spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Owen (JIRA)" <>
Subject [jira] [Commented] (SPARK-14897) Upgrade Jetty to latest version of 8/9
Date Mon, 02 May 2016 14:55:12 GMT


Sean Owen commented on SPARK-14897:

[~bomeng] I added a PR to update to the latest 8.1 release, to get at least an additional
2.5 years of security and bug fixes. Still worth trying to update to 9.x - are you interested
in trying it?

> Upgrade Jetty to latest version of 8/9
> --------------------------------------
>                 Key: SPARK-14897
>                 URL:
>             Project: Spark
>          Issue Type: Improvement
>            Reporter: Adam Kramer
>              Labels: web-ui
> It looks like the head/master branch of Spark uses quite an old version of Jetty: 8.1.14.v20131031
> There have been some announcement of security vulnerabilities, notably in 2015 and there
are versions of both 8 and 9 that address those. We recently left a web-ui port open and had
the server compromised within days. Albeit, this upgrade shouldn't be the only security improvement
made, the current version is clearly vulnerable, as-is.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message