Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.6.2
Description
Remove dependency on org.apache.httpcomponents:httpclient:jar before version 4.3.5.1 due to security concerns. See
- CVE-2015-5262 - https://nvd.nist.gov/vuln/detail/CVE-2015-5262
- CVE-2014-3577 - https://nvd.nist.gov/vuln/detail/CVE-2014-3577
--- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-funtest ---
org.apache.ambari:ambari-funtest:jar:2.6.1.0.0
+- org.apache.httpcomponents:httpclient:jar:4.5.2:compile
+- org.apache.ambari:ambari-metrics-common:jar:2.6.1.0.0:compile
| \- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2)
\- org.apache.ambari:ambari-server:jar:2.6.1.0.0:compile
+- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2)
+- org.apache.hadoop:hadoop-auth:jar:2.7.2:compile
| \- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2)
\- org.apache.hadoop:hadoop-common:jar:2.7.2:compile
\- net.java.dev.jets3t:jets3t:jar:0.9.0:compile
\- (org.apache.httpcomponents:httpclient:jar:4.1.2:compile - omitted for conflict with 4.5.2)
Attachments
Issue Links
- relates to
-
-
- Resolved
-
- links to
