[AMBARI-23869] Remove insecure dependencies from Ambari Server - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.7.0
Fix Version/s: 2.7.0
Component/s: ambari-agent, ambari-server
Labels:
- pull-request-available

Description

Remove insecure dependencies from Ambari Server

Jetty: Java based HTTP, Servlet, SPDY, WebSocket Server 6.1.26

[INFO] ------------------------------------------------------------------------
[INFO] Building Ambari Server 2.0.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
[INFO] org.apache.ambari:ambari-server:jar:2.0.0.0-SNAPSHOT
[INFO] +- org.mortbay.jetty:jsp-api-2.1-glassfish:jar:2.1.v20100127:compile
[INFO] +- org.mortbay.jetty:jsp-2.1-glassfish:jar:2.1.v20100127:compile
[INFO] \- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
[INFO]    \- org.mortbay.jetty:jetty:jar:6.1.26:compile

Recommendation is to remove the dependency or upgrade to version 6.1.26.hwx or the latest version, if possible.

Attachments

Issue Links

links to

GitHub Pull Request #1305

GitHub Pull Request #1330

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/May/18 23:43

Updated:: 10/Jul/18 04:37

Resolved:: 10/Jul/18 04:37

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m