[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-dev] Security Issues Jetty 9 / Older Version effected ?
|
No issues in Jetty 6 for this, or 7/8 for that matter, just the
9.2.3-9.2.8 range specified in the issue. :)
https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
Do update from Jetty 6 though, Jetty 7 and 8 are even EOL at this point!
Current security reports are stored here:
https://www.eclipse.org/jetty/documentation/current/security-reports.html
jesse
--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx
On Fri, Feb 27, 2015 at 10:50 AM, Frank Simon <fs@xxxxxxxxxxxxxxx> wrote:
> Dear Jetty Community,
>
> we saw this morning the following notice:
>
> http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
>
> Obviously Jetty 9 is effected. We still use Jetty 6 (yes we know, but to switch to jetty 8 or 9 is not a small task).
>
> In earlier times there was a great overview:
>
> http://wiki.eclipse.org/Jetty/Jetty_Security_Reports#Known_Jetty_6_Issues
>
> but it seems it not maintained anymore. Any other overviews regarding Jetty Security Issues ?
>
> Frank
> --
> ECCE TERRAM E-Mail: fs@xxxxxxxxxxxxxxx
> DE: +49 441 500 12 0 NZ: +64 9 304 0709
> US: + 1 415 609 0380 Fax: +49 441 500 12 29
> www.ecce-terram.info Ex Astris Scientia
>
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-dev