Jetty Project and TCK

The Jetty project has a long history of participating in the standardization of EExx (previously JEE) specifications such as Servlet and Websocket. Jakarta renaming After the donation of TCK source code by Oracle to Eclipse Foundation, the EE group has decided to change the historical Java package names from javax.servlet Read more…

Indexing/Listing Vulnerability in Jetty

If you are using DefaultServlet or ResourceHandler with indexing/listing, then you are vulnerable to a variant of XSS behaviors surrounding the use of injected HTML element attributes on the parent directory link. We recommend disabling indexing/listing or upgrading to a non-vulnerable version. To disable indexing/listing: If using the DefaultServlet (provided Read more…