[jira] [Created] (HBASE-29542) Migrate from Jetty 9 to Jetty 12 - Phase 2

Thu, 21 Aug 2025 03:15:07 -0700 

Nihal Jain created HBASE-29542:
----------------------------------

             Summary: Migrate from Jetty 9 to Jetty 12 - Phase 2
                 Key: HBASE-29542
                 URL: https://issues.apache.org/jira/browse/HBASE-29542
             Project: HBase
          Issue Type: Umbrella
          Components: dependencies, REST, security, Thrift, UI
            Reporter: Nihal Jain


This umbrella JIRA is to track all the tasks needed to move hbase from jetty 9 
to jetty 12. Please refer mail list discussion at 
[https://lists.apache.org/thread/bkrfm705kqd3bqzyvo7jv46t6p64x2n5]

*Why do we want this?*
Apache HBase relies on Jetty 9 for its web interface, thrift and rest servers. 
Jetty 9 has EOL'd along with security support on 19th Feb 2025. Refer 
[https://endoflife.date/eclipse-jetty] and might become a high risk if we stop 
getting further security updates.

*Possible Solutions*
 # Jump to Jetty 12 with EE8 support
 # Jump directly to Jetty 12 with jakarta namespace
 # Or a combination of above two strategies with incremental change

*Proposed Migration Strategy*
At high level, we propose to move as per 3rd strategy in below 2 phases.
 * Phase 1:
 ## Add module for Jetty 12 with EE8 to hbase-thirdparty
 ## Next consume this version of hbase-thirdparty, move to jetty 12 with EE8 
and bump java servlet to 4.0.1
 ## Test and verify everything is working as expected.
 * Phase 2:
 ## Add Jetty 12 with EE9 to hbase-thirdparty and jersey 3. And may be some 
other artifacts (not sure at this point)
 ## Next consume this version of hbase-thirdparty, move to jetty 12 with EE9, 
bump jakarta servlet to 5.x / 6.x, tomcat to 10.x / 11.x and migrate all the 
dependencies and code to jakarta namespace
 *** Blockers?? Hadoop AuthenticationFilter dependent and related code need to 
be either shaded to move from javax to jakarta, or we would need to wait for 
hadoop for move to jakarta. (In my rough analysis, I have identified this till 
now, when we attempt it might be more stuff)
 ## Test and verify everything is working as expected.

The focus of the umbrella is to fix in master and branch-3 for now.

NOTE: If we are to take this into branch-2:
 * We could cherry-pick, phase 1 solution as the fix to branch-2 as it 
seemingly does not change code/compat much.
 * Also we would first need bumping the minimum Java requirement (a blocker) as 
jetty 12 requires minimum JDK17.

CC: [~stoty], [~zhangduo], [~apurtell], [~weichiu]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to