B4J Question jServer v4.0 - Based on Jetty 11 CVE Issue

marconotsopolo · Jan 17, 2023

Hi

With the latest version of jServer v4.0, would this CVE notice (CVE-2022-2191) require an update to the library?.

Thanks
Mark

Erel · Jan 17, 2023

jServer v4.0 is based on Jetty 11.0.9. This is not a major threat and in the worst case it will make it easier to DDOS the server.
There is a workaround suggested here that shouldn't be difficult to implement with JavaObject: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 you can use it until the library is updated.

Erel · Jan 17, 2023

jServer v4.0 is based on Jetty 11.0.9. This is not a major threat and in the worst case it will make it easier to DDOS the server.
There is a workaround suggested here that shouldn't be difficult to implement with JavaObject: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 you can use it until the library is updated.

B4J Question jServer v4.0 - Based on Jetty 11 CVE Issue

marconotsopolo

Member

Erel

Erel

B4X founder

Similar Threads

B4J Question jServer v4.0 - Based on Jetty 11 CVE Issue

marconotsopolo

Member

Erel

B4X founder

Similar Threads

Privacy & Transparency

Privacy & Transparency