You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@livy.apache.org by GitBox <gi...@apache.org> on 2020/08/29 08:12:49 UTC

[GitHub] [incubator-livy] andrasbeni opened a new pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

andrasbeni opened a new pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305


   
   ## What changes were proposed in this pull request?
   
   This change upgrades jetty version to a more recent version from the current one that has know security vulnerabilities.
   Two code changes were necessary with the upgrade:
   - Using SSLContextFactory.Server to allow multiple certificates in keystores
   - User management in LivyConnectionSpec
   
   ## How was this patch tested?
   
   Ran existing tests
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-livy] andrasbeni edited a comment on pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

Posted by GitBox <gi...@apache.org>.

andrasbeni edited a comment on pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305#issuecomment-683255892


   I'll create a jira if this PR gets attention


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-livy] andrasbeni commented on pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

Posted by GitBox <gi...@apache.org>.

andrasbeni commented on pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305#issuecomment-683255892


   I'll create a jira if this PR get attention


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-livy] coheigea commented on a change in pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

Posted by GitBox <gi...@apache.org>.

coheigea commented on a change in pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305#discussion_r493488862



##########
File path: pom.xml
##########
@@ -90,7 +90,7 @@
     <httpcore.version>4.4.4</httpcore.version>
     <jackson.version>2.10.1</jackson.version>
     <javax.servlet-api.version>3.1.0</javax.servlet-api.version>
-    <jetty.version>9.3.24.v20180605</jetty.version>
+    <jetty.version>9.4.31.v20200723</jetty.version>

Review comment:
       I think in this pom we should add a dependency on jetty-webapp, or otherwise we have mixed versions of Jetty 9.4.x in the dependency tree.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-livy] jbonofre closed pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

Posted by GitBox <gi...@apache.org>.

jbonofre closed pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-livy] coheigea commented on pull request #305: Bump jetty.version from 9.3.24.v20180605 to 9.4.31.v20200723

Posted by GitBox <gi...@apache.org>.

coheigea commented on pull request #305:
URL: https://github.com/apache/incubator-livy/pull/305#issuecomment-697309405


   It would be great to get this merged. @andrasbeni please see the comment here:
   
   https://github.com/apache/incubator-livy/pull/244#issuecomment-541396545
   
   " I remember there were issues with the thrifserver part due to dependencies on hive which created issues with jetty versions different to the one used earlier. Have you checked that thriftserver works in http mode too with this patch?"
   
   Is this something you can check?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org