This is a complicated topic.
Basically, our view is ...
- Jetty 9.4.x is in maintenance mode (bug fixes and security issues)
- Jetty 9.4.x maintenance is tied to Java 8 use/adoption
- Jetty 9.4.x is also tied to SSL/TLS of Java 8 (so TLS/1.2 in older version of Java 8, and TLS/1.3 in recent versions of Java 8)
If Java 8 is no longer used, Jetty 9.4.x ends.
If SSL/TLS support in Java 8 is not updated, that also hastens the end of Jetty 9.4.x
- Maintenance / Bug Fixes / New Features -
Jetty 9.4.x is basically in maintenance mode so won't see new features.
New features are in the Jetty 10+ code bases (HTTP/3 anyone?)
If OpenJDK actually adopts big new concepts, like loom, then the support for that will be in the active codebases (Jetty 10+)
Updates to the Jakarta EE specs are only in Jetty 11+
Jetty 11 is currently on Jakarta EE 9. Jakarta EE 10 is due out at the end of the year AFAIK.
Be aware that there is an industry effort to migrate from the dead `javax.*` namespace to `jakarta.*` at the moment.
This will hasten the demise of Jetty 9.x and 10.x as well. (Long live Jetty 11.x and it's support for `jakarta.*`)
- Java 8 connection -
Support for Jetty 9.4.x is tied to support for Java 8.
Remember, paid support for Java 8 is currently offered by many vendors, thru to the end of December 2030.
That support is about to experience a serious bump in costs in March 2022 from "Premier" to "Extended" (and if history holds, no more public releases of Java 8 JVMs).
Historically, that bump into the "Extended Support" realm has meant the death of general use of that version of Java.
But this time it's slightly different, as people have reported the migration over the hump from Java 8 to Java 9 has been the hardest they have experienced.
(But once there, the rest of the upgrades, even to Java 17, have been the easiest they have experienced).
- SSL/TLS support -
Then there is also the increasing velocity of change in the SSL/TLS space, if you use SSL/TLS you have to keep up to date (both on your JVM and your Jetty install).
We already have people reporting that Jetty 5 and Jetty 6 no longer work with modern browsers and SSL (even on newer JVMs).
Jetty 7 and Jetty 8 users are already having to heavily tweak their configurations and provide custom implementations of SslContextFactory without reaching 100% support for modern browsers and mobile devices.
Jetty 9.0 thru 9.2 users are starting to experience this now as well.
If something like TLS/1.4 were to rear its head, and browsers started to adopt it, that also accelerates the demise of older (unmaintained) versions of Jetty.