As explained in the PR there are no real security issues but some companies using scanners may have to live a long time with alarms etc... And they don't have any "safe" (by "safe" I mean CVEs free :)) solution to upgrade before the version with Jetty 10.0.11 land into LTS (and I do not mention companies who are not ready yet to upgrade to java 11) anyway no big drama here I was just thinking as solution to help users/companies with strict restrictions. This may not happen and we cannot support old versions forever but as long as we have a LTS with java 8 there can be some need for it.
On Wed, 3 Aug 2022 at 08:17, Basil Crow <m...@basilcrow.com> wrote: > Are we talking about the version of Jetty to be shipped in 2.346.3 or > the version of Jetty to be shipped in 2.361.1? > > 2.361.1 is far enough away that I would be in favor of a backport of > Jetty 10.0.11, once it has been in the weekly release for a week or > two without serious regressions. This would not require us to make any > exception to the usual rules. > > For 2.346.3 I am not sure there is a need to do any Jetty backporting, > but I would be willing to discuss it if there was a need. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpcek4uaLV3WqGV%2Bgt5ncvJdXyT9ZwfNCA-P152OtqkSg%40mail.gmail.com > . > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPoyBqQ%3DRDT3ot0MaRFJW%2BMWSs54vnphj6SS_J73RhhQ4iyH_Q%40mail.gmail.com.
