Hadoop Common
  1. Hadoop Common
  2. HADOOP-8515

Upgrade Jetty to the current Jetty 7 release

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Hadoop Flags:
      Incompatible change
    • Tags:
      jetty-7, upgade
    • Target Version/s:

      Description

      According to http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00026.html, jetty-6 has been effectively EOL since January. Let's bump jetty to the 7 series. The current jetty 6.1.26 contains at least one known vulnerability: CVE-2011-4461.

      Note this can be an incompatible change if you reference jetty-6 packages (org.mortbay.*).

        Issue Links

          Activity

          Hide
          Steve Loughran added a comment -

          I can see the rationale for this, but I can also see that migration being somewhat traumatic.

          1. Is the migration from com.mortbay.jetty packages a simple package migrate, or are there other consequences?
          1. does the jetty 7 stack have different dependencies? It's the reason SLF4j is currently pulled in
          Show
          Steve Loughran added a comment - I can see the rationale for this, but I can also see that migration being somewhat traumatic. Is the migration from com.mortbay.jetty packages a simple package migrate, or are there other consequences? does the jetty 7 stack have different dependencies? It's the reason SLF4j is currently pulled in
          Hide
          Luke Lu added a comment -

          Is the migration from com.mortbay.jetty packages a simple package migrate, or are there other consequences?

          See: http://wiki.eclipse.org/Jetty/Starting/Porting_to_Jetty_7

          A quick find/grep reveals that there are 30 (13 test source files) source files in branch-1, 36 (17 test) in trunk, reference mortbay. Besides things in HttpServer.java, it seems to be a simple package migrate.

          does the jetty 7 stack have different dependencies? It's the reason SLF4j is currently pulled in

          http://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/7.6.4.v20120524. slf4j (which rocks btw ) is still there.

          Show
          Luke Lu added a comment - Is the migration from com.mortbay.jetty packages a simple package migrate, or are there other consequences? See: http://wiki.eclipse.org/Jetty/Starting/Porting_to_Jetty_7 A quick find/grep reveals that there are 30 (13 test source files) source files in branch-1, 36 (17 test) in trunk, reference mortbay. Besides things in HttpServer.java, it seems to be a simple package migrate. does the jetty 7 stack have different dependencies? It's the reason SLF4j is currently pulled in http://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/7.6.4.v20120524 . slf4j (which rocks btw ) is still there.
          Hide
          Matt Foley added a comment -

          moved target version to 1.2.0 upon publishing 1.1.1 RC.

          Show
          Matt Foley added a comment - moved target version to 1.2.0 upon publishing 1.1.1 RC.
          Hide
          Alexey Babutin added a comment -

          I have forgotten about src/test when made patch.I have corrected it.

          Show
          Alexey Babutin added a comment - I have forgotten about src/test when made patch.I have corrected it.
          Hide
          Matt Foley added a comment -

          Changed Target Version to 1.3.0 upon release of 1.2.0. Please change to 1.2.1 if you intend to submit a fix for branch-1.2.

          Show
          Matt Foley added a comment - Changed Target Version to 1.3.0 upon release of 1.2.0. Please change to 1.2.1 if you intend to submit a fix for branch-1.2.

            People

            • Assignee:
              Unassigned
              Reporter:
              Luke Lu
            • Votes:
              0 Vote for this issue
              Watchers:
              19 Start watching this issue

              Dates

              • Created:
                Updated:

                Development