Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-14897

Upgrade Jetty to latest version of 8/9

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: None
    • Labels:

      Description

      It looks like the head/master branch of Spark uses quite an old version of Jetty: 8.1.14.v20131031

      There have been some announcement of security vulnerabilities, notably in 2015 and there are versions of both 8 and 9 that address those. We recently left a web-ui port open and had the server compromised within days. Albeit, this upgrade shouldn't be the only security improvement made, the current version is clearly vulnerable, as-is.

        Attachments

          Activity

            People

            • Assignee:
              mengbo Bo Meng
              Reporter:
              adamjk Adam Kramer
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: