Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jetty Releases 9.4.57 #12630

Open
13 of 40 tasks
olamy opened this issue Dec 11, 2024 · 6 comments
Open
13 of 40 tasks

Jetty Releases 9.4.57 #12630

olamy opened this issue Dec 11, 2024 · 6 comments
Assignees
Labels

Comments

@olamy
Copy link
Member

olamy commented Dec 11, 2024

Jetty Versions:
This release process will produce releases: 9.4.57

Target Date:
Unspecified. Branch 9.4.x is now at End of Open Source/Community Support.

Tasks:

  • Create the release(s) issue.
  • Update the target Jetty version(s) in the issue.
  • Link this issue to the target GitHub Project(s).
  • Assign this issue to a "release manager".
  • Review draft security advisories. Ensure that issues are created and assigned to GitHub Projects to capture any advisories that will be announced.
  • Update GitHub Project(s)
    • Create new project for the next releases (not this release).
    • Ensure new project is public (not private)
    • Freeze the target GitHub Project(s) by editing their names to "Jetty X.Y.Z FROZEN"
    • Review the issues/PRs assigned to the target GitHub Project(s). Any tasks that are not-yet-started are moved to next releases.
  • Review dependabot status. Manually run dependabot if needed and review resulting PRs for inclusion.
    Such updates should only be included in the week before a release if there is a compelling security or stability reason to do so.
  • Wait 24 hours from last change to the issues/PRs included in FROZEN GitHub Project(s).
  • Verify target project(s) are complete.
  • Assign issue to "build manager", who will stage the releases.
  • Assign issue to "test manager", who will oversee the testing of the staged releases.
  • Collect release votes from committers.
  • Promote staged releases.
  • Merge release branches back to main branches and delete release branches.
  • Verify release existence in Maven Central by triggering the Jenkins builds of CometD.
  • Update Jetty versions on the website ( follow instructions in jetty-website ).
    • Update (or check) Download page is updated.
    • Update (or check) documentation page(s) are updated (if applicable for supported versions of Jetty).
  • Publish GitHub Releases.
  • Publish any security advisories.
    • Edit VERSION.txt to include any actual CVE number next to correspondent issue.
    • Edit any issues for CVEs in github with their CVE number
  • Notify downstream maintainers.
    • Docker maintainer.
@olamy olamy added the Build label Dec 11, 2024
@olamy olamy self-assigned this Dec 11, 2024
@JackieTien97
Copy link

Hi, I'm a PMC member of Apache IoTDB in which we have a dependency on jetty 9.4.56.
However, there still exists a CVE in that version which seems to be resolved in v9.4.57.
So, I’d like to ask about the progress of the 9.4.57 release. When can it be available for dependency in the Maven repository?

@olamy
Copy link
Member Author

olamy commented Dec 17, 2024

@JackieTien97, this has been delayed. You should better understand that 9.x versions have been EoCS (End of Community Support) #7958 for more than two years now.
In your interest, it would be better to upgrade to 12 (with ee8 support if you cannot upgrade to a more recent servlet API)

@JackieTien97
Copy link

ok... thx

@tarunkalra7
Copy link

@olamy Could you please update the targeted date for this?

@joakime joakime moved this to 🏗 In progress in Jetty 9.4.57 (FROZEN) Dec 19, 2024
@joakime
Copy link
Contributor

joakime commented Dec 19, 2024

@tarunkalra7 the target date is unspecified for any open source release of 9.4.x

@joakime
Copy link
Contributor

joakime commented Dec 19, 2024

@tarunkalra7 you should be using a supported version of Jetty at this point in time.
Jetty 12 is that version.

Note: if you need to stick with javax.servlet and cannot upgrade to jakarta.servlet yet, then use the ee8 environment on Jetty 12, as that still supports the older javax.servlet namespace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: 🏗 In progress
Development

No branches or pull requests

4 participants