Sandor Molnar created AMBARI-23054:
--------------------------------------
Summary: Remove dependency on commons-beanutils:commons-beanutils
before version 1.9.2 for Ambari Server
Key: AMBARI-23054
URL: https://issues.apache.org/jira/browse/AMBARI-23054
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.6.2
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.6.2, 2.7.0
Remove dependency on commons-beanutils:commons-beanutils before version 1.9.2
due to security concerns. See CVE-2014-0114 -
[https://nvd.nist.gov/vuln/detail/CVE-2014-0114]
{noformat}
--- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-server ---
org.apache.ambari:ambari-server:jar:2.6.1.0.0
+- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
| \- commons-configuration:commons-configuration:jar:1.6:compile
| +- commons-digester:commons-digester:jar:1.8:compile
| | \- commons-beanutils:commons-beanutils:jar:1.9.2:compile
| \- commons-beanutils:commons-beanutils-core:jar:1.8.0:compile
\- utility:utility:jar:1.0.0.0-SNAPSHOT:test
\- com.puppycrawl.tools:checkstyle:jar:6.19:test
\- (commons-beanutils:commons-beanutils:jar:1.9.2:compile -{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
