You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2019/06/19 16:45:00 UTC

[jira] [Commented] (AMBARI-25316) Upgrade dependency on org.springframework:spring-web:jar:4.3.18.RELEASE in Ambari Server

    [ https://issues.apache.org/jira/browse/AMBARI-25316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867811#comment-16867811 ] 

Hudson commented on AMBARI-25316:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #533 (See [https://builds.apache.org/job/Ambari-branch-2.7/533/])
AMBARI-25316 - Upgrade dependency on (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=dc374208689fffdcc405efc446fbf0dafdb1fd07])
* (edit) ambari-project/pom.xml


> Upgrade dependency on org.springframework:spring-web:jar:4.3.18.RELEASE in Ambari Server
> ----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-25316
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25316
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.7.3
>            Reporter: Krisztian Kasa
>            Assignee: Krisztian Kasa
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.4
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Remove dependency on org.springframework.security:spring-security-web 4.3.18.RELEASE in Ambari Server due to security concerns. See 
> https://nvd.nist.gov/vuln/detail/CVE-2018-15756
> {code}
> [INFO] Scanning for projects...
> [INFO]
> [INFO] ------------------< org.apache.ambari:ambari-server >-------------------
> [INFO] Building Ambari Server 2.7.3.0.0
> [INFO] --------------------------------[ jar ]---------------------------------
> [INFO]
> [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
> ...
> [INFO] +- org.springframework:spring-web:jar:4.3.18.RELEASE:compile
> {code}
> Recommendation is to remove the dependency or upgrade to version 4.3.20.RELEASE or the latest version, if possible. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)