You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Adam Kramer (JIRA)" <ji...@apache.org> on 2016/04/25 20:15:12 UTC
[jira] [Created] (SPARK-14897) Upgrade Jetty to latest version of
8/9
Adam Kramer created SPARK-14897:
-----------------------------------
Summary: Upgrade Jetty to latest version of 8/9
Key: SPARK-14897
URL: https://issues.apache.org/jira/browse/SPARK-14897
Project: Spark
Issue Type: Improvement
Reporter: Adam Kramer
It looks like the head/master branch of Spark uses quite an old version of Jetty: 8.1.14.v20131031
There have been some announcement of security vulnerabilities, notably in 2015 and there are versions of both 8 and 9 that address those. We recently left a web-ui port open and had the server compromised within days. Albeit, this upgrade shouldn't be the only security improvement made, the current version is clearly vulnerable, as-is.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org