Jetty SslConnection does not release pooled ByteBuffers in case of errors

Impact SslConnection does not release ByteBuffers in case of error code paths. For example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the ByteBuffers used to process the TLS handshake will be leaked. Workarounds...

GHSA-J6QJ-J888-VVGQ Directory exposure in jetty

Impact If the $jetty.base directory or the $jetty.base/webapps directory is a symlink soft link in Linux, the contents of the $jetty.base/webapps directory may be deployed as a static web application, exposing the content of the directory for download. For example, the problem manifests in the...