[
https://issues.apache.org/jira/browse/HBASE-29224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009883#comment-18009883
]
Nihal Jain commented on HBASE-29224:
------------------------------------
Changes for HBASE-29225 is merged.
> Migrate from Jetty 9 to Jetty 12
> --------------------------------
>
> Key: HBASE-29224
> URL: https://issues.apache.org/jira/browse/HBASE-29224
> Project: HBase
> Issue Type: Umbrella
> Components: dependencies, REST, security, Thrift, UI
> Reporter: Nihal Jain
> Priority: Major
>
> This umbrella JIRA is to track all the tasks needed to move hbase from jetty
> 9 to jetty 12. Please refer mail list discussion at
> [https://lists.apache.org/thread/bkrfm705kqd3bqzyvo7jv46t6p64x2n5]
> *Why do we want this?*
> Apache HBase relies on Jetty 9 for its web interface, thrift and rest
> servers. Jetty 9 has EOL'd along with security support on 19th Feb 2025.
> Refer [https://endoflife.date/eclipse-jetty] and might become a high risk if
> we stop getting further security updates.
> *Possible Solutions*
> # Jump to Jetty 12 with EE8 support
> # Jump directly to Jetty 12 with jakarta namespace
> # Or a combination of above two strategies with incremental change
> *Proposed Migration Strategy*
> At high level, we propose to move as per 3rd strategy in below 2 phases.
> * Phase 1:
> ## Add module for Jetty 12 with EE8 to hbase-thirdparty
> ## Next consume this version of hbase-thirdparty, move to jetty 12 with EE8
> and bump java servlet to 4.0.1
> ## Test and verify everything is working as expected.
> * Phase 2:
> ## Add Jetty 12 with EE9 to hbase-thirdparty and jersey 3. And may be some
> other artifacts (not sure at this point)
> ## Next consume this version of hbase-thirdparty, move to jetty 12 with EE9,
> bump jakarta servlet to 5.x / 6.x, tomcat to 10.x / 11.x and migrate all the
> dependencies and code to jakarta namespace
> *** Blockers?? Hadoop AuthenticationFilter dependent and related code need
> to be either shaded to move from javax to jakarta, or we would need to wait
> for hadoop for move to jakarta. (In my rough analysis, I have identified this
> till now, when we attempt it might be more stuff)
> ## Test and verify everything is working as expected.
> The focus of the umbrella is to fix in master and branch-3 for now.
> NOTE: If we are to take this into branch-2:
> * We could cherry-pick, phase 1 solution as the fix to branch-2 as it
> seemingly does not change code/compat much.
> * Also we would first need bumping the minimum Java requirement (a blocker)
> as jetty 12 requires minimum JDK17.
> CC: [~stoty], [~zhangduo], [~apurtell], [~weichiu]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
