Hi,
We are currently using Dropwizard 2.0.x for our project. During the process of scanning the Docker image built from our project, we have discovered several vulnerabilities in the dependencies, including jetty-setuid-java 1.0.4 (CVE-2017-7658 and CVE-2017-7657). Unfortunately, jetty-setuid-java 1.0.4 is the latest version available, and even the latest version of Dropwizard still relies on it. In light of this situation, I would like to inquire about the best course of action for excluding these vulnerabilities. Please find the details of the jetty-setuid-java 1.0.4 vulnerability information at the following link: https://mvnrepository.com/artifact/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java/1.0.4 Thank you for your assistance. -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/3cc3ce80-ab95-483d-9c34-22d6bd29791cn%40googlegroups.com.
