Re: [jetty-dev] Jetty Version having fix for Denial of Service (https://bugzilla.redhat.com/show_bug.cgi?id=781677)
Jetty-5 is no longer a supported/developed release. There are fixes available for jetty 6, 7 and 8. You can also protect against this attack by reducing the maximum form content size to < 4k. Note that as an open source project, you can modify the source of jetty-5 and build your own version. We just do not have the resources available to do an official release of such an old version.