Security vulnerable :CVE-2022-2047 & CVE-2022-2048

hello everyone:
I use nexus repository oss, and the version is 3.34.0-01. My company conducted a security scan last night。 A security vulnerability was found in port 8082(used by Nexus-docker-repository),is about Eclipse Jetty,the CVE number is CVE-2022-2047 and CVE-2022-2048.
I want to ask which version fixes this vulnerability at present?
Or Whether jetty components can be upgraded separately?

For anyone still interested in this, you need at least 3.45.1-01.

To the devs: why isn’t this tracked in the Security Advisories?

It’s a fair question, @ilpianista. We do continuous dependency monitoring via Lifecycle, of course and we are upgrading dependencies regularly to reduce risk (since we consider everything potentially exploitable). However, we haven’t actively updated that page in a while. We have plans to revisit the processes we’re using to share this information out, so you may see this page change form in the future.

1 Like

We have plans to revisit the processes we’re using to share this information out, so you may see this page change form in the future.

That would be great, thanks!