Quick summary of the issue: on many clusters running at scale, we've seen the upgrade from Jetty 6.1.14 to 6.1.26 to cause a much higher incidence of fetch failures and other related bugs. Unfortunately downgrading back to 6.1.14 is unacceptable since it introduces security holes. The jetty folks don't have a particular timeline for their next release, so I have prepared a patched Jetty with their help. The source is available on my github and there's a binary artifact in Cloudera's maven repository as well.
The question is whether the community thinks it would be a good idea to depend on this "6.1.26.1" Jetty for 0.20-security until we have a new upstream Jetty release that addresses the issue. We plan to ship CDH with the fixed Jetty, and now have some customers moving this version to production as well. While I think it's unfortunate to have to ship a non-standard patch, I think it's the best option as an interim solution to this critical MR issue. Please comment on MAPREDUCE-2980. Thanks -Todd -- Todd Lipcon Software Engineer, Cloudera
