Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KAFKA-12359: Update Jetty to 11 #10176

Closed
wants to merge 2 commits into from
Closed

KAFKA-12359: Update Jetty to 11 #10176

wants to merge 2 commits into from

Commits on Apr 20, 2021

  1. Update Java version: 8 to 11

    @dongjinleekr
    dongjinleekr committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    fbdd8e7 View commit details
    Browse the repository at this point in the history

  2. Upgrade Jetty from 9.4.x to 11.0.2 to fix CVE-2020-27218 

    1. Change Java EE dependencies for Jetty 11

  - javax.activation:activation:1.1.1 → com.sun.activation:javax.activation:1.2.0
  - javax.ws.rs:javax.ws.rs-api 2.1.1 → jakarta.ws.rs:jakarta.ws.rs-api 3.0.0.
  - javax.xml.bind:jaxb-api:2.3.0 → jakarta.xml.bind:jakarta.xml.bind-api:2.3.0
  - Change all javax.ws.rs.* imports into jakarta.ws.rs.*.

2. Upgrade jackson from 2.10.5 to 2.12.1 + Add jakarta classifier to jackson-jaxrs-json-provider for compatibility with jakarta.ws.rs-api

  - Update jackson-databind dependency: now it uses the same version with the other jackson dependencies.
  - Add '@JsonIgnoreProperties(ignoreUnknown = true)' annotation to ErrorResponse: Prevent 'com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "servlet"'.
  - Remove ScalaObjectMapper from ConsumerGroupCommand: deprecated from jackson-module-scala 2.12.1.
  - Mark Empty with @JsonSerialize, @JsonDeserialize: now serializable with Jetty 11.

3. Upgrade jersey from 2.31 to 3.0.1

4. Add additional dependencies for Jetty 11

  - javax.ws.rs:jsr311-api:1.1.1
  - jakarta.servlet:jakarta.servlet-api:5.0.0
  - org.glassfish.jersey.media:jersey-media-json-jackson:3.0.1: Required to register jackson as a MessageBodyWriter.

5. Upgrade Jetty from 9.4.x to 11.0.2

  - Exclude org.slf4j:slf4j-api:2.0.0-alpha1 dependency.
  - Fix deprecated method calls in RestClient#httpRequest, InternalRequestSignature#addToRequest
  - Update InternalRequestSignatureTest#addToRequestShouldThrowExceptionOnInvalidSignatureAlgorithm

    Since Request is an Interface from Jetty 11, mocking without when..then.. clause does not work. So it is now replaced to real instance.

  - Update SSLUtils

    From Jetty 11, SslContextFactory is separated into SslContextFactory.Server and SslContextFactory.Client subtypes; So, the return types of SSLUtils#[createServerSideSslContextFactory, createClientSideSslContextFactory] are now changed. Since SslContextFactory.Client does not have getNeedClientAuth, getWantClientAuth methods so SSLUtilsTest is also updated accordingly.

  - Increase JsonRestServer#GRACEFUL_SHUTDOWN_TIMEOUT_MS from 100 to 3000

    Jetty 11 requires more time to tear down their resources than Jetty 9.4.x; without this modification, TimeoutException is thrown during shutdown in AgentTest, CoordinatorTest.
    @dongjinleekr
    dongjinleekr committed Apr 20, 2021
    Configuration menu
    Copy the full SHA
    3710267 View commit details
    Browse the repository at this point in the history