För kännedom till er som kör Shibboleth IdP på Windows.

Inget akut att uppdatera mer om ni vill ha en lite fräshare jetty :-)

// Björn M.

Begin forwarded message:

From: "Cantor, Scott via announce" <announce@shibboleth.net>
Subject: Jetty for Windows installer updated to 12.0.20
Date: 12 May 2025 at 16:35:23 CEST
To: "announce@shibboleth.net" <announce@shibboleth.net>
Cc: "Cantor, Scott" <cantor.2@osu.edu>
Reply-To: users@shibboleth.net

There was a DoS vulnerability [1] in Jetty when HTTP/2 is enabled, which isn't really something we support in our packaging for Windows, but out of caution we have refreshed it to 12.0.20 as it was fairly stale anyway. [2]

Monitoring that download point is the main way to keep track but as always, running (and patching) your own container is strongly advised.

-- Scott

[1] https://www.eclipse.org/lists/jetty-announce/msg00198.html
[2] https://shibboleth.net/downloads/identity-provider/jetty-windows/

--
To unsubscribe from this list send an email to announce-unsubscribe@shibboleth.net