[jira] [Created] (AMBARI-24778) Fix CVE issues in ambari server

Sandor Molnar (JIRA) Mon, 15 Oct 2018 04:07:09 -0700

Sandor Molnar created AMBARI-24778:
--------------------------------------

             Summary: Fix CVE issues in ambari server
                 Key: AMBARI-24778
                 URL: https://issues.apache.org/jira/browse/AMBARI-24778
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.7.3
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.7.3



The following 3rd party dependencies have to be eliminated/upgraded to a secure 
version based on the latest BlackDuck scan:
||Current version||Upgrade to||CVE issue(s)||
|org.springframework:spring-web:jar:4.3.17.RELEASE|org.springframework:spring-web:jar:4.3.18.RELEASE
 or the latest|CVE-2018-11039, CVE-2018-11040|
|jquery-1.8.3.min.js|1.9.0rc1 or the latest|CVE-2011-4969, CVE-2015-9251, 
CVE-2012-6708|
|org.eclipse.jetty:jetty-server:jar:9.4.11.v20180605|9.4.12.v20180830 or the 
latest|CVE-2017-9735, CVE-2018-12536|



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (AMBARI-24778) Fix CVE issues in ambari server

Reply via email to