[
https://issues.apache.org/jira/browse/HBASE-18224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16136972#comment-16136972
]
Sean Busbey commented on HBASE-18224:
-------------------------------------
yeah I'd say we need it. The version we use from March 2016 has atleast one
published CVE: http://ocert.org/advisories/ocert-2016-001.html
so at a minimum 9.3.9+. we should at least go to latest 9.3, which right now is
9.3.20.v20170531.
if we're likely sticking with whatever version for all of hbase 2, I'd much
rather push for latest which is 9.4.6.
> Upgrade jetty
> -------------
>
> Key: HBASE-18224
> URL: https://issues.apache.org/jira/browse/HBASE-18224
> Project: HBase
> Issue Type: Improvement
> Components: dependencies
> Reporter: Balazs Meszaros
> Priority: Critical
> Fix For: 2.0.0-beta-1
>
> Attachments: HBASE-18224.branch-2.001.patch
>
>
> Jetty can be updated to 9.4.6 and thrift can be updated to 0.10.0. I tried to
> update them in HBASE-17898 but some unit tests failed, so created a sub-task
> for them.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
