Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-24450

Remove dependencies with potential security vulnerabilities from fast-hdfs-resource

    XMLWordPrintableJSON

    Details

      Description

      Remove dependencies with potential security vulnerabilities from fast-hdfs-resource. Most issues appear to be coming from dependencies of org.apache.hadoop:hadoop-core:1.2.1.

      • Apache Tomcat 5.5.12 - recommendation, exclude or update to 6.0.20.0 or above.
        [INFO] ------------------------------------------------------------------------
        [INFO] Building fast-hdfs-resource 0.0.1-SNAPSHOT
        [INFO] ------------------------------------------------------------------------
        [INFO]
        [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ fast-hdfs-resource ---
        [INFO] org.apache.ambari:fast-hdfs-resource:jar:0.0.1-SNAPSHOT
        [INFO] \- org.apache.hadoop:hadoop-core:jar:1.2.1:compile
        [INFO]    +- tomcat:jasper-runtime:jar:5.5.12:compile
        [INFO]    \- tomcat:jasper-compiler:jar:5.5.12:compile
        [INFO] ------------------------------------------------------------------------
        
      • org.mortbay.jetty:jetty:6.1.26 - exclude or update to 6.1.26-hwx
      • org.mortbay.jetty:jsp-2.1:6.1H.14.1 - exclude or update to 6.1.0.0-fuse
      • org.mortbay.jetty:servlet-api-2.5:6.1.12rc1 - exclude or update to 6.1.0.1-fuse
      • org.mortbay.jetty:jetty-test:6.1.26 - exclude or update to 6.1.26.hwx
        [INFO] ------------------------------------------------------------------------
        [INFO] Building fast-hdfs-resource 0.0.1-SNAPSHOT
        [INFO] ------------------------------------------------------------------------
        [INFO]
        [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ fast-hdfs-resource ---
        [INFO] org.apache.ambari:fast-hdfs-resource:jar:0.0.1-SNAPSHOT
        [INFO] \- org.apache.hadoop:hadoop-core:jar:1.2.1:compile
        [INFO]    +- org.mortbay.jetty:jetty:jar:6.1.26:compile
        [INFO]    |  \- org.mortbay.jetty:servlet-api:jar:2.5-20081211:compile
        [INFO]    +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
        [INFO]    +- org.mortbay.jetty:jsp-api-2.1:jar:6.1.14:compile
        [INFO]    |  \- org.mortbay.jetty:servlet-api-2.5:jar:6.1.14:compile
        [INFO]    \- org.mortbay.jetty:jsp-2.1:jar:6.1.14:compile
        [INFO] ------------------------------------------------------------------------
        

        Attachments

          Activity

            People

            • Assignee:
              dmitriusan Dmitry Lysnichenko
              Reporter:
              dmitriusan Dmitry Lysnichenko
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h