You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Krisztian Kasa (JIRA)" <ji...@apache.org> on 2019/06/19 10:06:00 UTC
[jira] [Created] (AMBARI-25316) Upgrade dependency on
org.springframework:spring-web:jar:4.3.18.RELEASE in Ambari Server
Krisztian Kasa created AMBARI-25316:
---------------------------------------
Summary: Upgrade dependency on org.springframework:spring-web:jar:4.3.18.RELEASE in Ambari Server
Key: AMBARI-25316
URL: https://issues.apache.org/jira/browse/AMBARI-25316
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.7.3
Reporter: Krisztian Kasa
Assignee: Krisztian Kasa
Fix For: 2.7.4
Remove dependency on org.springframework.security:spring-security-web 4.3.18.RELEASE in Ambari Server due to security concerns. See
https://nvd.nist.gov/vuln/detail/CVE-2018-15756
{code}
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.ambari:ambari-server >-------------------
[INFO] Building Ambari Server 2.7.3.0.0
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
...
[INFO] +- org.springframework:spring-web:jar:4.3.18.RELEASE:compile
{code}
Recommendation is to remove the dependency or upgrade to version 4.3.20.RELEASE or the latest version, if possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)