Hi all, We're using Jetty as the web server in our project. My team hold regular security scans on all 3rd party libs.The latest scan reported 2 CVE's ( CVE-2007-1651 <https://www.cvedetails.com/cve/CVE-2007-1651/> & CVE-2007-1652 <https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2007-1652>) were found in OpenID jar, carried by Jetty 9.4.31. However, these two CVE's were reported back in 2007. Though it's hard to believe the vulnerabilities are not addressed today, could anyone help check if the two reported issues still exist in the latest version? Many thanks!
Best, Yicheng
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
