[AMBARI-23093] Remove dependency on org.apache.zookeeper:zookeeper before version 3.4.6.2.0.0.0-579 for Ambari Server - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.6.2
Fix Version/s: 2.6.2
Component/s: ambari-server
Labels:
- pull-request-available

Description

Remove dependency on org.apache.zookeeper:zookeeper before version 3.4.6.2.0.0.0-579 due to security concerns. See

CVE-2017-5637 - https://nvd.nist.gov/vuln/detail/CVE-2017-5637
CVE-2016-5017 - https://nvd.nist.gov/vuln/detail/CVE-2016-5017

 --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
 org.apache.ambari:ambari-server:jar:2.6.1.0.0
 +- org.apache.ambari:ambari-metrics-common:jar:2.6.1.0.0:compile
 |  \- org.apache.curator:curator-framework:jar:2.7.1:compile
 |     \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
 +- org.apache.hadoop:hadoop-auth:jar:2.7.2:compile
 |  \- org.apache.zookeeper:zookeeper:jar:3.4.6:compile
 \- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
    +- org.apache.curator:curator-client:jar:2.7.1:compile
    |  \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
    +- org.apache.curator:curator-recipes:jar:2.7.1:compile
    |  \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitted for duplicate)
    \- (org.apache.zookeeper:zookeeper:jar:3.4.6:compile - omitte

Attachments

Issue Links

is related to

AMBARI-23123 Fix BlackDuck found security issues in Ambari Server

Resolved

links to

GitHub Pull Request #493

Activity

People

Assignee:: Sandor Molnar

Reporter:: Sandor Molnar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Feb/18 13:24

Updated:: 01/Mar/18 19:56

Resolved:: 01/Mar/18 19:13

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 40m