User story #4477
closed
Upgrade version of jetty (7.6.14) in Rudder packages
Added by Jonathan CLARKE almost 11 years ago.
Updated over 10 years ago.
Category:
System integration
Description
Currently, the rudder-jetty package ships 7.2.2 (20101205) which is over 3 years old.
It would make sense to upgrade jetty to benefit from recent bug fixes. I checked and there have been no security vulnerabilities fixed in Jetty 7 since our current version.
What is the best approach? I see several:
- Upgrade to the latest patch release: that is actually jetty 7.2.2, so already the case (noop)
- Upgrade to the latest major release: 7.6.14 (20131031). The Changelog is attached.
- Upgrade the the latest release: 9.x. I have no idea what changed between 7.2.2 and 9.x, nor how easy it would be to keep the same behaviour between the 2.
I need an expert's opinion on this: François, please advise.
Files
Hi,
May I suggest another option :
- Use the jetty version provided by the distribution ;
If the jetty version provided by the distribution has all the needed feature, why provide and maintain another?
Best Regards,
Christophe Nowicki wrote:
May I suggest another option :
- Use the jetty version provided by the distribution ;
If the jetty version provided by the distribution has all the needed feature, why provide and maintain another?
I agree this should be the case for distributions where a "recent enough" version is available. However, we still need to maintain a copy of Jetty for distros that don't package it at all (ie, SLES 11...)
The upgrade to 7.6.14 seems to be a no brainer (I didn't see anything leading to problem).
The change to 9.x seems to be ok but is is clearly more profound, and they evolved parts that may impact us (at least classpath management and configuration files). So I can't assess the consequence from changelogs.
It seems to be mostly safe, but validation need to be done:
- for the way we load plugins,
- for all the configuration parameters we are using
So I would upgrade to 2.7.14 as a quick win, and have an other task to upgrade to 2.9.
- Assignee changed from François ARMAND to Jonathan CLARKE
- Category set to System integration
- Status changed from Discussion to 12
Thanks, this makes sense. I've proposed a PR to do just that.
- Status changed from 12 to Pending release
- Subject changed from Upgrade version of jetty in Rudder packages to Upgrade version of jetty (7.6.14) in Rudder packages
- Project changed from Rudder to 34
- Category deleted (
System integration)
- Project changed from 34 to Rudder
- Category set to System integration
- Status changed from Pending release to Released
Also available in: Atom
PDF
Updated by 
Updated by Jonathan CLARKE 
Updated by 
Updated by