[ https://issues.apache.org/jira/browse/AMBARI-24288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16545570#comment-16545570 ]
Hudson commented on AMBARI-24288: --------------------------------- SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9613 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9613/]) [AMBARI-24288] Remove org.apache.directory.api:api-ldap-model from (rlevas: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=5bc1428481ba35b270da42694a1047ba14735006]) * (edit) ambari-server/pom.xml > Remove org.apache.directory.api:api-ldap-model from Ambari server's > dependencies due to security concerns > --------------------------------------------------------------------------------------------------------- > > Key: AMBARI-24288 > URL: https://issues.apache.org/jira/browse/AMBARI-24288 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.0.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Major > Labels: cleanup, pull-request-available > Fix For: 2.7.1 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Remove {{org.apache.directory.api:api-ldap-model}} from Ambari server's > dependencies due to security concerns regarding the following CVE: > * CVE-2018-1337: Plaintext Password Disclosure in Secured Channel > See https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1337 > Though Ambari server includes {{api-ldap-model-1.0.0.jar}} in > {{/usr/lib/ambari-server}}, the library is not used. Therefore, the > vulnerability is not exposed and the library may be excluded from Ambari's > package. -- This message was sent by Atlassian JIRA (v7.6.3#76005)