This is an automated email from the ASF dual-hosted git repository.
oleewere pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new f613ada AMBARI-24765. Fix CVE issues for Log Search (2.7.3) (#2445)
f613ada is described below
commit f613ada643f74766f5ac5b55d095f483287eae9d
Author: Olivér Szabó <oleew...@gmail.com>
AuthorDate: Fri Oct 12 12:10:25 2018 +0200
AMBARI-24765. Fix CVE issues for Log Search (2.7.3) (#2445)
---
.../ambari-logsearch-logfeeder-container-registry/pom.xml | 6 +++---
ambari-logsearch/ambari-logsearch-logfeeder/pom.xml | 5 +++--
ambari-logsearch/ambari-logsearch-server/pom.xml | 14 ++++++++------
ambari-logsearch/pom.xml | 6 +++---
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git
a/ambari-logsearch/ambari-logsearch-logfeeder-container-registry/pom.xml
b/ambari-logsearch/ambari-logsearch-logfeeder-container-registry/pom.xml
index f9ed6dd..5c2cbc7 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder-container-registry/pom.xml
+++ b/ambari-logsearch/ambari-logsearch-logfeeder-container-registry/pom.xml
@@ -46,12 +46,12 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.9.4</version>
+ <version>2.9.5</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>2.9.4</version>
+ <version>2.9.5</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
@@ -82,4 +82,4 @@
</plugin>
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/pom.xml
b/ambari-logsearch/ambari-logsearch-logfeeder/pom.xml
index 3eb4763..c11faa9 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/pom.xml
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/pom.xml
@@ -33,8 +33,8 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <spring.version>4.3.17.RELEASE</spring.version>
- <spring-boot.version>1.5.13.RELEASE</spring-boot.version>
+ <spring.version>4.3.18.RELEASE</spring.version>
+ <spring-boot.version>1.5.14.RELEASE</spring-boot.version>
</properties>
<dependencies>
@@ -298,6 +298,7 @@
</goals>
<configuration>
+
<excludeArtifactIds>spring-boot-starter,spring-boot-starter-log4j</excludeArtifactIds>
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
<outputDirectory>${basedir}/target/libs</outputDirectory>
<overWriteReleases>false</overWriteReleases>
diff --git a/ambari-logsearch/ambari-logsearch-server/pom.xml
b/ambari-logsearch/ambari-logsearch-server/pom.xml
index 5637efa..b35e2f8 100755
--- a/ambari-logsearch/ambari-logsearch-server/pom.xml
+++ b/ambari-logsearch/ambari-logsearch-server/pom.xml
@@ -27,7 +27,7 @@
<url>http://maven.apache.org</url>
<name>Ambari Logsearch Server</name>
<properties>
- <spring.version>4.3.17.RELEASE</spring.version>
+ <spring.version>4.3.18.RELEASE</spring.version>
<spring.security.version>4.2.4.RELEASE</spring.security.version>
<spring.ldap.version>2.2.0.RELEASE</spring.ldap.version>
<jersey.version>2.25.1</jersey.version>
@@ -35,7 +35,7 @@
<swagger.version>1.5.16</swagger.version>
<spring-data-solr.version>2.0.2.RELEASE</spring-data-solr.version>
<jjwt.version>0.6.0</jjwt.version>
- <spring-boot.version>1.5.13.RELEASE</spring-boot.version>
+ <spring-boot.version>1.5.14.RELEASE</spring-boot.version>
</properties>
<profiles>
<profile>
@@ -107,7 +107,9 @@
<goal>copy-dependencies</goal>
</goals>
<configuration>
- <excludeArtifactIds>ambari-logsearch-web</excludeArtifactIds>
+
<excludeArtifactIds>ambari-logsearch-web,spring-boot-starter,spring-boot-starter-actuator,
+
spring-boot-starter-freemarker,spring-boot-starter-jersey,spring-boot-starter-jetty,spring-boot-starter-json,
+
spring-boot-starter-log4j,spring-boot-starter-security,spring-boot-starter-validation,spring-boot-starter-web</excludeArtifactIds>
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
<outputDirectory>${basedir}/target/libs</outputDirectory>
<overWriteReleases>false</overWriteReleases>
@@ -479,7 +481,7 @@
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-commons</artifactId>
- <version>1.13.11.RELEASE</version>
+ <version>1.13.12.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -494,12 +496,12 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>1.55</version>
+ <version>1.60</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
- <version>1.55</version>
+ <version>1.60</version>
</dependency>
<dependency>
<groupId>org.apache.ambari</groupId>
diff --git a/ambari-logsearch/pom.xml b/ambari-logsearch/pom.xml
index 1865291..a30860d 100644
--- a/ambari-logsearch/pom.xml
+++ b/ambari-logsearch/pom.xml
@@ -327,17 +327,17 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.9.4</version>
+ <version>2.9.5</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>2.9.4</version>
+ <version>2.9.5</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
- <version>2.9.4</version>
+ <version>2.9.5</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.woodstox</groupId>
