Skip to content

How to use CVE/CNA at Eclipse to declare specific versions of Eclipes Jetty as EOL

How can we use the Eclipse CNA authority to declare specific versions of Eclipse Jetty as EOL?

Steps to reproduce

The CNA authority has the means to declare specific versions of products as EOL. We would like to use this ability of a CNA authority for older, no longer supported, Eclipse Jetty versions.

What are the affected versions?

Eclipse Jetty 11 and older. (Jetty 11., Jetty 10., Jetty 9., Jetty 8., Jetty 7.*) But NOT Jetty 12 (which is the mainline and supported version of Jetty)

Do you know any mitigations of the issue?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent