Closed shubh-ranade closed 3 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Can you please downgrade only the servlets package in the rest-utils repository? jetty-server 9.4.53 is vulnerable high severity vulnerability: CVE-2023-44487
@shubh-ranade Can we close this PR as the alternative approach was taken?
Close this as we have decided with alternate approach
Downgrade jetty to
9.4.53
. The new version upgrade recently in #582 affects DoS filtering inrest-utils
jetty server.rest-utils
changes: https://github.com/confluentinc/rest-utils/pull/478