Visit Jetty Home Page
Release Notes
Complete Changelog for NES for Jetty
3 Patched Vulnerabilities
VEX Statements
Jetty 9.4.x
9.4.59 (NES) - 2026-03-05
Security Fixes
- Fixed improper input validation in jetty-http where malformed URIs were parsed differently than other common parsers, potentially allowing blocklist bypass in multi-component systems (CVE-2025-11143).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
9.4.58.
Full Version: 9.4.59
Jetty 10.0.x
10.0.27 (NES) - 2026-03-05
Security Fixes
- Fixed improper input validation in jetty-http where malformed URIs were parsed differently than other common parsers, potentially allowing blocklist bypass in multi-component systems (CVE-2025-11143).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
10.0.26.
Full Version: 10.0.27
Jetty 11.0.x
11.0.27 (NES) - 2026-03-05
Security Fixes
- Fixed improper input validation in jetty-http where malformed URIs were parsed differently than other common parsers, potentially allowing blocklist bypass in multi-component systems (CVE-2025-11143).
Notes
- This release originates from the open-source Eclipse Jetty by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Jetty
11.0.26.
Full Version: 11.0.27