lhotari opened a new pull request, #25100: URL: https://github.com/apache/pulsar/pull/25100
Fixes #22939 ### Motivation Jetty 9.x currently used by Pulsar is not maintained anymore. The end of community support was in 6/2022 and end of life in 1/2025: https://github.com/jetty/jetty.project/issues/7958 Jetty 9.4.58.v20250814 contains CVE-2024-6763 and there aren't plans to address it in Jetty 9 since it's end-of-life. ### Modifications - Upgrade to Jetty 12.1.5 using EE8 (javax.servlet namespace) APIs - Add Zookeeper and BookKeeper Prometheus metrics providers where Jetty 9 usage has been changed to use Jetty 12.1.x/ee8. These modules have been added under `jetty-upgrade` directory. ### Additional information There's some remaining use of Jetty 9 in the project. - pulsar-io/alluxio - tiered-storage/file-system test scope - Zookeeper Admin server (disabled for now) The Zookeeper Admin server cannot be used with Jetty 12 in the classpath. Since Pulsar distribution has a flat classpath, it's not possible to have Jetty 9 available for Zookeeper. This is why the admin server of Zookeeper is disabled (`admin.enableServer=false`). In Zookeeper there's issue https://issues.apache.org/jira/browse/ZOOKEEPER-4931 to track Jetty upgrade. ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc` <!-- Your PR contains doc changes. --> - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later --> - [x] `doc-not-needed` <!-- Your PR changes do not impact docs --> - [ ] `doc-complete` <!-- Docs have been already added --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
