activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Siebert (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-4940) Update the version of Jetty used
Date Fri, 17 Oct 2014 21:29:33 GMT

    [ https://issues.apache.org/jira/browse/AMQ-4940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14175567#comment-14175567
] 

Steve Siebert commented on AMQ-4940:
------------------------------------

Awesome, good to hear. Having it not included with 5.11 isn't a concern for me...honestly,
for the government, I simply need to be able to show that we have a plan in place and we're
making progress towards fixing the vulnerability in the software itself.  Having an informal
"go ahead" is really enough.  Preventing the actual security vulnerability is easy enough
to mitigate simply by putting ActiveMQ behind a reverse proxy, which of course by laws of
irony I have to run on Jetty.  It's not perfect, but it'll be secure until it's committed
=)

Thanks! I'll move forward in working on a patch.

S



> Update the version of Jetty used
> --------------------------------
>
>                 Key: AMQ-4940
>                 URL: https://issues.apache.org/jira/browse/AMQ-4940
>             Project: ActiveMQ
>          Issue Type: Improvement
>         Environment: activemq-5.10-20131214.063224-32
>            Reporter: Lionel Cons
>
> When trying the latest 5.10 snapshot, I was surprised to see a quite old version of Jetty:
> 2013-12-16 14:41:10,665 [WrapperSimpleAppMain] INFO Server - jetty-7.6.9.v20130131
> Why is ActiveMQ using Jetty 7 instead of Jetty 8 or 9?
> In any case, could ActiveMQ use a more recent version of Jetty like 7.6.14.v20131031
(if it must stick to Jetty 7)?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message