hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Busbey <bus...@apache.org>
Subject Re: Hbase 1.2.5 and Jetty 6
Date Wed, 13 Mar 2019 18:00:19 GMT
unfortunately no, not currently.

presuming you do not wish to maintain a forked release line of hbase,
getting this done would require

1) figuring out precisely how our downstream users would be impacted
by updating to jetty 9. I presume Jetty 6 -> Jetty 9 is not backwards
compatible, so how often is the use of jetty 6 exposed to those
running HBase?

2) Start a DISCUSS thread about the trade off between the above impact
in 1 vs the risk of running the version of jetty we're running now

3) Iff the DISCUSS thread has consensus, do the work to update to
jetty 9 for some future minor release of HBase 1


There is some precedent for us forcing incompatible changes on
downstream in a minor release of HBase. The big one is Hadoop, where
we gave up on keeping compat with older Hadoop release lines because
that project stopped issuing updates.

On Wed, Mar 13, 2019 at 12:33 PM rajiv.narula@gmail.com
<rajiv.narula@gmail.com> wrote:
>
> Hi all,
> I am using hbase 1.2.5 - which depends on Jetty 6
>
> Given the vulnerabilities around Jetty 6, I want to move to a higher version of Jetty
without taking too large a leap for hbase.
> I can see hbase 2.x uses Jetty 9- which is great. But I would rather not move to hbase
2.x - yet.
> Is there a hbase 1.x version available which uses a higher version of jetty ?
>
> Thanks,

Mime
View raw message