unfortunately no, not currently. presuming you do not wish to maintain a forked release line of hbase, getting this done would require
1) figuring out precisely how our downstream users would be impacted by updating to jetty 9. I presume Jetty 6 -> Jetty 9 is not backwards compatible, so how often is the use of jetty 6 exposed to those running HBase? 2) Start a DISCUSS thread about the trade off between the above impact in 1 vs the risk of running the version of jetty we're running now 3) Iff the DISCUSS thread has consensus, do the work to update to jetty 9 for some future minor release of HBase 1 There is some precedent for us forcing incompatible changes on downstream in a minor release of HBase. The big one is Hadoop, where we gave up on keeping compat with older Hadoop release lines because that project stopped issuing updates. On Wed, Mar 13, 2019 at 12:33 PM [email protected] <[email protected]> wrote: > > Hi all, > I am using hbase 1.2.5 - which depends on Jetty 6 > > Given the vulnerabilities around Jetty 6, I want to move to a higher version > of Jetty without taking too large a leap for hbase. > I can see hbase 2.x uses Jetty 9- which is great. But I would rather not move > to hbase 2.x - yet. > Is there a hbase 1.x version available which uses a higher version of jetty ? > > Thanks,
