Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.7.0
Description
Remove - or upgrade to a recommended version - the following libraries in ambari-agent due to security concerns:
- Remove dependency on com.jcraft:jsch 0.1.42 (or upgrade to version is 0.1.45 or greater)
- Remove dependency on org.mortbay.jetty:jetty-util 6.1.26 (or upgrade to version is 6.1.26.hwx or greater)
- Remove dependency on org.apache.zookeeper:zookeeper 3.4.9 (or upgrade to version 3.4.10, 3.5.3, and later. pre CVE-2017-5637)
- Remove dependency on commons-httpclient:commons-httpclient 3.1 (or upgrade to version 5.0-alpha2-RC1)
- Remove dependency on commons-beanutils:commons-beanutils-core 1.8.0 (or upgrade to version 1.9.2 or 1.9.3)
Attachments
Issue Links
- links to