Does openfire has any plan to fix the CVE-2024-6763

Hi

As we just upgrade openfire to version 4.9.2, but we still have the CVE-2024-6763 which address the jetty issue. So my question is do you have any plan to address CVE-2024-6763 or 4.9.2 does not affect by this CVE issue.

Thanks,
Joe

This seems to relate to URI parsing of invalid authority · Advisory · jetty/jetty.project · GitHub which reportedly has been fixed in Jetty 12.0.12.

In Openfire 5.0.0, Jetty has been upgraded to a version that is newer than that. This should mean that this particular vulnerability has been addressed.