Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.6.2
Description
Remove dependency on org.apache.httpcomponents:httpclient:jar before version 4.3.5.1 due to security concerns. See
- CVE-2015-5262 - https://nvd.nist.gov/vuln/detail/CVE-2015-5262
- CVE-2014-3577 - https://nvd.nist.gov/vuln/detail/CVE-2014-3577
--- maven-dependency-plugin:2.8:tree(default-cli) @ ambari-funtest --- org.apache.ambari:ambari-funtest:jar:2.6.1.0.0 +- org.apache.httpcomponents:httpclient:jar:4.5.2:compile +- org.apache.ambari:ambari-metrics-common:jar:2.6.1.0.0:compile | \- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2) \- org.apache.ambari:ambari-server:jar:2.6.1.0.0:compile +- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2) +- org.apache.hadoop:hadoop-auth:jar:2.7.2:compile | \- (org.apache.httpcomponents:httpclient:jar:4.2.5:compile - omitted for conflict with 4.5.2) \- org.apache.hadoop:hadoop-common:jar:2.7.2:compile \- net.java.dev.jets3t:jets3t:jar:0.9.0:compile \- (org.apache.httpcomponents:httpclient:jar:4.1.2:compile - omitted for conflict with 4.5.2)
Attachments
Issue Links
- relates to
-
AMBARI-23141 Fix BlackDuck found security issues in Ambari Functional Tests
- Resolved
- links to