[jira] [Commented] (AMBARI-24765) Fix CVE issues for Log Search (2.7.3)

Fri, 12 Oct 2018 02:26:29 -0700 


    [ 
https://issues.apache.org/jira/browse/AMBARI-24765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16647695#comment-16647695
 ] 

ASF GitHub Bot commented on AMBARI-24765:
-----------------------------------------

oleewere closed pull request #8: AMBARI-24765. Fix CVE issues for Log Search
URL: https://github.com/apache/ambari-logsearch/pull/8
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/ambari-logsearch-logfeeder-container-registry/pom.xml 
b/ambari-logsearch-logfeeder-container-registry/pom.xml
index e601034d8c..6983d099f7 100644
--- a/ambari-logsearch-logfeeder-container-registry/pom.xml
+++ b/ambari-logsearch-logfeeder-container-registry/pom.xml
@@ -40,12 +40,12 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>2.9.4</version>
+      <version>${fasterxml-jackson.version}</version>
     </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-annotations</artifactId>
-      <version>2.9.4</version>
+      <version>${fasterxml-jackson.version}</version>
     </dependency>
     <dependency>
       <groupId>commons-lang</groupId>
diff --git a/pom.xml b/pom.xml
index e40b81e219..7630919c44 100644
--- a/pom.xml
+++ b/pom.xml
@@ -93,6 +93,7 @@
     <compiler.version>3.8.0</compiler.version>
     <ambari-metrics.version>2.7.0.0.0</ambari-metrics.version>
     <logsearch.docker.tag>latest</logsearch.docker.tag>
+    <fasterxml-jackson.version>2.9.5</fasterxml-jackson.version>
   </properties>
 
   <licenses>
@@ -389,22 +390,22 @@
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-databind</artifactId>
-        <version>2.9.4</version>
+        <version>${fasterxml-jackson.version}</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-annotations</artifactId>
-        <version>2.9.4</version>
+        <version>${fasterxml-jackson.version}</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.dataformat</groupId>
         <artifactId>jackson-dataformat-yaml</artifactId>
-        <version>2.9.4</version>
+        <version>${fasterxml-jackson.version}</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.dataformat</groupId>
         <artifactId>jackson-dataformat-xml</artifactId>
-        <version>2.9.4</version>
+        <version>${fasterxml-jackson.version}</version>
         <exclusions>
           <exclusion>
             <groupId>com.fasterxml.woodstox</groupId>


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Fix CVE issues for Log Search (2.7.3)
> -------------------------------------
>
>                 Key: AMBARI-24765
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24765
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-logsearch
>    Affects Versions: 2.7.1
>            Reporter: Olivér Szabó
>            Assignee: Olivér Szabó
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.3
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to