Cookie SameSite attribute setting support

Hi,

according to newest security changes in Chrome, for cross-site cookies to be properly set in cross-domain scenario (iframe), they should have SameSite=None and Secure attributes.
According to this issue https://github.com/eclipse/jetty.project/issues/4247 this can be configured in web.xml for Jetty to handle it, but since version 9.4.23.

In WebMethods 10.1 I can see Jetty of version 9.2.*. Is Jetty updated in newer versions of WebMethods? Is there a version where version later than 9.4.23 is used so that we can use this feature to setup cookie attributes?

Regards,
Przemek

Hi Przemek,

you can open a feature request in Brainstorm to request the update of the jetty version.

You can check for webMethods 10.5 (latest version available for which extended support can be ordered after the 3-year standard support) and see if this one already uses a newer jetty version.

Regards,
Holger

Hi Holger,

thank you, but is there somewhere a documentation which descries which Jetty version is used in WebMethods version?
It seems a little bit overcomplicated to download version by version and check it.

P.

Hi Przemek,

in this case I would suggest to open an incident with SAG Support to get this checked.

You dont need to download every version in between, just download 10.5 and check this one, if you want you download 10.3 as an intermediate release.
Or you can wait for the 10.7 version which should be released in End of October or early November when the regular schedule is pertained, but I am not sure as I did not notice that 10.6 has been released in spring (most likely due to Corona crisis).

Regards,
Holger