[AMBARI-23064] Remove dependency on com.fasterxml.jackson.core:jackson-databind before version 2.9.4 for Ambari Server - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.6.2
Fix Version/s: 2.6.2
Component/s: ambari-server
Labels:
- black-duck
- pull-request-available

Description

Remove dependency on com.fasterxml.jackson.core:jackson-databind before version 2.9.4 due to security concerns. See

CVE-2018-5968 - https://nvd.nist.gov/vuln/detail/CVE-2018-5968
CVE-2017-17485 - https://nvd.nist.gov/vuln/detail/CVE-2017-17485

 --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
 org.apache.ambari:ambari-server:jar:2.6.1.0.0
 \- com.networknt:json-schema-validator:jar:0.1.10:test
    \- com.fasterxml.jackson.core:jackson-databind:jar:2.8.7:test

Attachments

Issue Links

is related to

AMBARI-23123 Fix BlackDuck found security issues in Ambari Server

Resolved

links to

GitHub Pull Request #453

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Feb/18 08:59

Updated:: 01/Mar/18 19:56

Resolved:: 01/Mar/18 19:12

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m