User story #4477
closed
Upgrade version of jetty (7.6.14) in Rudder packages
Description
Currently, the rudder-jetty package ships 7.2.2 (20101205) which is over 3 years old.
It would make sense to upgrade jetty to benefit from recent bug fixes. I checked and there have been no security vulnerabilities fixed in Jetty 7 since our current version.
What is the best approach? I see several:- Upgrade to the latest patch release: that is actually jetty 7.2.2, so already the case (noop)
- Upgrade to the latest major release: 7.6.14 (20131031). The Changelog is attached.
- Upgrade the the latest release: 9.x. I have no idea what changed between 7.2.2 and 9.x, nor how easy it would be to keep the same behaviour between the 2.
I need an expert's opinion on this: François, please advise.
Files
Updated by Christophe Nowicki over 10 years ago
Hi,
May I suggest another option :
- Use the jetty version provided by the distribution ;
If the jetty version provided by the distribution has all the needed feature, why provide and maintain another?
Best Regards,
Updated by Jonathan CLARKE over 10 years ago
Christophe Nowicki wrote:
May I suggest another option :
- Use the jetty version provided by the distribution ;
If the jetty version provided by the distribution has all the needed feature, why provide and maintain another?
I agree this should be the case for distributions where a "recent enough" version is available. However, we still need to maintain a copy of Jetty for distros that don't package it at all (ie, SLES 11...)
Updated by François ARMAND over 10 years ago
The upgrade to 7.6.14 seems to be a no brainer (I didn't see anything leading to problem).
The change to 9.x seems to be ok but is is clearly more profound, and they evolved parts that may impact us (at least classpath management and configuration files). So I can't assess the consequence from changelogs.
It seems to be mostly safe, but validation need to be done:
- for the way we load plugins,
- for all the configuration parameters we are using
So I would upgrade to 2.7.14 as a quick win, and have an other task to upgrade to 2.9.
Updated by François ARMAND over 10 years ago
- Assignee changed from François ARMAND to Jonathan CLARKE
Updated by Jonathan CLARKE over 10 years ago
- Category set to System integration
- Status changed from Discussion to 12
Thanks, this makes sense. I've proposed a PR to do just that.
Updated by François ARMAND over 10 years ago
- Status changed from 12 to Pending release
Updated by Vincent MEMBRÉ over 10 years ago
- Subject changed from Upgrade version of jetty in Rudder packages to Upgrade version of jetty (7.6.14) in Rudder packages
Updated by Vincent MEMBRÉ over 10 years ago
- Project changed from Rudder to 34
- Category deleted (
System integration)
Updated by Vincent MEMBRÉ over 10 years ago
- Project changed from 34 to Rudder
- Category set to System integration
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.0~beta1, which was released today.
Check out:
The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-March/000084.html
The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog210
Download information: https://www.rudder-project.org/site/get-rudder/downloads/