Community

Eclipse Jetty version upgrade

851
1
08-31-2021 09:28 AM
EricSpangenberg
by
New Contributor III
‎08-31-2021 09:28 AM

Our IT security staff were notified of the following message from the server we use for GeoEvent Server

"The "MortBay / Eclipse Jetty" version on the remote host has reached the end of life. CPE: cpe:/a:eclipse:jetty:9.3.14.20161028 Installed version: 9.3.14.20161028 Location/URL: 6143/tcp EOL version: 9.3 EOL date: 2020-12-31"

We have found Jetty versions 10 or 11.

But I have not seen any documentation about compatibility with GeoEvent.  

Is anyone familiar with this and if we can upgrade with no impact?  My limited understanding is that the Eclipse Jetty is a java container used by 'something' in GeoEvent??

Thank you in advance.

0 Kudos
1 Reply
RJSunderman
by Esri Regular Contributor
Esri Regular Contributor
‎10-14-2021 11:46 AM

@EricSpangenberg -- Apologies that your enquiry went so long without a response.

If you have not already, please open a support incident with Esri Technical Support for this issue. It is not feasible, and in fact can be quite dangerous from a security perspective, to attempt an in-place upgrade of a third-party component GeoEvent Server incorporates as part of its Karaf application container.

Please indicate to Esri Technical Support the release of ArcGIS Enterprise and GeoEvent Server you are working with. If this is a vulnerability not covered by the ArcGIS GeoEvent Server Security Update 2021 Patch we need to evaluate this with our internal security team.

If you are working with a release prior to 10.6.1 we probably need to discuss with you the possibly of upgrading to an ArcGIS Enterprise release for which an appropriate security patch is available. Either way, we need a support incident opened with Esri Technical Support for traceability.

Thanks --
RJ