[jetty-dev] Jetty Version having fix for Denial of Service (https://bugzilla.redhat.com/show_bug.cgi?id=781677)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-dev] Jetty Version having fix for Denial of Service (https://bugzilla.redhat.com/show_bug.cgi?id=781677)

prakash mallick
Hi All, 
        We are using Jetty version Jetty-5.1.14 binary, can anybody please tell me if we can have an immediate  version w.r.t 5.1.14 having fix for https://bugzilla.redhat.com/show_bug.cgi?id=781677

Thanks and Regards,
Prakash

_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] Jetty Version having fix for Denial of Service (https://bugzilla.redhat.com/show_bug.cgi?id=781677)

Greg Wilkins-3

Prakash,

Jetty-5 is no longer a supported/developed release.  There are fixes available for jetty 6, 7 and 8.  You can also protect against this attack by reducing the maximum form content size to < 4k.
Note that as an open source project, you can modify the source of jetty-5  and build your own version.   We just do not have the resources available to do an official release of such an old version.
regards


On 28 March 2012 03:13, prakash mallick <[hidden email]> wrote:
Hi All, 
        We are using Jetty version Jetty-5.1.14 binary, can anybody please tell me if we can have an immediate  version w.r.t 5.1.14 having fix for https://bugzilla.redhat.com/show_bug.cgi?id=781677

Thanks and Regards,
Prakash

_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev



_______________________________________________
jetty-dev mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-dev