Some background information. Yes as mentioned previously Jetty and Tomcat are somewhat related - having a similar function as web application container. Remedy mid tier being the web application.
Jetty is designed as a lightweight web container and it also has the advantage that it includes a web server. So for application developers it is convenient to install - they just bundle Jetty with their application and you install full web server, web container (and of course software providers application) in one go. It is possible that BMC may be considering using Jetty instead of Tomcat. But if they have already selected Tomcat, then due to backward compatibility issues, it would be a fairly big step to ditch Tomcat and move to Jetty. ----- Original Message ----- From: Longwing, Lj Newsgroups: public.remedy.arsystem.general To: [email protected] Sent: Thursday, July 11, 2013 7:22 PM Subject: Re: The role Jetty plays ** Open an issue with BMC on this and they may be willing to either update their references, or provide you with directions to do so :) On Thu, Jul 11, 2013 at 12:19 PM, Differ, Alfred W CTR PHD NSWC, 210 <[email protected]> wrote: Ah. Found it. Apparently there are external library references within the diserver, data import tool, and Developer Studio that reference Jetty jar files. This is bad news for me. I can't run ARS 8.1 with a compliance issue that old. My security people would have my head. Ah well... this is probably what I get for looking at the cutting edge version. 8) -al -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Joe D'Souza Sent: Wednesday, July 10, 2013 5:23 PM To: [email protected] Subject: Re: The role Jetty plays Neither have I seen or known ARS to be bundled with Jetty. It has got there some other way but not the AR System installer. Cheers Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Dale Jones Sent: Wednesday, July 10, 2013 3:11 PM To: [email protected] Subject: Re: The role Jetty plays High Level - Jetty and Tomcat are comparable applications. (Jetty and Tomcat are often cast as direct competitors.) I have never seen ARS Install Jetty or even attached to Jetty. Most likely related to someone else doing installs or testing on your server. I would recommend ARS to use Tomcat and have Jetty uninstalled. Check directory and see when Jetty was installed, most likely not same date as ARS. Take Care Dale Jones DCS Raleigh, NC 919-523-6034 ________________________________________ From: Action Request System discussion list(ARSList) [[email protected]] on behalf of Differ, Alfred W CTR PHD NSWC, 210 [[email protected]] Sent: Wednesday, July 10, 2013 2:47 PM To: [email protected] Subject: The role Jetty plays Hi all, I'm learning to install the 8.1 ITSM product line on a windows 2008 R2 environment for development uses. I typically get the IIS webserver and Tomcat (7) running independently and then do the Remedy installation steps. I had some issues with the preconfigured suite installer that I won't bother going into in detail, and decided to install the ARS platform and do things the old fashioned way while I learned. What has happened is I have the 8.1 ARS platform installed and it starts ok, but my security guys are reporting security risks against what I've done and I'm trying to learn from it. They are seeing an old version of Jetty that has a known hash collision vulnerability and advising I update it. Since I never saw anything mentioning Jetty during the install, my first task to find out which installer did what. So my questions are as follows: On the application tier, what role does Jetty play if any? What tools make use of this feature? (I might be able to skip installing some parts for now while I learn.) It is possible this has nothing to do with the Remedy installation since my sys admins also do things on the server without 'fully' understanding the implications. I might be barking up the wrong tree. If anyone has any ideas on what the security finding might suggest, though, I'd appreciate it. (CVE-2011-4461) -al ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
