The P2 repositories at eclipse.org are for consumption by other Eclipse projects only. They are not meant to be publicly used as you are doing.
If you require Jetty 9.4.x series on a P2 repo, you are expected to build the P2 repositories in your own infrastructure. Note that P2 repositories as a whole are now deprecated and are going away in light of the new Tycho features that can provide P2 like features but from a maven repository. Joakim Erdfelt / [email protected] On Mon, Jul 26, 2021 at 9:40 AM Apoorva Maheshwari via jetty-users < [email protected]> wrote: > Hi Team, > > > > In one of our node we are currently using equinox version 4.16 with has > jetty version 9.4.29. Latest version available for equinox upgrade is 4.20 > which is using jetty 10.0.5 and jetty 10.x has dependency on Java-11. I > have attached the current study document with this email. Let me know if > you need any information. > > > > Please confirm if you can share the fix for these open vulnerabilities as > backport? > > > > Eclipse Jetty denial of service in jetty-io CVE-2021-28165 > > > > Jetty Utility Servlets Double Decoding Information Disclosure > Vulnerability CVE-2021-28169 > > > > https://nvd.nist.gov/vuln/detail/CVE-2021-34428 CVE-2021-34428 > > > > Quick response will be appreciated. > > > > Thanks in advance. > > > Regards, > > *APOORVA MAHESHWARI * > > Sr. Software Engineer > BDGS, R&D > 2nd Floor, ASF Insignia - Block B Kings Canyon, > Gwal Pahari, Gurgaon, Haryana 122003, India > Phone: 8860498817 > [email protected] > www.ericsson.com > > <http://www.ericsson.com/current_campaign> > > > _______________________________________________ > jetty-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
