[jetty-dev] Updates for Jetty 8.1.x branches to address recent CVEs

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-dev] Updates for Jetty 8.1.x branches to address recent CVEs

Kit Lo

Eclipse is well known for being an open source community that embraces commercial adoption. Maintenance is a major part of the life cycle of a software project. Many companies are big advocates for providing long term maintenance for Eclipse technologies to help adopters to stay on top of regular software updates to avoid problems upfront, as well as to react to problems that impede users.

However, the Jetty releases 8.1.x included in a few still very active Eclipse releases have reached Jetty End of Life. Users of the few earlier releases of Eclipse are still exposed to the recent CVEs because there are no fixes provided for the Jetty 8.1.x branches. Are there any plans to provide updates for Jetty 8.1.x branches to patch the vulnerabilities for Jetty 8.1.x users?

Eclipse Release Jetty Release in Eclipse Note
4.2.2 8.1.3.v20120522 Reached Jetty End of Life
4.3.2 8.1.14.v20131031 Reached Jetty End of Life
4.4.2 8.1.16.v20140903 Reached Jetty End of Life

Regards,
Kit Lo
Eclipse Babel Project Lead
IBM Eclipse SDK (IES) Technical Lead


_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

Reply | Threaded
Open this post in threaded view
|

Re: [jetty-dev] Updates for Jetty 8.1.x branches to address recent CVEs

Jesse McConnell
No, there are currently no plans to revisit these End of Life releases of Jetty. 

Jesse

--
jesse mcconnell
[hidden email]


On Thu, Sep 6, 2018 at 12:29 PM Kit Lo <[hidden email]> wrote:

Eclipse is well known for being an open source community that embraces commercial adoption. Maintenance is a major part of the life cycle of a software project. Many companies are big advocates for providing long term maintenance for Eclipse technologies to help adopters to stay on top of regular software updates to avoid problems upfront, as well as to react to problems that impede users.

However, the Jetty releases 8.1.x included in a few still very active Eclipse releases have reached Jetty End of Life. Users of the few earlier releases of Eclipse are still exposed to the recent CVEs because there are no fixes provided for the Jetty 8.1.x branches. Are there any plans to provide updates for Jetty 8.1.x branches to patch the vulnerabilities for Jetty 8.1.x users?

Eclipse Release Jetty Release in Eclipse Note
4.2.2 8.1.3.v20120522 Reached Jetty End of Life
4.3.2 8.1.14.v20131031 Reached Jetty End of Life
4.4.2 8.1.16.v20140903 Reached Jetty End of Life

Regards,
Kit Lo
Eclipse Babel Project Lead
IBM Eclipse SDK (IES) Technical Lead

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev