You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2018/04/25 11:19:30 UTC
[ambari] branch trunk updated: [AMBARI-23678] Fix CVE issues for
ambari-infra-solr 2.7.0 (#1084)
This is an automated email from the ASF dual-hosted git repository.
oleewere pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new b859302 [AMBARI-23678] Fix CVE issues for ambari-infra-solr 2.7.0 (#1084)
b859302 is described below
commit b859302c4d895253de8eef7ae5d9940d81824a7b
Author: Olivér Szabó <ol...@gmail.com>
AuthorDate: Wed Apr 25 13:19:28 2018 +0200
[AMBARI-23678] Fix CVE issues for ambari-infra-solr 2.7.0 (#1084)
* AMBARI-23678. Fix CVE issues for ambari-infra-solr 2.7.0
* AMBARI-23678. Additional CVE fixes for ambari-infra.
---
ambari-infra/ambari-infra-manager/pom.xml | 17 ++++++++++++++---
ambari-infra/pom.xml | 29 ++++++++++++++++++++++++++++-
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/ambari-infra/ambari-infra-manager/pom.xml b/ambari-infra/ambari-infra-manager/pom.xml
index fa7de96..5277447 100644
--- a/ambari-infra/ambari-infra-manager/pom.xml
+++ b/ambari-infra/ambari-infra-manager/pom.xml
@@ -31,8 +31,8 @@
<properties>
<spring.version>4.3.10.RELEASE</spring.version>
- <spring.security.version>4.2.3.RELEASE</spring.security.version>
- <spring.ldap.version>2.0.4.RELEASE</spring.ldap.version>
+ <spring.security.version>4.2.4.RELEASE</spring.security.version>
+ <spring.ldap.version>2.2.0.RELEASE</spring.ldap.version>
<jersey.version>2.25.1</jersey.version>
<jetty.version>9.4.8.v20171121</jetty.version>
<spring-batch.version>3.0.7.RELEASE</spring-batch.version>
@@ -363,6 +363,11 @@
<version>1.0.1.RELEASE</version>
</dependency>
<dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.10</version>
+ </dependency>
+ <dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>3.2.4</version>
@@ -396,7 +401,7 @@
<dependency>
<groupId>org.webjars</groupId>
<artifactId>swagger-ui</artifactId>
- <version>2.1.0</version>
+ <version>2.2.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -449,6 +454,12 @@
<artifactId>commons-csv</artifactId>
<version>1.5</version>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ <version>${spring-boot.version}</version>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/ambari-infra/pom.xml b/ambari-infra/pom.xml
index 1efc23c..d0ec17c 100644
--- a/ambari-infra/pom.xml
+++ b/ambari-infra/pom.xml
@@ -33,11 +33,17 @@
<deb.dependency.list>${deb.python.ver}</deb.dependency.list>
<hadoop.version>3.0.0</hadoop.version>
<surefire.argLine>-Xmx1024m -Xms512m</surefire.argLine>
+ <zookeeper.version>3.4.6.2.3.0.0-2557</zookeeper.version>
<skipSurefireTests>false</skipSurefireTests>
</properties>
<repositories>
<repository>
+ <id>apache-hadoop</id>
+ <name>hdp</name>
+ <url>http://repo.hortonworks.com/content/groups/public/</url>
+ </repository>
+ <repository>
<id>oss.sonatype.org</id>
<name>OSS Sonatype Staging</name>
<url>https://oss.sonatype.org/content/groups/staging</url>
@@ -267,13 +273,34 @@
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
- <version>3.4.10</version>
+ <version>${zookeeper.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.9.4</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.9.4</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-xml</artifactId>
+ <version>2.9.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.woodstox</groupId>
+ <artifactId>woodstox-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
</dependencyManagement>
--
To stop receiving notification emails like this one, please contact
oleewere@apache.org.