On 15-01-2021 15:30, Mark Prins wrote:
On 15-01-2021 12:05, Mark Prins wrote:
On 14-01-2021 18:59, Arismendi, Andy wrote:
It appears Jetty recently stopped starting (see below). Not sure if
this has been reported yet… The error appears to be:
java.lang.ClassNotFoundException: org.eclipse.jetty.xml.XmlConfiguration
Thanks,
-Andy
It was fine on a previous 2.18 snapshot version.txt -
version = 2.18-SNAPSHOT
git revision = cf16e5a6c0f14b802d6d665b1d9d3f8c1aa2ed14
git branch = origin/2.18.x
build date = 15-Dec-2020 04:11
geotools version = 24-SNAPSHOT
geotools revision = ab11cbbec4b5f20c67412c8ba11f6c6dea3b1fcd
geowebcache version = 1.18-SNAPSHOT
geowebcache revision =
4ac71fc3bc6848927c8a4531ceb37de93c04a426/4ac71
hudson build = -1
Doesn’t work with a recent snapshot version.txt -
version = 2.18-SNAPSHOT
git revision = d55bf28215089c5c69b94f17dc97aa4c44936cad
git branch = origin/2.18.x
build date = 14-Jan-2021 04:11
geotools version = 24-SNAPSHOT
geotools revision = e82df60dc5d206908f2d691bd3df4096515cbb7b
geowebcache version = 1.18-SNAPSHOT
geowebcache revision =
a4571508b2aae66c899d2d95c0ef873294f96853/a4571
hudson build = -1
In that period (on Dec 28) Jetty was updated from 9.4.18.v20190429 to
9.4.35.v20201120 because Jetty resolved some security issues
see: https://github.com/geoserver/geoserver/pull/4632
I've opened PR's to revert this update. I don't have time to spend on
fixing this at short notice and 2.18.2 release around the corner there
isn't much time.
AFAICS the gzip compression provided by jetty is turned off and
GeoServer uses it's own GZIP filter so CVE-2020-27218 does not apply
https://github.com/geoserver/geoserver/pull/4652
https://github.com/geoserver/geoserver/pull/4651
https://github.com/geoserver/geoserver/pull/4650
Mark
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
