You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/08/09 16:19:02 UTC

[ambari] branch branch-2.7 updated: [AMBARI-24415] Remove dependencies with CVE issues from Ambari Server

This is an automated email from the ASF dual-hosted git repository.

rlevas pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new 3a691dd  [AMBARI-24415] Remove dependencies with CVE issues from Ambari Server
3a691dd is described below

commit 3a691ddb39f6fae45921cb20a7af65879aa7462b
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Wed Aug 8 11:08:23 2018 -0400

    [AMBARI-24415] Remove dependencies with CVE issues from Ambari Server
---
 ambari-project/pom.xml | 11 ++++++-----
 ambari-server/pom.xml  |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index ba98a7c..a2eb328 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -37,7 +37,8 @@
     <swagger.maven.plugin.version>3.1.4</swagger.maven.plugin.version>
     <slf4j.version>1.7.20</slf4j.version>
     <guice.version>4.1.0</guice.version>
-    <spring.version>4.3.16.RELEASE</spring.version>
+    <spring.version>4.3.17.RELEASE</spring.version>
+    <spring.security.version>4.2.7.RELEASE</spring.security.version>
     <fasterxml.jackson.version>2.9.5</fasterxml.jackson.version>
     <postgres.version>42.2.2</postgres.version>
     <forkCount>4</forkCount>
@@ -163,17 +164,17 @@
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-core</artifactId>
-        <version>4.2.4.RELEASE</version>
+        <version>${spring.security.version}</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-config</artifactId>
-        <version>4.2.4.RELEASE</version>
+        <version>${spring.security.version}</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-web</artifactId>
-        <version>4.2.4.RELEASE</version>
+        <version>${spring.security.version}</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security.kerberos</groupId>
@@ -189,7 +190,7 @@
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-ldap</artifactId>
-        <version>4.1.1.RELEASE</version>
+        <version>${spring.security.version}</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.ldap</groupId>
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index 5f0e10b..142e6c4 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1732,7 +1732,7 @@
     <dependency>
       <groupId>com.jcraft</groupId>
       <artifactId>jsch</artifactId>
-      <version>0.1.45</version>
+      <version>0.1.54</version>
     </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
@@ -1791,7 +1791,7 @@
     <dependency>
       <groupId>org.kohsuke</groupId>
       <artifactId>libpam4j</artifactId>
-      <version>1.8</version>
+      <version>1.10</version>
     </dependency>
     <dependency>
       <groupId>net.java.dev.jna</groupId>