Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.6.2
Description
Remove dependency on commons-beanutils:commons-beanutils before version 1.9.2 due to security concerns. See CVE-2014-0114 - https://nvd.nist.gov/vuln/detail/CVE-2014-0114
--- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-server ---
org.apache.ambari:ambari-server:jar:2.6.1.0.0
+- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
| \- commons-configuration:commons-configuration:jar:1.6:compile
| +- commons-digester:commons-digester:jar:1.8:compile
| | \- commons-beanutils:commons-beanutils:jar:1.9.2:compile
| \- commons-beanutils:commons-beanutils-core:jar:1.8.0:compile
\- utility:utility:jar:1.0.0.0-SNAPSHOT:test
\- com.puppycrawl.tools:checkstyle:jar:6.19:test
\- (commons-beanutils:commons-beanutils:jar:1.9.2:compile -
Attachments
Issue Links
- is related to
-
-
- Resolved
-
- links to
