search

perwendel / spark

A simple expressive web framework for java. Spark has a kotlin DSL https://github.com/perwendel/spark-kotlin
Apache License 2.0
9.63k stars 1.56k forks source link

fix(sec): upgrade org.eclipse.jetty:jetty-server to 12.0.0.beta0 #1279

Open chncaption opened 11 months ago

chncaption commented 11 months ago

What happened?

There are 1 security vulnerabilities found in org.eclipse.jetty:jetty-server 9.4.48.v20220622

What did I do?

Upgrade org.eclipse.jetty:jetty-server from 9.4.48.v20220622 to 12.0.0.beta0 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

nieldw commented 11 months ago

It is not necessary to go all the way to 12.0.0.beta0. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0.

https://security.snyk.io/vuln/SNYK-SLES155-JETTYSERVER-5721531

ivangrujic09 commented 8 months ago

Is this something that will go through?