B4J Question jServer v4.0 - Based on Jetty 11 CVE Issue

[marconotsopolo]

Hi

With the latest version of jServer v4.0, would this CVE notice (CVE-2022-2191) require an update to the library?.

Thanks
Mark

 

[Erel]

jServer v4.0 is based on Jetty 11.0.9. This is not a major threat and in the worst case it will make it easier to DDOS the server.
There is a workaround suggested here that shouldn't be difficult to implement with JavaObject: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 you can use it until the library is updated.