I am currently using the following gretty configuration in build.gradle:
gretty {
servletContainer = 'jetty9'
}
I want to upgrade the jetty version to 9.4.8.
From a quick search I found that jetty9 stands for the version Jetty 9.2.22.v20170606 (from: http://akhikhl.github.io/gretty-doc/Switching-between-servlet-containers.html). I couldn't anything on how to upgrade to jetty version 9.4.8. Could someone please help.
Yeah, from this doc, you can configure gretty to use 'jetty9.4' (jdk 8 only) instead of jetty9.
In the latest v2.0.0 release, plugin will work with jetty9 of 9.2.22.v20170606 and jetty9.4 of v9.4.6.v20170531, respectively.(ref)
jetty9_version=9.2.22.v20170606
jetty94_version=9.4.6.v20170531
You can PR for jetty94_version.
[updated]
I have created a sample project using Spring MVC with Jetty 9.4.8 particularly in this commit.
[edit note]
Please use 'jetty9.4' (instead of 'jetty94') - Refer to this github comment for more info
Related
Can you tell me the steps of downgrading spring boot project from 2.4 to 2.3?
Just change the version name in the pom.xml file from "2.4.1" to "2.3.1.RELEASE".
I noticed that I cannot create an issue on the spring-batch github and I could not create a topic on the Spring forum so I was redirected here.
I have this in my pom.xml file as explained on Spring.io's Batch tutorial
<dependency>
<groupId>org.springframework.batch</groupId>
<artifactId>spring-batch-core</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
And when I run the mvn dependency-check:check I see these issues
spring-tx-5.0.0.RELEASE.jar
CVE-2018-1199 - upgrade spring framework to latest 4.x
spring-batch-core-4.0.1.RELEASE.jar
CVE-2014-0225 - upgrade spring mvc - added it and latest 4.x
CVE-2015-5211 - upgrade springframework 4.x
CVE-2016-5007 - upgrade springframework 4.x
CVE-2014-3578 - upgrade springframework 4.x
CVE-2014-3625 - upgrade springframework 4.x
I ran mvn dependency:build-classpath -Dmdep.outputFile=cp.txt the offending jars above are located in my classpath. Then ran 'mvn dependency:tree` but did not see the offending jars.
mvn dependency:tree 2>&1 | egrep -i 'batch-core|spring-tx'
I tried googling some of the core CVEs which said to upgrade spring-mvc which I don't even have in my project but I explicitly defined it anyway. My spring version is set to the latest 4.x and even upgrading to 5.x still throws the vulnerability because spring-batch-core's latest version is still vulnerable.
Am I doing something wrong in my pom file?
To start, none of those CVEs apply directly to Spring Batch or the spring-batch-core jar file. They are all related to Spring Framework and Spring MVC. Also, every one of those CVEs has been mitigated in the specified patch versions.
If you have confirmed that your POM is bringing in the correct, non-vunlerable, version of Spring Framework, this is a case of a false positive and you'll need to configure whatever tool you're using to address this. If the artifact you are building as a result of the build process includes a vulnerable version of Spring Framework (or related components), then you do have an issue with your POM. We can help, but we need to see the POM in order to do so.
I am not good at all this web stuff, but I have managed to port a small Spark-tinyweb application to serve REST services from jetty to Tomcat, following the project from Leonan Luppi in
https://github.com/leonanluppi/SparkTomcat
But in the folder WebContent/WEB-INF/lib, if I replace the file
spark-core-2.1.jar
to a newer version:
spark-core-2.5.jar
The application does not work.
Any suggestions?
Your build.gradle file specifies the dependency on com.sparkjava:spark-core:2.1. You have to upgrade the version in the file too so that Gradle can resolve the dependencies and compile your app.
I am using Gretty plugin for running web application from Gradle script. Is it possible to select a specific version of jetty container to run? Not just jetty9 vs jetty8, but e.g. 9.2.13.v20150730
Since Gretty 2.0.0 it is possible to override versions of Jetty and servlet-api using gradle.properties file: http://akhikhl.github.io/gretty-doc/Overriding-servlet-container-versions.html
For instance:
jetty9Version = 9.2.22.v20170606
Trying to update a project from Spring Data Neo4j version 2.3.1.RELEASE to 3.0.0.RELEASE, but I'm getting maven artifact not found errors on neo4j-cypher-dsl version 2.0.1.
I found this link https://mvnrepository.com/artifact/org.neo4j/neo4j-cypher-dsl which shows 2.0.1, but clicking that link, then the URL link (http://components.neo4j.org/neo4j-cypher-dsl/2.0.1), I get a 404.
The same is true for every other version of neo4j-cypher-dsl greater than version 1.9.M04.
Any thoughts on how to resolve?
-Chris
neo4j-cypher-dsl is released to http://m2.neo4j.org. To use that in your maven build, add http://m2.neo4j.org/content/repositories/releases/ to your list of repositories.
E.g. for 2.0.1 use http://m2.neo4j.org/content/repositories/releases/org/neo4j/neo4j-cypher-dsl/2.0.1/neo4j-cypher-dsl-2.0.1.jar