Wednesday, April 10, 2019

Security Vulnerability Detected in GWT Library

GWT 2.8.2:


##### Description
Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker tool

Below are the details -
1. Gwt-dev.jar - 
               1.1 Vulnerable version of jetty library(current version-- 9.2.14, available ) 
               1.2 Vulnerable version of commons-collections(current version - 3.2.1)
               1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1)

2. Gwt-servlet.jar             
               1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0)

##### Steps to reproduce
Refer instruction from following web site.

Is community going to update 3rd party library used by GWT to remove these Vulnerability ?

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment