[
https://issues.apache.org/jira/browse/AMBARI-24778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16651593#comment-16651593
]
Hudson commented on AMBARI-24778:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #363 (See
[https://builds.apache.org/job/Ambari-branch-2.7/363/])
AMBARI-24778. Removed CVE issues from ambari-server (#2462) (github:
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=d7f13babdd0893d91d82a691a027d6fbda226ebe])
* (delete) ambari-web/api-docs/lib/jquery-1.8.3.min.js
* (edit) ambari-project/pom.xml
* (edit) ambari-web/api-docs/index.html
* (add) ambari-web/api-docs/lib/jquery-1.9.0.min.js
> Fix CVE issues in ambari server
> -------------------------------
>
> Key: AMBARI-24778
> URL: https://issues.apache.org/jira/browse/AMBARI-24778
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.3
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 2.7.3
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The following 3rd party dependencies have to be eliminated/upgraded to a
> secure version based on the latest BlackDuck scan:
> ||Current version||Upgrade to||CVE issue(s)||
> |org.springframework:spring-web:jar:4.3.17.RELEASE|org.springframework:spring-web:jar:4.3.18.RELEASE
> or the latest|CVE-2018-11039, CVE-2018-11040|
> |jquery-1.8.3.min.js|1.9.0rc1 or the latest|CVE-2011-4969, CVE-2015-9251,
> CVE-2012-6708|
> |org.eclipse.jetty:jetty-server:jar:9.4.11.v20180605|9.4.12.v20180830 or the
> latest|CVE-2017-9735, CVE-2018-12536|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
