[jira] [Assigned] (SPARK-14897) Upgrade Jetty to latest version of 8/9

Apache Spark (JIRA) Mon, 02 May 2016 11:36:09 -0700

     [ 
https://issues.apache.org/jira/browse/SPARK-14897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Apache Spark reassigned SPARK-14897:
------------------------------------

    Assignee: Apache Spark

> Upgrade Jetty to latest version of 8/9
> --------------------------------------
>
>                 Key: SPARK-14897
>                 URL: https://issues.apache.org/jira/browse/SPARK-14897
>             Project: Spark
>          Issue Type: Improvement
>            Reporter: Adam Kramer
>            Assignee: Apache Spark
>              Labels: web-ui
>
> It looks like the head/master branch of Spark uses quite an old version of 
> Jetty: 8.1.14.v20131031
> There have been some announcement of security vulnerabilities, notably in 
> 2015 and there are versions of both 8 and 9 that address those. We recently 
> left a web-ui port open and had the server compromised within days. Albeit, 
> this upgrade shouldn't be the only security improvement made, the current 
> version is clearly vulnerable, as-is.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Assigned] (SPARK-14897) Upgrade Jetty to latest version of 8/9

Reply via email to