-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Minor
-
Component/s: winstone-jetty
-
None
The latest bump of Winstone was to version 5.25 , which uses Jetty 9.4.46.v20220331 as detailed in the Jenkins changelog for the 2.348 .
This version of Jetty is currently affected by two CVEs.
https://nvd.nist.gov/vuln/detail/CVE-2022-2048 - High
https://nvd.nist.gov/vuln/detail/CVE-2022-2047 - Low
Since Release 5.27 · jenkinsci/winstone (github.com) that Jetty was bumped to 9.4.48.v20220622 which is no longer affected by the two mentioned CVEs.
- is related to
-
JENKINS-68694 Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11
-
- Closed
-
