it not maintained anymore. Any other overviews regarding Jetty Security Issues ?

Frank
--
ECCE TERRAM					E-Mail: fs@xxxxxxxxxxxxxxx
DE: +49 441 500 12 0				NZ:  +64 9 304 0709
US: + 1 415 609 0380				Fax: +49 441 500 12 29
www.ecce-terram.info				Ex Astris Scientia

Follow-Ups:
- Re: [jetty-dev] Security Issues Jetty 9 / Older Version effected ?
  - From: Jesse McConnell

Prev by Date: [jetty-dev] Critical Security Release of Jetty 9.2.9.v20150224
Next by Date: Re: [jetty-dev] Security Issues Jetty 9 / Older Version effected ?
Previous by thread: [jetty-dev] Critical Security Release of Jetty 9.2.9.v20150224
Next by thread: Re: [jetty-dev] Security Issues Jetty 9 / Older Version effected ?
Index(es):
- Date
- Thread

Breadcrumbs