You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/05/17 18:30:00 UTC
[jira] [Commented] (AMBARI-23869) Remove insecure dependencies from
Ambari Server
[ https://issues.apache.org/jira/browse/AMBARI-23869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16479523#comment-16479523 ]
Hudson commented on AMBARI-23869:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9280 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9280/])
[AMBARI-23869] Remove insecure dependencies from Ambari Server (rlevas: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=63688f93ca82a545a071b2d475054e631b061fe8])
* (edit) ambari-server/pom.xml
* (edit) ambari-agent/pom.xml
> Remove insecure dependencies from Ambari Server
> -----------------------------------------------
>
> Key: AMBARI-23869
> URL: https://issues.apache.org/jira/browse/AMBARI-23869
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent, ambari-server
> Affects Versions: 2.7.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Remove insecure dependencies from Ambari Server
> *Jetty: Java based HTTP, Servlet, SPDY, WebSocket Server 6.1.26*
> * https://nvd.nist.gov/vuln/detail/CVE-2017-9735
> * https://nvd.nist.gov/vuln/detail/CVE-2011-4461
> * https://nvd.nist.gov/vuln/detail/CVE-2009-1523
> {noformat}
> [INFO] ------------------------------------------------------------------------
> [INFO] Building Ambari Server 2.0.0.0-SNAPSHOT
> [INFO] ------------------------------------------------------------------------
> [INFO]
> [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
> [INFO] org.apache.ambari:ambari-server:jar:2.0.0.0-SNAPSHOT
> [INFO] +- org.mortbay.jetty:jsp-api-2.1-glassfish:jar:2.1.v20100127:compile
> [INFO] +- org.mortbay.jetty:jsp-2.1-glassfish:jar:2.1.v20100127:compile
> [INFO] \- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
> [INFO] \- org.mortbay.jetty:jetty:jar:6.1.26:compile{noformat}
> Recommendation is to remove the dependency or upgrade to version 6.1.26.hwx or the latest version, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)