RE: Re: Zookeeper with latest jetty version

Chris T. Wed, 04 Jun 2025 03:41:52 -0700

Not updating Jetty will cause issues for companies with strictvulnerability scanning and remediation policies. ("fix it or stop using it" )


Maybe it's time for a Java17 Zookeeper branch.



On 4 June 2025 12:25:51 Andrew A <[email protected]> wrote:

Jetty 9-11 stopped getting security updates in January. But, 12 requires a
minimum Java version of 17.

See:
https://github.com/jetty/jetty.project/issues/7958
https://github.com/jetty/jetty.project/issues/10485



On 2025/06/03 20:53:43 Matthias Sohn wrote:

On Tue, Jun 3, 2025 at 6:53 PM Yvette Sermons

<[email protected]> wrote:

Hello

Can Zookeeper 3.9.3 be upgraded to use the latest jetty version:

9.4.57.v20241219<

https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.4.57.v20241219

https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server/9.4.57.v20241219

There  is a vulnerability in 9.4.56 version.

AFAICS all Jetty versions < 12 are EOL. See

https://jetty.org/download.html

Thanks

Yvette Sermons | Senior Development Manager

ORACLE Construction and Engineering

610.766.3735

RE: Re: Zookeeper with latest jetty version

Reply via email to