You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/10/15 12:41:00 UTC

[jira] [Updated] (AMBARI-24778) Fix CVE issues in ambari server

     [ https://issues.apache.org/jira/browse/AMBARI-24778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ASF GitHub Bot updated AMBARI-24778:
------------------------------------
    Labels: pull-request-available  (was: )

> Fix CVE issues in ambari server
> -------------------------------
>
>                 Key: AMBARI-24778
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24778
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.3
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 2.7.3
>
>
> The following 3rd party dependencies have to be eliminated/upgraded to a secure version based on the latest BlackDuck scan:
> ||Current version||Upgrade to||CVE issue(s)||
> |org.springframework:spring-web:jar:4.3.17.RELEASE|org.springframework:spring-web:jar:4.3.18.RELEASE or the latest|CVE-2018-11039, CVE-2018-11040|
> |jquery-1.8.3.min.js|1.9.0rc1 or the latest|CVE-2011-4969, CVE-2015-9251, CVE-2012-6708|
> |org.eclipse.jetty:jetty-server:jar:9.4.11.v20180605|9.4.12.v20180830 or the latest|CVE-2017-9735, CVE-2018-12536|



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)