Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-24450

Remove dependencies with potential security vulnerabilities from fast-hdfs-resource

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Remove dependencies with potential security vulnerabilities from fast-hdfs-resource. Most issues appear to be coming from dependencies of org.apache.hadoop:hadoop-core:1.2.1.

      • Apache Tomcat 5.5.12 - recommendation, exclude or update to 6.0.20.0 or above. 
        [INFO] ------------------------------------------------------------------------
[INFO] Building fast-hdfs-resource 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ fast-hdfs-resource ---
[INFO] org.apache.ambari:fast-hdfs-resource:jar:0.0.1-SNAPSHOT
[INFO] \- org.apache.hadoop:hadoop-core:jar:1.2.1:compile
[INFO]    +- tomcat:jasper-runtime:jar:5.5.12:compile
[INFO]    \- tomcat:jasper-compiler:jar:5.5.12:compile
[INFO] ------------------------------------------------------------------------
      • org.mortbay.jetty:jetty:6.1.26 - exclude or update to 6.1.26-hwx
      • org.mortbay.jetty:jsp-2.1:6.1H.14.1 - exclude or update to 6.1.0.0-fuse
      • org.mortbay.jetty:servlet-api-2.5:6.1.12rc1 - exclude or update to 6.1.0.1-fuse
      • org.mortbay.jetty:jetty-test:6.1.26 - exclude or update to 6.1.26.hwx 
        [INFO] ------------------------------------------------------------------------
[INFO] Building fast-hdfs-resource 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ fast-hdfs-resource ---
[INFO] org.apache.ambari:fast-hdfs-resource:jar:0.0.1-SNAPSHOT
[INFO] \- org.apache.hadoop:hadoop-core:jar:1.2.1:compile
[INFO]    +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO]    |  \- org.mortbay.jetty:servlet-api:jar:2.5-20081211:compile
[INFO]    +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO]    +- org.mortbay.jetty:jsp-api-2.1:jar:6.1.14:compile
[INFO]    |  \- org.mortbay.jetty:servlet-api-2.5:jar:6.1.14:compile
[INFO]    \- org.mortbay.jetty:jsp-2.1:jar:6.1.14:compile
[INFO] ------------------------------------------------------------------------

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dmitriusan Dmitry Lysnichenko
            dmitriusan Dmitry Lysnichenko
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h

                Slack

                  Issue deployment