[GHSA-q4rv-gq96-w7c5] **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request

[yeikel]

Updates

• Summary

Comments
It is unclear to me what the value of the current title is as this CVE is fixed in 9.4.57.v20241219, which technically may mean that it is "still supported"

[github]

Hi there @joakime! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[github-actions]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

[joakime]

It is unclear to me what the value of the current title is as this CVE is fixed in 9.4.57.v20241219, which technically may mean that it is "still supported"

The text **UNSUPPORTED WHEN ASSIGNED** means that the version you are using is unsupported. (This CVE specific terminology, if you see this, then you are using an unsupported version of your piece of software)
CVE's with this terminology can also have no publicly patched releases for your out of support version of that software.

All versions of Jetty prior to Jetty 12 are now at EOL (End of Life).
They should not be used anymore without a support contract.

[joakime]

Example of this terminology in use.

https://github.com/advisories?query=UNSUPPORTED+WHEN+ASSIGNED