Robert Levas created AMBARI-24507:
-------------------------------------
Summary: Remove dependency on org.bouncycastle bcprov-jdk15on
before version 1.6.0 for Ambari Server
Key: AMBARI-24507
URL: https://issues.apache.org/jira/browse/AMBARI-24507
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.7.1
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.7.1
Remove dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for
Ambari Server security concerns. See
* CVE-2018-1000180 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000180
This dependency is compiled into the apacheds-all.jar from
{code}
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-all</artifactId>
<version>2.0.0-M24</version>
</dependency>
{code}
The relevant parts of this need to be broken out and the offending bouncy
castle JAR needs to be excluded as needed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
