Jetty Security
Reporting Security Issues
There are a couple of avenues for reporting security issues to the Jetty project. If the issue is directly related to Jetty itself, then reporting to the Jetty developers is encouraged. The most direct method is to mail security@jetty.org or security@webtide.com. We are flexible in how we work with reporters of security issues but reserve the right to act in the interests of the Jetty project in all circumstances.
If the issue is related to Eclipse or its Jetty integration, we would like to encourage you to reach out to security@eclipse.org.
If the issue is related to integrations with Jetty, we are happy to work with you to identify the proper entity, and either of the approaches above is okay.
We prefer that security issues be reported directly to Jetty developers via email instead of GitHub issues since it has no facility to tag issues as private. We will actively delete issues that are opened in this way.
For more information on how we handle security issues, please refer to our Security Policy.
Jetty Security Reports
| Date | ID | Exploit | Severity | Affects | Fixed Version |
|---|---|---|---|---|---|
4/18/2023 |
Low |
Low |
⇐9.4.50, ⇐10.013, ⇐11.0.13, ⇐12.0.0.alpha3 |
9.4.51, 10.0.14, 11.0.14, 12.0.0.beta0 |
|
4/18/2023 |
Med |
Med |
⇐9.4.50, ⇐10.0.13, ⇐11.0.13 |
9.4.51, 10.0.14, 11.0.14 |
|
7/5/2022 |
Med |
High |
⇐ 10.0.9, ⇐ 11.0.9 |
10.0.10, 11.0.10 |
|
7/5/2022 |
Low |
Low |
⇐ 9.4.46, ⇐ 10.0.9, ⇐ 11.0.9 |
9.4.47, 10.0.10, 11.0.10 |
|
7/5/2022 |
Med |
High |
⇐ 9.4.46, ⇐ 10.0.9, ⇐ 11.0.9 |
9.4.47, 10.0.10, 11.0.10 |
|
7/15/2021 |
Med |
Med |
9.4.37 - 9.4.42, 10.0.1 - 10.0.5, 11.0.1 - 11.0.5 |
9.4.43, 10.0.6, 11.0.6 |
|
6/22/2021 |
Low |
Low |
⇐ 9.4.40, ⇐ 10.0.2, ⇐ 11.0.2 |
9.4.41, 10.0.3, 11.0.3 |
|
6/8/2021 |
Med |
Med |
⇐ 9.4.40, ⇐ 10.0.2, ⇐ 11.0.2 |
9.4.41, 10.0.3, 11.0.3 |
|
4/1/2021 |
Med |
High |
7.2.2 - 9.4.38, 10.0.0.alpha0 - 10.0.1, 11.0.0.alpha0 - 11.0.1 |
9.4.39, 10.0.2, 11.0.2 |
|
4/1/2021 |
Med |
Med |
9.4.37, 9.4.38 |
9.4.39 |
|
4/1/2021 |
Med |
Med |
9.4.32 - 9.4.38, 10.0.0.beta2 - 10.0.1, 11.0.0.beta2 - 11.0.1 |
9.4.39, 10.0.2, 11.0.2 |
|
2/26/2021 |
Med |
Med |
9.4.6.v20170531 - 9.4.36.v20210114, 10.0.0, 11.0.0 |
9.4.37, 10.0.1, 11.0.1 |
|
11/17/2020 |
Med |
Med |
9.4.0.RC0 - 9.4.34, 10.0.0.alpha0 - 10.0.0.beta2, 11.0.0.alpha0 - 11.0.0.beta2 |
9.4.35, 10.0.0.beta3, 11.0.0.beta3 |
|
10/19/2020 |
Med |
High |
< = 9.4.32 |
9.3.29, 9.4.33 |
|
7/9/2020 |
Med |
High |
>= 9.4.27, < = 9.4.29 |
9.4.30 |
|
11/25/2019 |
Med |
Med |
>= 9.4.21, < = 9.4.23 |
9.4.24 |
|
8/13/2019 |
Med |
Med |
< = 9.4.20 |
9.4.21 |
|
8/13/2019 |
Med |
Med |
< = 9.4.20 |
9.4.21 |
|
8/13/2019 |
Med |
Med |
< = 9.4.20 |
9.4.21 |
|
8/13/2019 |
Med |
Med |
< = 9.4.20 |
9.4.21 |
|
8/13/2019 |
Low |
Low |
< = 9.4.20 |
9.4.21 |
|
8/13/2019 |
Low |
Low |
< = 9.4.20 |
9.4.21 |
|
4/11/2019 |
Med |
Med |
< = 9.4.16 |
9.2.28, 9.3.27, 9.4.17 |
|
4/11/2019 |
High |
High |
< = 9.4.16 |
9.2.28, 9.3.27, 9.4.17 |
|
4/11/2019 |
High |
High |
< = 9.4.15 |
9.2.27, 9.3.26, 9.4.16 |
|
6/25/2018 |
High |
High |
>= 9.4.0, < = 9.4.8 |
9.4.9 |
|
6/25/2018 |
High |
See CWE-202 |
< = 9.4.10 |
9.2.25, 9.3.24, 9.4.11 |
|
6/25/2018 |
See CWE-444 |
See CWE-444 |
< = 9.4.10 |
9.2.25, 9.3.24, 9.4.11 |
|
6/25/2018 |
See CWE-444 |
See CWE-444 |
< = 9.4.10 |
9.2.25, 9.3.24, 9.4.11 |
|
6/25/2018 |
See CWE-444 |
See CWE-444 |
< = 9.4.10 |
9.2.25, 9.3.24, 9.4.11 |
|
5/31/2016 |
high |
high |
>= 9.3.0, < = 9.3.8 |
9.3.9 |
|
2/24/2015 |
high |
high |
>=9.2.3 <9.2.9 |
9.2.9 |
|
12/29/2011 |
high |
medium |
All versions |
7.6.0.RCO |
|
11/5/2009 |
medium |
high |
JVM 1.6u19 |
7.01, 6.1.22 |
|
12/22/2007 |
high |
medium |
6.1.rc0-6.1.6 |
6.1.7 |
|
11/5/2007 |
low |
low |
<6.1.6 |
6.1.6rc1 |
|
11/5/2007 |
low |
low |
6.1.6 |
6.1.6rc0 |
|
11/3/2007 |
medium |
medium |
<6.1.6 |
6.1.6rc0 |
|
11/22/2006 |
low |
high |
<6.1.0, <6.0.2, <5.1.12, <4.2.27 |
6.1.0pre3, 6.0.2, 5.1.12, 4.2.27 |
|
6/1/2006 |
medium |
medium |
<6.0.+, <6.0.0Beta17 |
6.0.0Beta17 |
|
11/18/2005 |
medium |
medium |
<5.1.6 |
5.1.6, 6.0.0Beta4 |