I thought about migrating from FHEM to openHAB, and did a test installation. I saw that jetty version 8.1.3 is currently used to serve websites. The version used is 4 years old. Is it still safe to use this version as an interface to the public internet?
Regards,
Thomas
If you are concerned you can use my.openhab which will proxy between the Internet and your OH instance.
There is currently only one CVE for jetty 8.1 and that CVE only applies to Windows.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461
Personally, I feel as safe exposing it to the Internet as apache or ngnix.
OK, that sounds good. I was looking for security advisories for jetty, but did not really find anything useful. I just found it hard to believe that they have released so many new versions in the last 4 years and none of them seem to have important security issues.