Hi.
One of my projects uses Wiremock. Thanks to Github security alerts, we were informed about CVEs in a transitive dependency of wiremock: jetty.
Wiremock 2.24.0 depends on Jetty 9.4.15.v20190215/9.2.26.v20180806, which have the following CVEs reported against it:
CVE-2019-10241
CVE-2019-10247
The first three CVEs are moderate severity.
The recommended fix is simple:
Upgrade org.eclipse.jetty:jetty-server to current versions (9.2.28.v20190418/9.4.19.v20190610) .
What is the possibility of a patch release that updates the jetty dependencies to avoid these CVEs?
Hi.
One of my projects uses Wiremock. Thanks to Github security alerts, we were informed about CVEs in a transitive dependency of wiremock: jetty.
Wiremock 2.24.0 depends on Jetty 9.4.15.v20190215/9.2.26.v20180806, which have the following CVEs reported against it:
CVE-2019-10241
CVE-2019-10247
The first three CVEs are moderate severity.
The recommended fix is simple:
Upgrade org.eclipse.jetty:jetty-server to current versions (9.2.28.v20190418/9.4.19.v20190610) .
What is the possibility of a patch release that updates the jetty dependencies to avoid these CVEs?