Jetty Upgrade: 12.x.x or latest #22939
Comments
devendrasr
added
the
type/enhancement
|
I agree that we need to migrate to Jetty 12. There's a dev mailing list thread about this, https://lists.apache.org/thread/d7dqy4w9x1dyrcdrymoypv3v3p7bncxx . I have already put a lot of time in this, but it's a lot of work to complete the migration. I have everything compiling, but there are some test failures. The WIP branch is here: https://github.com/lhotari/pulsar/pull/190/files .
We use 9.4.54.v20240208 in Pulsar. I'm not aware of medium or high severity vulnerabilities in this version. The main issue is that it isn't maintained, that's explained in the email thread, https://lists.apache.org/thread/d7dqy4w9x1dyrcdrymoypv3v3p7bncxx. |
|
Thanks for all the context. Let me go through provided information. |
|
Looks like a lot of work has already been accomplished. I will be waiting for the pull request to be merged - lhotari#190 |
It's going to take some time since there are blockers. One of them is with Bookkeeper. We will need to upgrade Jetty in Bookkeeper before Pulsar since Pulsar puts all libraries in the same classpath. Pulsar's distribution also includes Bookkeeper. Hopefully we could accomplish this before Pulsar 4.0 in October. |
|
Bookkeeper mailing list discussion: https://lists.apache.org/thread/jkgnr9tt947fzshpoojn0r8n2pnr0h3f |
|
PR to upgrade Jetty 12 in Bookkeeper: apache/bookkeeper#4447 |
The Jetty 12 upgrade is postponed. Due to the lack of support for switching to Java 17 baseline in BookKeeper, apache/bookkeeper#4447 /cc @dlg99. We'll address that later, possibly for Pulsar 4.1 . |
Search before asking
Motivation
Team,
The version of jetty being used is somewhere around 9.x.x. This one is vulnerable and getting outdated. We need to migrate closer to 12.x.x. Any plans or approach would be highly appreciated.
Solution
No response
Alternatives
No response
Anything else?
No response
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: