[jira] [Commented] (TEZ-4083) Upgrade to latest 9.4.x Jetty version

Jonathan Turner Eagles (Jira) Fri, 15 Nov 2019 13:13:11 -0800


    [ 
https://issues.apache.org/jira/browse/TEZ-4083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16975407#comment-16975407
 ]


Jonathan Turner Eagles commented on TEZ-4083:
---------------------------------------------

[~abstractdog], Does it make sense to upgrade to 9.3.27.v20190418 instead. It 
also fixes the CVE, but doesn't have the API changes. And then when 3.3.0 is 
supported, we can upgrade to 9.4.x

> Upgrade to latest 9.4.x Jetty version
> -------------------------------------
>
>                 Key: TEZ-4083
>                 URL: https://issues.apache.org/jira/browse/TEZ-4083
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Daniel Velasquez
>            Assignee: László Bodor
>            Priority: Major
>         Attachments: TEZ-4083.01.patch
>
>
> Jetty 9.3.24.v20180605 has security vulnerabilities where the server is 
> vulnerable to XSS conditions.
> [https://www.cvedetails.com/cve/CVE-2019-10241/]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TEZ-4083) Upgrade to latest 9.4.x Jetty version

Reply via email to