Skip to content

Commit

Permalink
Update SECURITY.md with Jetty 9.x EOL information
Browse files Browse the repository at this point in the history
  • Loading branch information
sbernard31 committed Nov 5, 2024
1 parent 40038da commit 096e594
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ For more details, please look at :
Only Leshan library is concerned. The demos are not covered.

| Version | Supported |
| ------- | ------------------ | --- |
| 2.x | :heavy_check_mark: | |
| ------- | ------------------ |
| 2.x | :heavy_check_mark: |
| 1.x | :heavy_check_mark: |

Note: ℹ️ **1.x** version depends on californium 2.x version where support is not clear.
Expand All @@ -29,10 +29,11 @@ See : https://github.com/eclipse/californium/security/policy

As said previously **Leshan demos are not covered by Security Policy**.

It is strongly discouraged to use Leshan demos v1.x on public server because they are using no longer maintained javascript library like :
It is strongly discouraged to use Leshan demos v1.x on public server because they are using no longer maintained javascript/java library like :

- **bootstrap.js** (pkg:javascript/bootstrap@3.4.1) : Bootstrap before 4.0.0 is end-of-life and no longer maintained.
- **jquery-2.2.4.js** (pkg:javascript/jquery@2.2.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
- [**Jetty 9.x**](https://github.com/jetty/jetty.project/issues/7958) : Jetty 9.4 reach End-of-Life and no longer receiving security updates at January 2025.

Concerning Leshan demos v2.x, some minimal efforts are made to update dependencies when vulnerabilities are detected but keep in mind that demos are not production ready tools.

Expand Down

0 comments on commit 096e594

Please sign in to comment.