Re: jetty CVE triage: jetty8 ignored?
B0;115;0cOn Thu, Jul 05, 2018 at 05:24:22PM +0200, Ola Lundqvist wrote:
> Hi Sebastian
>
> With this reasoning we cannot assume that a later release include fixes for
> earlier releases for any package. Jetty seems to be actively and sanely
> maintained so I think the risk you point out is very low.
> But you are right, this could be the case for a badly maintained package.
It's all open source, I suggest you simply look at the packages instead
of making assumptions.
Cheers,
Moritz
Reply to: