Release Notes / Version 10.2104
Table Of ContentsCVE-2020-27216: Jetty Updated to 9.4.35
Jetty has been updated to 9.4.35.v20201120 to address CVE-2020-27216 (Creation of Temporary File With Insecure Permissions).
All Jetty artifacts managed by
org.eclipse.jetty:jetty-bom
are affected, including:
org.eclipse.jetty.http2.http2-client
org.eclipse.jetty.http2.http2-common
org.eclipse.jetty.jetty-client
org.eclipse.jetty.jetty-server
org.eclipse.jetty.jetty-servlet
org.eclipse.jetty.jetty-util
(CMS-18629)