[jira] [Updated] (AMBARI-23775) Remove unsecure dependencies from ambari-agent

Mon, 07 May 2018 04:30:22 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-23775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sandor Molnar updated AMBARI-23775:
-----------------------------------
    Description: 
Remove - or upgrade to a recommended version - the following libraries in 
ambari-agent due to security concerns:
 * Remove dependency on com.jcraft:jsch 0.1.42 (or upgrade to version is 0.1.45 
or greater)
 * Remove dependency on org.mortbay.jetty:jetty-util 6.1.26 (or upgrade to 
version is 6.1.26.hwx or greater)
 * Remove dependency on org.apache.zookeeper:zookeeper 3.4.9 (or upgrade to 
version 3.4.10, 3.5.3, and later. pre 
[CVE-2017-5637|https://nvd.nist.gov/vuln/detail/CVE-2017-5637])
 * Remove dependency on commons-httpclient:commons-httpclient 3.1 (or upgrade 
to version  5.0-alpha2-RC1)
 * Remove dependency on commons-beanutils:commons-beanutils-core 1.8.0 (or 
upgrade to version 1.9.2 or 1.9.3)

 

  was:
Remove - or upgrade to a recommended version - the following libraries in 
ambari-agent due to security concerns:
 * Remove dependency on com.jcraft:jsch 0.1.42 (or upgrade to version is 0.1.45 
or greater)
 * Remove dependency on org.mortbay.jetty:jetty-util 6.1.26 (or upgrade to 
version is 6.1.26.hwx or greater)
 * Remove dependency on org.apache.zookeeper:zookeeper 3.4.9 (or upgrade to 
version is 3.4.5.1.3.0.0-107 or greater)
 * Remove dependency on commons-httpclient:commons-httpclient 3.1 (or upgrade 
to version  5.0-alpha2-RC1)
 * Remove dependency on commons-beanutils:commons-beanutils-core 1.8.0 (or 
upgrade to version 1.9.2 or 1.9.3)

 


> Remove unsecure dependencies from ambari-agent
> ----------------------------------------------
>
>                 Key: AMBARI-23775
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23775
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent
>    Affects Versions: 2.7.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.7.0
>
>
> Remove - or upgrade to a recommended version - the following libraries in 
> ambari-agent due to security concerns:
>  * Remove dependency on com.jcraft:jsch 0.1.42 (or upgrade to version is 
> 0.1.45 or greater)
>  * Remove dependency on org.mortbay.jetty:jetty-util 6.1.26 (or upgrade to 
> version is 6.1.26.hwx or greater)
>  * Remove dependency on org.apache.zookeeper:zookeeper 3.4.9 (or upgrade to 
> version 3.4.10, 3.5.3, and later. pre 
> [CVE-2017-5637|https://nvd.nist.gov/vuln/detail/CVE-2017-5637])
>  * Remove dependency on commons-httpclient:commons-httpclient 3.1 (or upgrade 
> to version  5.0-alpha2-RC1)
>  * Remove dependency on commons-beanutils:commons-beanutils-core 1.8.0 (or 
> upgrade to version 1.9.2 or 1.9.3)
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to