Our IT security staff were notified of the following message from the server we use for GeoEvent Server
"The "MortBay / Eclipse Jetty" version on the remote host has reached the end of life. CPE: cpe:/a:eclipse:jetty:18.104.22.16861028 Installed version: 22.214.171.12461028 Location/URL: 6143/tcp EOL version: 9.3 EOL date: 2020-12-31"
We have found Jetty versions 10 or 11.
But I have not seen any documentation about compatibility with GeoEvent.
Is anyone familiar with this and if we can upgrade with no impact? My limited understanding is that the Eclipse Jetty is a java container used by 'something' in GeoEvent??
Thank you in advance.
@EricSpangenberg -- Apologies that your enquiry went so long without a response.
If you have not already, please open a support incident with Esri Technical Support for this issue. It is not feasible, and in fact can be quite dangerous from a security perspective, to attempt an in-place upgrade of a third-party component GeoEvent Server incorporates as part of its Karaf application container.
Please indicate to Esri Technical Support the release of ArcGIS Enterprise and GeoEvent Server you are working with. If this is a vulnerability not covered by the ArcGIS GeoEvent Server Security Update 2021 Patch we need to evaluate this with our internal security team.
If you are working with a release prior to 10.6.1 we probably need to discuss with you the possibly of upgrading to an ArcGIS Enterprise release for which an appropriate security patch is available. Either way, we need a support incident opened with Esri Technical Support for traceability.