I'll also point out that 9.2.1 is from 2014-06-09 and 20 bugfix releases behind on just the 9.2.x development branch.
We released 9.4.3 earlier this week. :) -- jesse mcconnell jesse.mcconn...@gmail.com On Thu, Mar 23, 2017 at 12:35 PM, Conan <yk.ca...@gmail.com> wrote: > jetty version is 9.2.1 and java version is 1.8, thanks so much! > > Thanks, > Conan > > > On Thu, Mar 23, 2017 at 10:22 AM, Jesse McConnell < > jesse.mcconn...@gmail.com> wrote: > >> what version of java and jetty? >> >> -- >> jesse mcconnell >> jesse.mcconn...@gmail.com >> >> On Thu, Mar 23, 2017 at 12:20 PM, Conan <yk.ca...@gmail.com> wrote: >> >>> >>> Folks, >>> >>> We use NiFi which embeds Jetty Server. Our test team found a security >>> bug by intercepting the http request and replacing the header with a huge >>> (say 1GB) text, which sent the response to NCM, which got OOM: >>> >>> 2017-03-07 03:44:03,522 WARN [NiFi Web Server-22] >>> o.a.n.c.m.impl.HttpRequestReplicatorImpl Node request for >>> [id=99a65e79-b856-4e43-9056-1451714498fc, apiAddress=129.188.35.109, >>> apiPort=38484, socketAddress=129.188.35.109, socketPort=39494, >>> siteToSiteAddress=129.188.35.109, siteToSitePort=null] encountered >>> exception: java.util.concurrent.ExecutionException: >>> java.lang.OutOfMemoryError: Java heap space >>> >>> We tried setResponseHeaderSize here http://download.eclipse.o >>> rg/jetty/stable-9/apidocs/org/eclipse/jetty/server/HttpConfi >>> guration.html#setResponseHeaderSize-int- but it didn't seem to work: it >>> seems to us that the huge fake header got received before this limit takes >>> effect, as a result, the NCM got OOM in the first place. >>> >>> Are we missing anything, or is there a potential bug with >>> setResponseHeaderSize, please? >>> >>> >>> Thanks, >>> Conan&Sherry >>> >>> >>> _______________________________________________ >>> jetty-users mailing list >>> jetty-users@eclipse.org >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>> >> >> >> _______________________________________________ >> jetty-users mailing list >> jetty-users@eclipse.org >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
