Release Notes / Version 10.2101
Table Of ContentsCVE-2020-27216: Jetty Updated to 9.4.35
Jetty has been updated to 9.4.35.v20201120 to address CVE-2020-27216 (Creation of Temporary File With Insecure Permissions).
All Jetty artifacts managed by
org.eclipse.jetty:jetty-bom
are affected, including:
org.eclipse.jetty.http2.http2-clientorg.eclipse.jetty.http2.http2-commonorg.eclipse.jetty.jetty-clientorg.eclipse.jetty.jetty-serverorg.eclipse.jetty.jetty-servletorg.eclipse.jetty.jetty-util
(CMS-18629)