in the current JAR version of Metabase (0.31.1) there exist multiple vulnerabilities:
High (CVSS: 7.5)
NVT: Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability (OID: 220.127.116.11.4.1.25618.104.22.1683551)
Medium (CVSS: 5.0)
NVT: Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability (OID: 22.214.171.124.4.1.256126.96.36.1993552)
As mention the suggested solution is to upgrade it to the newest version. Could you please upgrade it during the next releases or is there a way to do it on our own without compiling the whole source code?
Furthermore is it possible to deactivate HTTP while HTTPS is used?
Thank you very much.