Jetty10-jetty-all dependency downloading beta1 libraries #9218
Comments
sushikarwasra
changed the title
|
The old tutorial JAR called See https://www.eclipse.org//lists/jetty-users/msg06029.html This jar should never have been put on maven central, it only existed to help people that were following the tutorial in the documentation. It never has, nor can ever, contain all of Jetty (that's just not possible). The fact that people are using it for their projects as a dependency is scary and considered a security vulnerability. |
|
Thanks @joakime, so should include all the related lib in pom separately like below <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
<version>9.4</version>
</dependency>e.g. jetty-http-10.0.13.jar <dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
<version>${jetty.version}</version>
</dependency> |
|
If you specify Start with just |
Jetty version - 10.0.13
JDK version - JDK 17/19
I am trying to upgrade from 9.4.22.v20191022 to 10.0.13, we are using below dependency in pom file for jetty-all
org.eclipse.jetty.aggregate
jetty-all
${jedi.jetty.version}
pom
For jetty all there is no 10.0.13 version and most recent version is beta1 but for earlier version of jetty, jetty-all used to have same version as the jetty version.
If i use the jetty-all version 10.0.0.beta1 it download the all aggregate libraries with beta1 version e.g.
http2-client-10.0.0.beta1.jar, http2-common-10.0.0.beta1.jar, asm-7.3.1.jar but if i check the jetty 10.0.13 zip downloaded from eclipse website it comes with http2-common-10.0.13.jar,jetty-http-10.0.13.jar,asm-9.4.jar.
Is there anyway jetty-all aggregate dependency can download jars without beta1 version or i need to include each jar dependency separately in pom instead of jetty-all.
The text was updated successfully, but these errors were encountered: