You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/02/27 13:25:00 UTC
[jira] [Created] (AMBARI-23093) Remove dependency on
org.apache.zookeeper:zookeeper before version 3.4.6.2.0.0.0-579 for Ambari
Server
Sandor Molnar created AMBARI-23093:
--------------------------------------
Summary: Remove dependency on org.apache.zookeeper:zookeeper before version 3.4.6.2.0.0.0-579 for Ambari Server
Key: AMBARI-23093
URL: https://issues.apache.org/jira/browse/AMBARI-23093
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.6.2
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.6.2, 2.7.0
Remove dependency on org.apache.zookeeper:zookeeper before version 3.4.6.2.0.0.0-579 due to security concerns. See
* CVE-2017-5637 - [https://nvd.nist.gov/vuln/detail/CVE-2017-5637]
* CVE-2016-5017 - [https://nvd.nist.gov/vuln/detail/CVE-2016-5017]
{noformat}
--- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
org.apache.ambari:ambari-server:jar:2.6.1.0.0
+- org.apache.ambari:ambari-metrics-common:jar:2.6.1.0.0:compile
| \- org.apache.curator:curator-framework:jar:2.7.1:compile
| \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
+- org.apache.hadoop:hadoop-auth:jar:2.7.2:compile
| \- org.apache.zookeeper:zookeeper:jar:3.4.6:compile
\- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
+- org.apache.curator:curator-client:jar:2.7.1:compile
| \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
+- org.apache.curator:curator-recipes:jar:2.7.1:compile
| \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
\- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitte{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)