This is helpful: https://github.com/jetty/jetty.project/pull/12012
On Tue, Apr 29, 2025 at 8:09 AM Tim Allison <[email protected]> wrote: > I got a dm asking if it is possible to request that jetty fix 11.x for > CVE-2024-6763 so that we can roll that into our 3.x release. > > My response: If you're using Tika server in a locked down/isolated > environment (which you should absolutely be doing), I don't see how that > cve would affect you. Nevertheless, if you'd like to avoid complaints from > your dependency scanner, yes, please make that request. >
