Skip to content

Use Built-in Java HTTP Server instead of Jetty 11 #2315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Mar 26, 2025
Merged

Use Built-in Java HTTP Server instead of Jetty 11 #2315

merged 19 commits into from
Mar 26, 2025

Conversation

sdelamo
Copy link
Contributor

@sdelamo sdelamo commented Mar 19, 2025
edited
Loading

Jetty 11 has a CVE. This pull request removes the usage of Jetty 11 and replaces it with the built-in Java HTTP Server support introduced in servlet-core.

Jetty 12 Handler uses org.eclipse.jetty.server.Request instead of jakarta.servlet.http.HttpServletRequest. org.eclipse.jetty.server.Request no longer implements HttpServletRequest. Because of that, to get rid of Jetty 11, we had two options: rewrite to Jetty 12 or migrate AwsApiProxyTestServer to use the Java Built-in HTTP Server and remove the usage of Jetty.

I gone the path of using the built-in HTTP Server. There are several classes introduced in this PR which I think should be in micronaut core.

@sdelamo sdelamo added the type: improvement A minor improvement to an existing feature label Mar 19, 2025
@sdelamo sdelamo requested review from graemerocher and yawkat March 19, 2025 14:18
@sdelamo sdelamo force-pushed the built-in-http-server branch from bd0afdc to 9aa83fe Compare March 19, 2025 15:06
@sdelamo sdelamo added the type: breaking Introduces a breaking change label Mar 19, 2025
@sdelamo sdelamo moved this to Ready for Review in 4.8.0 Release Mar 19, 2025
@sdelamo sdelamo marked this pull request as draft March 20, 2025 16:26
@sdelamo sdelamo mentioned this pull request Mar 20, 2025
Merged
@sdelamo sdelamo marked this pull request as ready for review March 24, 2025 09:08
@sdelamo sdelamo changed the base branch from 4.9.x to 4.10.x March 24, 2025 09:24
@sdelamo
Copy link
Contributor Author

sdelamo commented Mar 25, 2025

@yawkat @graemerocher can we merge this?

@yawkat
Copy link
Member

yawkat commented Mar 25, 2025

No, I want to figure out the octet thing first

@yawkat
Copy link
Member

yawkat commented Mar 25, 2025

@sdelamo not sure why we use the mime encoder here, i couldnt find any docs requiring it

micronaut-aws/function-aws-api-proxy/src/main/java/io/micronaut/function/aws/proxy/payload2/APIGatewayV2HTTPResponseServletResponse.java

Line 53 in e18f645

.withBody(Base64.getMimeEncoder().encodeToString(body.toByteArray()));

@sdelamo sdelamo force-pushed the built-in-http-server branch from 8ae11e8 to e701c23 Compare March 26, 2025 09:01
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
1 New Critical Issues (required ≤ 0)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@sdelamo sdelamo merged commit 7daa784 into 4.10.x Mar 26, 2025
15 of 16 checks passed
@github-project-automation github-project-automation bot moved this from Ready for Review to Done in 4.8.0 Release Mar 26, 2025
@sdelamo sdelamo deleted the built-in-http-server branch March 26, 2025 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yawkat yawkat yawkat approved these changes

@graemerocher graemerocher Awaiting requested review from graemerocher

Assignees
No one assigned
Labels
type: breaking Introduces a breaking change type: improvement A minor improvement to an existing feature
Projects
4.8.0 Release
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sdelamo @yawkat