Outdated Jetty exposes vulnerabilities

In a recent Pen test we were alerted to some Jetty defects that are exposed in our version of Meta.

We Started looking to transition from Metabase to 0.40.5 to resolve the issue but it appears that the same outdated version of Jetty (9.4.32 ) is in use in both versions of Metabase.

Request: Upgrade Eclipse Jetty on the Metabase to at least version 9.4.40.v20210413
immediately to mitigate these vulnerabilities.

Metabase is running a version of Eclipse Jetty (9.4.32.v20200930) that has known vulnerabilities, including the following:

This is how you report security issues: https://github.com/metabase/metabase/security
But since you have already publicly published this, then Jetty is being updated in 0.41:

Thanks @flamber -
apologies for the bad process. will keep this in perspective for future reports.