You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/05/07 14:48:00 UTC
[jira] [Commented] (AMBARI-23775) Remove unsecure dependencies from
ambari-agent
[ https://issues.apache.org/jira/browse/AMBARI-23775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465980#comment-16465980 ]
Hudson commented on AMBARI-23775:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9195 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9195/])
AMBARI-23775. Removed (or upgraded) unsecure libraries from ambari-agent (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=d3399bdc68b2b124e7ecf29bb1621153e8a1b957])
* (edit) ambari-agent/pom.xml
* (edit) ambari-project/pom.xml
> Remove unsecure dependencies from ambari-agent
> ----------------------------------------------
>
> Key: AMBARI-23775
> URL: https://issues.apache.org/jira/browse/AMBARI-23775
> Project: Ambari
> Issue Type: Bug
> Components: ambari-agent
> Affects Versions: 2.7.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: black-duck, pull-request-available
> Fix For: 2.7.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Remove - or upgrade to a recommended version - the following libraries in ambari-agent due to security concerns:
> * Remove dependency on com.jcraft:jsch 0.1.42 (or upgrade to version is 0.1.45 or greater)
> * Remove dependency on org.mortbay.jetty:jetty-util 6.1.26 (or upgrade to version is 6.1.26.hwx or greater)
> * Remove dependency on org.apache.zookeeper:zookeeper 3.4.9 (or upgrade to version 3.4.10, 3.5.3, and later. pre [CVE-2017-5637|https://nvd.nist.gov/vuln/detail/CVE-2017-5637])
> * Remove dependency on commons-httpclient:commons-httpclient 3.1 (or upgrade to version 5.0-alpha2-RC1)
> * Remove dependency on commons-beanutils:commons-beanutils-core 1.8.0 (or upgrade to version 1.9.2 or 1.9.3)
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)