I am trying to get approval to run CF11 in production environment, and scans keep flagging a Jetty vulnerability -- CVE-2011-4461 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461). It says the solution is to "upgrade Jetty to version 8.1.0.RC2 or newer."
Can I just upgrade Jetty and keep everything together ColdFusion? It doesn't seem like that would work or, I assume, Adobe would distribute a newer version of Jetty to begin with.
I am not using remote start/stop but am using Solr ... so, I don't think disabling Jetty altogether is an option.
Has anyone else run into this? Would you be willing to share your insight? Thank you.
Matt