Closed kamilgregorczyk closed 5 years ago
Can we get a response on this? @perwendel @tipsy
@kamilgregorczyk @robax Thanks! Seems like an important fix and creates a need for a 2.9.1 release with updated jetty deps.
@perwendel would you mind doing a quick release for this?
@robax yup, on it right now!
Fixed. 2.9.1 release made. Should be available on Maven central soon!
Thanks a lot @perwendel I super appreciate it :)
I have a synk scanner which checks all the dependencies and in spark-core 2.9.0 it found that jetty-util has two security issues, XSS and some information exposure
https://snyk.io/test/github/kamilgregorczyk/event-sourced-bank?targetFile=pom.xml https://github.com/kamilgregorczyk/event-sourced-bank/blob/master/pom.xml
Please upgrade jetty deps