OE10.2B Jetty (v4.2.9) Upgrade - Forum - OpenEdge General - Progress Community

OE10.2B Jetty (v4.2.9) Upgrade

 Forum

OE10.2B Jetty (v4.2.9) Upgrade

This question is answered

Hi guys,

This is regarding upgrading of my OE10.2B OpenEdge Explorer - jetty (v4.2.9) to OE11.2 (v7.63) (as documented in KB28518). My question is regarding this statement, "The only licence to get the OE 11 OpenEdge Explorer is Name Server."; am I eligible to download OE11 OpenEdge Explorer if I only have OE10.2B license?

Thank you.

Regards,
Tai Li.

Verified Answer
  • Hi , thanks for your response. Yes, I am aware that Jetty is opensource, but as stated in KB14905:

    OpenEdge Management 10.2B uses Jetty 4.2.9.

    The code in OpenEdge Management has references to the Jetty classes. Even though it may be possible to upgrade to a newer version of jetty, the more recent versions of Jetty have some classes that have changed.

    Furthermore, KB28518 has specifically mentioned:

    The later version of the Jetty WebServer is compatible with 10.2B. This Article outlines how to upgrade only OEE to 11.0, 11.1 or 11.2 (this procedure does not work with 11.3 and higher) and use 10.2B AdminServers as remote containers. This way the OE 11 Jetty WebServer security fix is in place, without having to upgrade the 10.2B Servers.

    Getting a new/upgrading license is the hindering part. It seems like the most I can do is to upgrade the Jetty 4.2 stream (as mentioned in KB14905).

    Thanks.

All Replies
  • What are they trying to accomplish by updating to 11.2, and not 11.7?

  • In our pentest, there were vulnerabilities detected in Jetty (v4.2.*). Our reason to upgrade just the Jetty component is because of legacy products which still runs on OE10.

  • Are these vulnerabilities addressed in Jetty 7.6?  Does jetty 7.6 address all of their concerns?  I ask these because there are CVEs listed against Jetty versions all the way up to the current Jetty 9.4.x branch, some of which are also present in older versions of Jetty, including 7.6.x branch.

  • I can't answer the license question.  They would need to talk to their salesrep for that kind of answer.

  • The title and description of the kbase you reference are a misleading.  The title indicates "How to replace OEE 10.2B Jetty Webserver...".  The steps are actually describing how to have an old adminserver monitored by a newer OEE on a different version.

  • I wanted to show the reference to the licensing portion mentioned in the KB. After giving it more thoughts, I suppose I'll need OE11.2 NameServer license in order for me to install and extract the embedded Jetty webserver and replace the one in OE10.2B.

    Correct me if I'm wrong.

  • Jetty is open source and part of Eclipse. You can get it from the repository here: github.com/.../jetty.project

    version 9.3.x is the oldest supported version. all earlier versions are deprecated.

  • Hi , thanks for your response. Yes, I am aware that Jetty is opensource, but as stated in KB14905:

    OpenEdge Management 10.2B uses Jetty 4.2.9.

    The code in OpenEdge Management has references to the Jetty classes. Even though it may be possible to upgrade to a newer version of jetty, the more recent versions of Jetty have some classes that have changed.

    Furthermore, KB28518 has specifically mentioned:

    The later version of the Jetty WebServer is compatible with 10.2B. This Article outlines how to upgrade only OEE to 11.0, 11.1 or 11.2 (this procedure does not work with 11.3 and higher) and use 10.2B AdminServers as remote containers. This way the OE 11 Jetty WebServer security fix is in place, without having to upgrade the 10.2B Servers.

    Getting a new/upgrading license is the hindering part. It seems like the most I can do is to upgrade the Jetty 4.2 stream (as mentioned in KB14905).

    Thanks.