Update Jetty to 9.2.x version
Checked in the update for Openfire.
I'm noticing that the connenction-manager project lags behind considerably. It currently is based on Jetty 7.0.1. I'm tackling this now. In hindsight, this is more work, as other changes that were applied to Openfire need to be applied to CM as well. Lets tackle this as a separate issue.
This morning, I noticed this announcement on the Jetty-Users maillinglist:
The Jetty Project is announcing a critical security release of Jetty
This release is considered a critical security release for all
users of Jetty 9.2.3 through 9.2.8.
The full message is here: http://dev.eclipse.org/mhonarc/lists/jetty-users/msg05594.html
I am re-opening this issue, as the fix-version has not been released yet (and I feel we should prevent it from being released without addressing this vulnerability). I'll have a stab at updating the libraries later today.
I am pretty sure that Dele's request was related to (which has been fixed). I will mark this for 3.10.0 since it has been merged into the main branch.
I think Dele is asking to revert this patch because of some issues in OfMeet and plugins. But i have one more question. If this is intended for 3.10.1, then how can it be isolated in the build system, so we can test new fixes for 3.10.0 branch? Now all new builds contain everything (Jetty 9.2 an new fixes).
But it will not be in 3.10.0?