[jira] [Updated] (FELIX-4983) To prevent server information disclosure on error page, jetty 9.3.2 should be used

Adrien PAILHES (JIRA) Thu, 30 Jul 2015 10:00:40 -0700

     [ 
https://issues.apache.org/jira/browse/FELIX-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Adrien PAILHES updated FELIX-4983:
----------------------------------
    Description: 
According to this commit: 
https://github.com/eclipse/jetty.project/commit/6428718962b26ece54736da897ac9755eda265e2
jetty information is no more used in ErrorHandler (aka Jetty.POWERED_BY_HTML is 
removed).

So, for security purpose(information disclosure threat), it would be usefull to 
use jetty 9.3.2.

  was:
According to this commit: 
https://github.com/eclipse/jetty.project/commit/6428718962b26ece54736da897ac9755eda265e2
jetty information is no more used in ErrorHandler (aka Jetty.POWERED_BY_HTML is 
removed).

So, for security purpose, it would be usefull to use jetty 9.3.2.


> To prevent server information disclosure on error page, jetty 9.3.2 should be 
> used
> ----------------------------------------------------------------------------------
>
>                 Key: FELIX-4983
>                 URL: https://issues.apache.org/jira/browse/FELIX-4983
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http.jetty-3.0.2
>            Reporter: Adrien PAILHES
>
> According to this commit: 
> https://github.com/eclipse/jetty.project/commit/6428718962b26ece54736da897ac9755eda265e2
> jetty information is no more used in ErrorHandler (aka Jetty.POWERED_BY_HTML 
> is removed).
> So, for security purpose(information disclosure threat), it would be usefull 
> to use jetty 9.3.2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (FELIX-4983) To prevent server information disclosure on error page, jetty 9.3.2 should be used

Reply via email to