[jira] [Updated] (AMBARI-23064) Remove dependency on com.fasterxml.jackson.core:jackson-databind before version 2.9.4 for Ambari Server

ASF GitHub Bot (JIRA) Fri, 23 Feb 2018 05:08:26 -0800

     [ 
https://issues.apache.org/jira/browse/AMBARI-23064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated AMBARI-23064:
------------------------------------
    Labels: black-duck pull-request-available  (was: black-duck)

> Remove dependency on com.fasterxml.jackson.core:jackson-databind before 
> version 2.9.4 for Ambari Server
> -------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-23064
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23064
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.6.2
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Blocker
>              Labels: black-duck, pull-request-available
>             Fix For: 2.6.2, 2.7.0
>
>
> Remove dependency on com.fasterxml.jackson.core:jackson-databind before 
> version 2.9.4 due to security concerns. See
>  * CVE-2018-5968 - [https://nvd.nist.gov/vuln/detail/CVE-2018-5968]
>  * CVE-2017-17485 - [https://nvd.nist.gov/vuln/detail/CVE-2017-17485]
> {noformat}
>  --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
>  org.apache.ambari:ambari-server:jar:2.6.1.0.0
>  \- com.networknt:json-schema-validator:jar:0.1.10:test
>     \- com.fasterxml.jackson.core:jackson-databind:jar:2.8.7:test
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (AMBARI-23064) Remove dependency on com.fasterxml.jackson.core:jackson-databind before version 2.9.4 for Ambari Server

Reply via email to