Hello Backend Engineers,
The previous application-jetty library pose a security risk due to missing configuration on Jetty server in which the server version is sent as part of response header (e.g. Server: Jetty(8.1.17.v20150415)).
The latest version of application-jetty library had removed the security risk by adding the appropriate configuration. The response header will not contain the server version information after the fix.
Thus, you are advised to update your dependency version in your respective repositories as soon as possible. Please update to either of these latest version depending on your repository (future versions will have the fix as well):
Please test your service properly after the change to make sure there is no regression.
If you have any concerns or question, please do reach out to us.
Cheers…
P.S.: If anyone is interested to know what's actually changed, you can look at this PR: https://github.com/traveloka/bei-common-libraries/pull/219