Sandor Molnar created AMBARI-23054: -------------------------------------- Summary: Remove dependency on commons-beanutils:commons-beanutils before version 1.9.2 for Ambari Server Key: AMBARI-23054 URL: https://issues.apache.org/jira/browse/AMBARI-23054 Project: Ambari Issue Type: Bug Components: ambari-server Affects Versions: 2.6.2 Reporter: Sandor Molnar Assignee: Sandor Molnar Fix For: 2.6.2, 2.7.0
Remove dependency on commons-beanutils:commons-beanutils before version 1.9.2 due to security concerns. See CVE-2014-0114 - [https://nvd.nist.gov/vuln/detail/CVE-2014-0114] {noformat} --- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-server --- org.apache.ambari:ambari-server:jar:2.6.1.0.0 +- org.apache.hadoop:hadoop-common:jar:2.7.2:compile | \- commons-configuration:commons-configuration:jar:1.6:compile | +- commons-digester:commons-digester:jar:1.8:compile | | \- commons-beanutils:commons-beanutils:jar:1.9.2:compile | \- commons-beanutils:commons-beanutils-core:jar:1.8.0:compile \- utility:utility:jar:1.0.0.0-SNAPSHOT:test \- com.puppycrawl.tools:checkstyle:jar:6.19:test \- (commons-beanutils:commons-beanutils:jar:1.9.2:compile -{noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)