You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/08/08 18:09:00 UTC

[jira] [Commented] (AMBARI-24415) Remove dependencies with CVE issues from Ambari Server

    [ https://issues.apache.org/jira/browse/AMBARI-24415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16573628#comment-16573628 ] 

Hudson commented on AMBARI-24415:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #9765 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9765/])
[AMBARI-24415] Remove dependencies with CVE issues from Ambari Server (rlevas: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=06a15f593ae6bbe387c007321731f643e5acadcc])
* (edit) ambari-project/pom.xml
* (edit) ambari-server/pom.xml


> Remove dependencies with CVE issues from Ambari Server
> ------------------------------------------------------
>
>                 Key: AMBARI-24415
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24415
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.7.1
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: cleanup, pull-request-available
>             Fix For: 2.7.1
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> Remove dependencies with CVE issues from Ambari Server
> * org.springframework:spring-beans:jar before 4.3.17.RELEASE 
> ** CVE-2018-1270 - https://nvd.nist.gov/vuln/detail/CVE-2018-1270
> ** CVE-2018-1275 - https://nvd.nist.gov/vuln/detail/CVE-2018-1275
> ** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
> ** CVE-2018-1271 - https://nvd.nist.gov/vuln/detail/CVE-2018-1271
> ** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.springframework.security:spring-security-core:jar:4.2.4.RELEASE:compile
> [INFO]    \- org.springframework:spring-beans:jar:4.3.12.RELEASE:compile
> {noformat}
> * org.kohsuke:libpam4j:jar before version 1.9
> ** CVE-2017-12197 - https://nvd.nist.gov/vuln/detail/CVE-2017-12197
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.kohsuke:libpam4j:jar:1.8:compile
> {noformat}
> * org.springframework:spring-context before version 4.3.17.RELEASE
> ** CVE-2018-1257 - https://nvd.nist.gov/vuln/detail/CVE-2018-1257
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.springframework:spring-context:jar:4.3.16.RELEASE:compile
> {noformat}
> * org.springframework.security:spring-security-ldap:jar before version 4.1.5.RELEASE 
> ** CVE-2018-1199 - https://nvd.nist.gov/vuln/detail/CVE-2018-1199
> ** CVE-2016-9879 - https://nvd.nist.gov/vuln/detail/CVE-2016-9879
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- org.springframework.security:spring-security-ldap:jar:4.1.1.RELEASE:compile
> {noformat}
> * com.jcraft:jsch:jar before version 1.54 
> ** CVE-2016-5725 - https://nvd.nist.gov/vuln/detail/CVE-2016-5725
> {noformat}
> [INFO] org.apache.ambari:ambari-server:jar:2.7.0.0.0
> [INFO] \- com.jcraft:jsch:jar:0.1.45:compile
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)