in the current JAR version of Metabase (0.31.1) there exist multiple vulnerabilities:
High (CVSS: 7.5)
NVT: Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability (OID: 18.104.22.168.4.1.25622.214.171.1243551)
Medium (CVSS: 5.0)
NVT: Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability (OID: 126.96.36.199.4.1.256188.8.131.523552)
As mention the suggested solution is to upgrade it to the newest version. Could you please upgrade it during the next releases or is there a way to do it on our own without compiling the whole source code?
Furthermore is it possible to deactivate HTTP while HTTPS is used?
Thank you very much.