You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2018/04/25 11:19:30 UTC

[ambari] branch trunk updated: [AMBARI-23678] Fix CVE issues for ambari-infra-solr 2.7.0 (#1084)

This is an automated email from the ASF dual-hosted git repository.

oleewere pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new b859302  [AMBARI-23678] Fix CVE issues for ambari-infra-solr 2.7.0 (#1084)
b859302 is described below

commit b859302c4d895253de8eef7ae5d9940d81824a7b
Author: Olivér Szabó <ol...@gmail.com>
AuthorDate: Wed Apr 25 13:19:28 2018 +0200

    [AMBARI-23678] Fix CVE issues for ambari-infra-solr 2.7.0 (#1084)
    
    * AMBARI-23678. Fix CVE issues for ambari-infra-solr 2.7.0
    
    * AMBARI-23678. Additional CVE fixes for ambari-infra.
---
 ambari-infra/ambari-infra-manager/pom.xml | 17 ++++++++++++++---
 ambari-infra/pom.xml                      | 29 ++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/ambari-infra/ambari-infra-manager/pom.xml b/ambari-infra/ambari-infra-manager/pom.xml
index fa7de96..5277447 100644
--- a/ambari-infra/ambari-infra-manager/pom.xml
+++ b/ambari-infra/ambari-infra-manager/pom.xml
@@ -31,8 +31,8 @@
 
   <properties>
     <spring.version>4.3.10.RELEASE</spring.version>
-    <spring.security.version>4.2.3.RELEASE</spring.security.version>
-    <spring.ldap.version>2.0.4.RELEASE</spring.ldap.version>
+    <spring.security.version>4.2.4.RELEASE</spring.security.version>
+    <spring.ldap.version>2.2.0.RELEASE</spring.ldap.version>
     <jersey.version>2.25.1</jersey.version>
     <jetty.version>9.4.8.v20171121</jetty.version>
     <spring-batch.version>3.0.7.RELEASE</spring-batch.version>
@@ -363,6 +363,11 @@
       <version>1.0.1.RELEASE</version>
     </dependency>
     <dependency>
+      <groupId>com.thoughtworks.xstream</groupId>
+      <artifactId>xstream</artifactId>
+      <version>1.4.10</version>
+    </dependency>
+    <dependency>
       <groupId>cglib</groupId>
       <artifactId>cglib</artifactId>
       <version>3.2.4</version>
@@ -396,7 +401,7 @@
     <dependency>
       <groupId>org.webjars</groupId>
       <artifactId>swagger-ui</artifactId>
-      <version>2.1.0</version>
+      <version>2.2.2</version>
     </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
@@ -449,6 +454,12 @@
       <artifactId>commons-csv</artifactId>
       <version>1.5</version>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-tomcat</artifactId>
+      <version>${spring-boot.version}</version>
+      <scope>provided</scope>
+    </dependency>
   </dependencies>
 
 </project>
diff --git a/ambari-infra/pom.xml b/ambari-infra/pom.xml
index 1efc23c..d0ec17c 100644
--- a/ambari-infra/pom.xml
+++ b/ambari-infra/pom.xml
@@ -33,11 +33,17 @@
     <deb.dependency.list>${deb.python.ver}</deb.dependency.list>
     <hadoop.version>3.0.0</hadoop.version>
     <surefire.argLine>-Xmx1024m -Xms512m</surefire.argLine>
+    <zookeeper.version>3.4.6.2.3.0.0-2557</zookeeper.version>
     <skipSurefireTests>false</skipSurefireTests>
   </properties>
 
   <repositories>
     <repository>
+      <id>apache-hadoop</id>
+      <name>hdp</name>
+      <url>http://repo.hortonworks.com/content/groups/public/</url>
+    </repository>
+    <repository>
       <id>oss.sonatype.org</id>
       <name>OSS Sonatype Staging</name>
       <url>https://oss.sonatype.org/content/groups/staging</url>
@@ -267,13 +273,34 @@
       <dependency>
         <groupId>org.apache.zookeeper</groupId>
         <artifactId>zookeeper</artifactId>
-        <version>3.4.10</version>
+        <version>${zookeeper.version}</version>
       </dependency>
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
         <version>2.5</version>
       </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+        <version>2.9.4</version>
+      </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-annotations</artifactId>
+        <version>2.9.4</version>
+      </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.dataformat</groupId>
+        <artifactId>jackson-dataformat-xml</artifactId>
+        <version>2.9.4</version>
+        <exclusions>
+          <exclusion>
+            <groupId>com.fasterxml.woodstox</groupId>
+            <artifactId>woodstox-core</artifactId>
+          </exclusion>
+        </exclusions>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

-- 
To stop receiving notification emails like this one, please contact
oleewere@apache.org.