You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Andrii Tkach (JIRA)" <ji...@apache.org> on 2018/08/21 12:14:00 UTC
[jira] [Resolved] (AMBARI-24515) Remove dependency on JQuery 1.8.0
for Ambari Server UI
[ https://issues.apache.org/jira/browse/AMBARI-24515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrii Tkach resolved AMBARI-24515.
-----------------------------------
Resolution: Fixed
> Remove dependency on JQuery 1.8.0 for Ambari Server UI
> ------------------------------------------------------
>
> Key: AMBARI-24515
> URL: https://issues.apache.org/jira/browse/AMBARI-24515
> Project: Ambari
> Issue Type: Bug
> Components: ambari-web
> Affects Versions: 2.7.1
> Reporter: Andrii Tkach
> Assignee: Andrii Tkach
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 2.7.1
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Remove dependency on JQuery 1.8.0 for Ambari Server UI due to security concerns. See
> * CVE-2012-6708 - https://nvd.nist.gov/vuln/detail/CVE-2012-6708
> * CVE-2011-4969 - https://nvd.nist.gov/vuln/detail/CVE-2011-4969
> * CVE-2015-9251 - https://nvd.nist.gov/vuln/detail/CVE-2015-9251
> It is recommended that JQuery is updated to 1.8.3+1
> Path to offending file:
> {noformat}
> ambari
> |- ambari-server-2.7.1.0-119.x86_64.rpm
> | |- usr
> | | |- lib
> | | | |- ambari-server
> | | | | |- web
> | | | | | |- api-docs
> | | | | | | |- lib
> | | | | | | | |- jquery-1.8.0.min.js
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)