Re: [jetty-dev] Further releases of Jetty 6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Further releases of Jetty 6?

From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Date: Tue, 29 Oct 2013 15:26:55 -0700
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Jetty 6 was discontinued back on November 2010.

There will be no further releases of Jetty 6, or bug fixes.

Just to put this in perspective...

* There have now been 129 releases of Jetty since 6.1.26.

* There have been 3 major versions of Jetty since 6.1.26 - 7.x, 8.x, and 9.x

* There have been 2 major servlet-api versions since Jetty 6.1.26 (Servlet API 3.0 and 3.1)

If you are still using Jetty 6 ...

* Do not use SSL, there have been countless CVE fixes both on Java and Jetty to address them.

* Do not use any version of Java before 1.7.0 update 25. (again, various vulnerabilities, see Oracle release notes for details)

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com - intalio.com/jetty

Expert advice, services and support from from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Tue, Oct 29, 2013 at 3:05 PM, Jan Morlock <jan.morlock@xxxxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

we are using Jetty 6.1.24-6 on Debian 6.0 (Squeeze). At the same time
we offen have pretty long GET-requests. Strictly speaking, the length
of those requests often exceed 1024 bytes. Inside the request.log, we
observe for those the following erroneous behaviour: the requests are
cut down to a length of 1024 bytes and the subsequent line breaks are
missing. The request logs therefore result into a total mess.

Now, the reason for this behaviour lies with
org.mortbay.jetty.NCSARequestLog. The maximum length of 1024
characters is hardcoded inside this class and its log function
overwrites the __LINE_SEPARATOR for very long requests.

I know that the latter is fixed inside later releases. However for our
purposes it would be good to have a Jetty 6 version where the line
breaks are correct and the maximum length can be steered using a
parameter.

To cut a long story short, do you plan further releases of Jetty 6?
Would you appreciate having a parameter for the maximum request
length? Is the length of 1024 bytes part of the ncsa standard (I
haven't found there anything)?

Thank you very much in advance
Best regards
Jan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJwMSUACgkQoRaySNaxB6ThOACdHVBobe2NI5+l1yrpxNwl7LHL
dMAAnjlmzLKp9cGIhyuHWHqtOX/jEhaL
=rWHv
-----END PGP SIGNATURE-----
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev

References:
- [jetty-dev] Further releases of Jetty 6?
  - From: Jan Morlock

Prev by Date: [jetty-dev] Further releases of Jetty 6?
Next by Date: Re: [jetty-dev] Jetty 9 Continuation - getObject and setObject methods missing
Previous by thread: [jetty-dev] Further releases of Jetty 6?
Next by thread: [jetty-dev] Jetty 9, SunPKCS11, NSS: KeyStorePath blank=no cipher suites in common
Index(es):
- Date
- Thread

Breadcrumbs