[ https://issues.apache.org/jira/browse/AMBARI-24507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jayush Luniya updated AMBARI-24507: ----------------------------------- Priority: Blocker (was: Critical) > Remove dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for > Ambari Server > ------------------------------------------------------------------------------------------- > > Key: AMBARI-24507 > URL: https://issues.apache.org/jira/browse/AMBARI-24507 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.7.1 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Blocker > Labels: pull-request-available > Fix For: 2.7.1 > > Time Spent: 40m > Remaining Estimate: 0h > > Remove dependency on org.bouncycastle bcprov-jdk15on before version 1.6.0 for > Ambari Server security concerns. See > * CVE-2018-1000180 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000180 > This dependency is compiled into the apacheds-all.jar from > {code} > <dependency> > <groupId>org.apache.directory.server</groupId> > <artifactId>apacheds-all</artifactId> > <version>2.0.0-M24</version> > </dependency> > {code} > The relevant parts of this need to be broken out and the offending bouncy > castle JAR needs to be excluded as needed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)