You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ignite.apache.org by Ilya Korol <ll...@gmail.com> on 2021/11/03 07:50:01 UTC

RE: CVE-2021-2816[3,4,5] vulnerabilities and Ignite 2.8.1

I guess so. If vulnerability present in particular JAR by excluding this 
JAR from classpath, CVE should not affect you environment.


On 2021/10/27 12:58:12 Dana Milan wrote:
 > Hi,
 > .
 > Can anyone provide a clarification of how jetty is being used by Ignite
 > 2.8.1 and whether there is another way to avoid its vulnerabilities when
 > using Ignite besides upgrading to a newer Ignite version?
 > To be more specific, if I don't enable REST API (by not moving
 > ignite-rest-http from libs/optional to libs directory), will it eliminate
 > these vulnerabilities from my Ignite node?
 >
 > Thanks a lot,
 > Dana
 >