Opened 14 months ago

Last modified 6 weeks ago

#2098 open defect

Jetty 9.3/9.4

Reported by: zzz Owned by:
Priority: minor Milestone: eventually
Component: apps/jetty Version: 0.9.32
Keywords: Cc: villain, mhatta
Parent Tickets:

Description

Placeholder/tracker ticket

Quote gregw https://github.com/eclipse/jetty.project/issues/1925
"9.2.22 is an old release that is past end-of-life. I assume you are using it because you are using java7, which is also end-of-life"

lol. Can't even think about 9.3/9.4 until it appears in Debian. They've already shifted focus to Jetty 10, requiring Java 9. lol again. We just moved to 9.2 in 0.9.30 2017-05.

Target late 2018 / early 2019, maybe.

Subtickets (add)

Change History (6)

comment:1 Changed 11 months ago by zzz

  • Status changed from new to open

EOL declared 2018-03-08 https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00116.html
although it says "Major security issues will still be addressed".

A day after 9.2.23 release https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00115.html
At first glance, none of the fixed items looks important.

Still no sign of 9.3/9.4 in Debian.
9.3 requires Java 8; 9.4 requires Java 9.

Continues to be low priority and problematic unless something major goes unfixed in 9.2.x. Late 2018 is unlikely.

comment:2 Changed 4 months ago by zzz

first 9.4.x problem (reported with 9.4.11)
HostCheckHandler? extends GzipHandler?
ERROR [uter Console] outer.startup.RouterAppManager?: Client net.i2p.router.web.RouterConsoleRunner?@3d8e9f8b failed to start
java.lang.NoClassDefFoundError?: org/eclipse/jetty/servlets/gzip/GzipHandler

late 2019 a more realistic target

comment:4 Changed 6 weeks ago by zzz

Sid updated to 9.4, here's the ticket, with a patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916177

Will see how much of this we can put in now that's compatible with both 9.2 and 9.4, but the GzipHandler? class moving definitely isn't, as noted in comments above.

comment:5 Changed 6 weeks ago by zzz

  • Cc mhatta added

I've reviewed the patch and it looks reasonable. I won't have any time to test it before January, but perhaps mhatta and villain can do that.

The changes mainly affect:
1) Console password handling. To test, set a console password on /configui
2) Jetty xml configuration file parsing. To test, go to the SSL wizard on an i2ptunnel eepsite edit page.
See if anything breaks, and check the logs for anything unusual.

For the near-term, the best approach is to maintain this as a Debian patch. I don't plan to migrate to 9.4 for a long time because it would require us to bump our minimum java requirement to Java 9, which I don't think we want to do until probably 2020 at the earliest. Perhaps we'll go to Java 8 in 2019.

comment:6 Changed 6 weeks ago by mhatta

I uploaded 0.9.37-3 to Debian sid. It contains the following patch:

https://salsa.debian.org/debian/i2p/blob/debian/0.9.37-3/debian/patches/0002-jetty-compatibility.patch

Console password handling seems to work. I'm not sure what "SSL wizard" means. Let's see what happens.

Note: See TracTickets for help on using tickets.