jongyoul commented on PR #4385:
URL: https://github.com/apache/zeppelin/pull/4385#issuecomment-1173033520
@zholoda Yes, correct. I saw the 9.x version will be deprecated fully. So I
would like to upgrade to the latest version of 11.x if possible. Could you
please help to do it?
--
This i
zholoda commented on PR #4385:
URL: https://github.com/apache/zeppelin/pull/4385#issuecomment-1170975331
Thank you all, this was my first contribution.
@jongyoul What latest jetty version do you think? 9.4.x, 10.x, 11.x? 9.x
version is [end of
support](https://github.com/eclipse/jetty.pr
jongyoul merged PR #4385:
URL: https://github.com/apache/zeppelin/pull/4385
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apa
Reamer commented on PR #4385:
URL: https://github.com/apache/zeppelin/pull/4385#issuecomment-1166964694
I think it is sufficient to update to a Jetty version without a known
security vulnerability. If no further comments are received, I will merge the
pull request into the master on Wednesd
jongyoul commented on PR #4385:
URL: https://github.com/apache/zeppelin/pull/4385#issuecomment-1165652468
Afaik, we already had a trial for it. I think we need to upgrade it to the
latest version but it's not that easy in my understanding. I hope you archive
it. Thank you in advance.
--
### Todos
* None
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5434
### How should this be tested?
* Locally tested, CI
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need to update? No
* Is there
EricGao888 closed pull request #4160: [ZEPPELIN-5434] Upgrade jetty to
9.4.42.v20210604
URL: https://github.com/apache/zeppelin/pull/4160
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the
EricGao888 commented on PR #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-1110030412
Not sure whether there has been a solution to this issue or not. If no more
update, I will close this PR. Thx.
--
This is an automated message from the Apache Git Service.
To respon
tecgie commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-894930590
Same here, I couldn't figure out the fix. Someone please try to upgrade the
jetty to 9.4.43.v20210629 ASAP to address the CVEs. Thanks.
--
This is an automated message from
jason-ogaard commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-894872416
> May I ask whether there's a way to make the 9.4.42.v20210604 version jetty
compatible with zeppelin? After all, the purpose for upgrading jetty is to
solve the security
We are not familiar with the embedded jetty. Last time we upgraded to the
9.4.42 version and the product just didn't start. We have no clue what was
going on. I was hoping someone from the Zeppelin community can fix it soon.
Thanks
On Monday, July 26, 2021, 10:04:38 AM EDT, Jeff Zhang
w
Do you want to help with this ticket ?
denny wong 于2021年7月26日周一 下午10:00写道:
> Hi
> Any progress on this JIRA? Is this being actively worked on?
> https://github.com/apache/zeppelin/pull/4160
>
> Thanks
> Denny
--
Best Regards
Jeff Zhang
Hi
Any progress on this JIRA? Is this being actively worked on?
https://github.com/apache/zeppelin/pull/4160
Thanks
Denny
Hi
We are trying to upgrade the jetty to 9.4.42 due to a CVE, but ran into the
same problem as this JIRA. Has anyone trying to fix it? Thanks.
[ZEPPELIN-5434] Upgrade jetty to 9.4.42.v20210604 by EricGao888 · Pull Request
#4160 · apache/zeppelin
|
|
|
| | |
|
|
|
| |
[ZEPPELIN
EricGao888 commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-875254401
> My experience is that we can safely upgrade to version 9.4.40.v20210413
(which is also considered insecure). Any version after April causes a JSP
startup error stating tha
EricGao888 edited a comment on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-874557842
> Please test manually, it seems that the server does not start. Thank you
for submitting the PR to close security gaps.
Tested again, couldn't start server. Go
EricGao888 commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-874557842
> Please test manually, it seems that the server does not start. Thank you
for submitting the PR to close security gaps.
Tested again, couldn't start server. Got warni
EricGao888 edited a comment on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-874557842
> Please test manually, it seems that the server does not start. Thank you
for submitting the PR to close security gaps.
Tested again, couldn't start server. Go
EricGao888 commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-874557842
> Please test manually, it seems that the server does not start. Thank you
for submitting the PR to close security gaps.
Tested again, couldn't start server. Got warni
jason-ogaard commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-873039122
My experience is that we can safely upgrade to version 9.4.40.v20210413
(which is also considered insecure). Any version after April causes a JSP
startup error stating tha
EricGao888 commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-872766609
> Please test manually, it seems that the server does not start. Thank you
for submitting the PR to close security gaps.
Looked fine when I tested. Anyway I will doubl
Reamer commented on pull request #4160:
URL: https://github.com/apache/zeppelin/pull/4160#issuecomment-872763950
Please test manually, it seems that the server does not start. Thank you for
submitting the PR to close security gaps.
--
This is an automated message from the Apache Git Serv
://issues.apache.org/jira/browse/ZEPPELIN-5434
### How should this be tested?
* Locally tested.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation
jason ogaard created ZEPPELIN-5434:
--
Summary: The current version of Jetty is known to have security
vulnerabilities
Key: ZEPPELIN-5434
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5434
24 matches
Mail list logo
