hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18224) Upgrade jetty
Date Tue, 22 Aug 2017 15:48:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16136972#comment-16136972
] 

Sean Busbey commented on HBASE-18224:
-------------------------------------

yeah I'd say we need it. The version we use from March 2016 has atleast one published CVE:
http://ocert.org/advisories/ocert-2016-001.html

so at a minimum 9.3.9+. we should at least go to latest 9.3, which right now is 9.3.20.v20170531.

if we're likely sticking with whatever version for all of hbase 2, I'd much rather push for
latest which is 9.4.6.

> Upgrade jetty
> -------------
>
>                 Key: HBASE-18224
>                 URL: https://issues.apache.org/jira/browse/HBASE-18224
>             Project: HBase
>          Issue Type: Improvement
>          Components: dependencies
>            Reporter: Balazs Meszaros
>            Priority: Critical
>             Fix For: 2.0.0-beta-1
>
>         Attachments: HBASE-18224.branch-2.001.patch
>
>
> Jetty can be updated to 9.4.6 and thrift can be updated to 0.10.0. I tried to update
them in HBASE-17898 but some unit tests failed, so created a sub-task for them.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message