Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.6.2
Description
Remove dependency on commons-collections:commons-collections before version 3.2.2 due to security concerns. See
- CVE-2015-6420 - https://nvd.nist.gov/vuln/detail/CVE-2015-6420
- CVE-2015-7501 - https://nvd.nist.gov/vuln/detail/CVE-2015-7501
- CVE-2017-15708 - https://nvd.nist.gov/vuln/detail/CVE-2017-15708
--- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-server ---
org.apache.ambari:ambari-server:jar:2.6.1.0.0
+- org.apache.directory.server:apacheds-server-annotations:jar:2.0.0-M19:test
| +- org.apache.directory.server:apacheds-core-annotations:jar:2.0.0-M19:test
| | +- org.apache.directory.server:apacheds-xdbm-partition:jar:2.0.0-M19:test
| | | \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate)
| | \- org.apache.directory.mavibot:mavibot:jar:1.0.0-M6:test
| | \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate)
| \- org.apache.directory.api:api-ldap-codec-core:jar:1.0.0-M26:test
| \- (commons-collections:commons-collections:jar:3.2.1:compile - scope updated from test; omitted for duplicate)
+- org.apache.directory.server:apacheds-core-integ:jar:2.0.0-M19:test
| +- org.apache.directory.server:apacheds-interceptors-authn:jar:2.0.0-M19:test
| | \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate)
| \- org.apache.directory.server:apacheds-interceptors-hash:jar:2.0.0-M19:test
| \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate)
+- org.apache.directory.server:apacheds-kerberos-codec:jar:2.0.0-M19:compile
| \- org.apache.directory.api:api-ldap-model:jar:1.0.0-M26:compile
| \- (commons-collections:commons-collections:jar:3.2.1:compile - omitted for duplicate)
+- org.apache.directory.server:apacheds-core:jar:2.0.0-M19:test
| \- org.apache.directory.server:apacheds-interceptors-exception:jar:2.0.0-M19:test
| \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate)
+- org.apache.directory.shared:shared-ldap:jar:0.9.17:test
| \- (commons-collections:commons-collections:jar:3.2.1:compile - scope updated from test; omitted for duplicate)
+- org.apache.velocity:velocity:jar:1.7:compile
| \- commons-collections:commons-collections:jar:3.2.1:compile
+- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
| +- (commons-collections:commons-collections:jar:3.2.2:compile - omitted for conflict with 3.2.1)
| \- commons-configuration:commons-configuration:jar:1.6:compile
| \- (commons-collections:commons-collections:jar:3.2.1:compile - omitted for duplicate)
\- utility:utility:jar:1.0.0.0-SNAPSHOT:test
\- com.puppycrawl.tools:checkstyle:jar:6.19:test
\- (commons-collections:commons-collections:jar:3.2.2:test - omitted for conflict with 3.2.1)
Attachments
Issue Links
- is related to
-
-
- Resolved
-
- links to
