You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Sean Owen (JIRA)" <ji...@apache.org> on 2016/04/25 20:20:12 UTC

[jira] [Commented] (SPARK-14897) Upgrade Jetty to latest version of 8/9

    [ https://issues.apache.org/jira/browse/SPARK-14897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15256724#comment-15256724 ] 

Sean Owen commented on SPARK-14897:
-----------------------------------

You're welcome to update to the latest 8.x release, at least. I assume that will be easy to do. Updating to 9.x is OK for 2.x too, though it may require more change. Take a crack at it if you like, after having a look at what's changed and looking for any changes that could be incompatible.

> Upgrade Jetty to latest version of 8/9
> --------------------------------------
>
>                 Key: SPARK-14897
>                 URL: https://issues.apache.org/jira/browse/SPARK-14897
>             Project: Spark
>          Issue Type: Improvement
>            Reporter: Adam Kramer
>              Labels: web-ui
>
> It looks like the head/master branch of Spark uses quite an old version of Jetty: 8.1.14.v20131031
> There have been some announcement of security vulnerabilities, notably in 2015 and there are versions of both 8 and 9 that address those. We recently left a web-ui port open and had the server compromised within days. Albeit, this upgrade shouldn't be the only security improvement made, the current version is clearly vulnerable, as-is.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org