Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.7.0
Description
Remove dependency on marked.js 0.3.2 in Ambari Web due to security concerns. See
[root@host ~]# ambari-server --version 2.7.0.0-519
[root@host ~]# find /usr/lib -name marked.js /usr/lib/ambari-server/web/api-docs/lib/marked.js
Recommendation is to remove the dependency or upgrade to version 0.3.2-1 or the latest version, if possible.
Attachments
Issue Links
- links to