You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Adam Kramer (JIRA)" <ji...@apache.org> on 2016/04/25 20:15:12 UTC

[jira] [Created] (SPARK-14897) Upgrade Jetty to latest version of 8/9

Adam Kramer created SPARK-14897:
-----------------------------------

             Summary: Upgrade Jetty to latest version of 8/9
                 Key: SPARK-14897
                 URL: https://issues.apache.org/jira/browse/SPARK-14897
             Project: Spark
          Issue Type: Improvement
            Reporter: Adam Kramer


It looks like the head/master branch of Spark uses quite an old version of Jetty: 8.1.14.v20131031

There have been some announcement of security vulnerabilities, notably in 2015 and there are versions of both 8 and 9 that address those. We recently left a web-ui port open and had the server compromised within days. Albeit, this upgrade shouldn't be the only security improvement made, the current version is clearly vulnerable, as-is.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org