Update Jetty to 9.2.x version
Activity
Guus der Kinderen February 25, 2015 at 10:33 AMEdited
Checked in the update for Openfire.
I'm noticing that the connenction-manager project lags behind considerably. It currently is based on Jetty 7.0.1. I'm tackling this now. In hindsight, this is more work, as other changes that were applied to Openfire need to be applied to CM as well. Lets tackle this as a separate issue.
Guus der Kinderen February 25, 2015 at 8:33 AMEdited
This morning, I noticed this announcement on the Jetty-Users maillinglist:
The Jetty Project is announcing a critical security release of Jetty
Jetty 9.2.9.v20150224
This release is considered a critical security release for all
users of Jetty 9.2.3 through 9.2.8.
The full message is here: http://dev.eclipse.org/mhonarc/lists/jetty-users/msg05594.html
I am re-opening this issue, as the fix-version has not been released yet (and I feel we should prevent it from being released without addressing this vulnerability). I'll have a stab at updating the libraries later today.
Tom Evans February 19, 2015 at 9:51 PM
I am pretty sure that Dele's request was related to (which has been fixed). I will mark this for 3.10.0 since it has been merged into the main branch.
wroot February 19, 2015 at 7:32 PM
I think Dele is asking to revert this patch because of some issues in OfMeet and plugins. But i have one more question. If this is intended for 3.10.1, then how can it be isolated in the build system, so we can test new fixes for 3.10.0 branch? Now all new builds contain everything (Jetty 9.2 an new fixes).
Neustradamus February 7, 2015 at 5:05 PM
Thanks Tom
But it will not be in 3.10.0?
http://www.eclipse.org/jetty
9.2 has some API changes, so it's not a trivial task.