seems that moving to the latest jetty release that provides a fix ( 10.0.17 ) is ok. I'll merge it today. 
I've no other records of potentially affected deps on JBossTools.
Thanks for pointing this out early.

Le lun. 16 oct. 2023 à 11:48, Stephane Bouchet <sbouchet@redhat.com> a écrit :
A quick search shows that jetty is impacted, and produced several new versions last week. 
As the Target Platform is targeting 2023-09, I can check if we can update to it.



Le lun. 16 oct. 2023 à 08:53, Aurélien Pupier <apupier@redhat.com> a écrit :
Hello,

Has the Target Platform been checked to not contain dependencies affected by CVE-2023-44487 (HTTP/2 Rapid Reset) ?
Do we want to check for it even if we are community only with very limited resources given that it seems to be a Major vulnerability?

On Mon, Oct 16, 2023 at 8:00 AM Stephane Bouchet <sbouchet@redhat.com> wrote:
Hello,

It's a reminder that JBossTools 4.29.0.Final release is on the way.

The TP will be frozen tomorrow Tuesday EOD UTC [1] and all source repositories will be frozen Wednesday EOD UTC.

If you have pending PRs, please check them and make sure they are merged before the code freeze.

Thank you,

Regards,

[1] see https://issues.redhat.com/browse/JBIDE-29058

--

Stéphane Bouchet

Senior Software Engineer, R&D

Remote France

Red Hat

_______________________________________________
jbosstools-dev mailing list -- jbosstools-dev@lists.jboss.org
To unsubscribe send an email to jbosstools-dev-leave@lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives: https://lists.jboss.org/archives/list/jbosstools-dev@lists.jboss.org/message/7PBMWD2JL2VETRKZGTLXXQ6VC75NNZG2/


--

Stéphane Bouchet

Senior Software Engineer, R&D

Remote France

Red Hat



--

Stéphane Bouchet

Senior Software Engineer, R&D

Remote France

Red Hat