You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I get today a security warning from the org.owasp:dependency-check-gradle tool for the library jetty-io@9.4.48.v20220622 that it include affected form CVE-2022-2191.
The description of CVE-2022-2191 suggest that the version 9.x is not affected. Also there is no newer 9.x version.
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.
Is this security warning a false positive? Or will this not fixed in version 9.x because EOL?
The text was updated successfully, but these errors were encountered:
I get today a security warning from the org.owasp:dependency-check-gradle tool for the library jetty-io@9.4.48.v20220622 that it include affected form CVE-2022-2191.
The description of CVE-2022-2191 suggest that the version 9.x is not affected. Also there is no newer 9.x version.
Is this security warning a false positive? Or will this not fixed in version 9.x because EOL?
The text was updated successfully, but these errors were encountered: