[AMBARI-24515] Remove dependency on JQuery 1.8.0 for Ambari Server UI - ASF JIRA

Attach files

Attach Screenshot

Voters

Stop watching

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.7.1
Fix Version/s: 2.7.1
Component/s: ambari-web
Labels:
- pull-request-available

Description

Remove dependency on JQuery 1.8.0 for Ambari Server UI due to security concerns. See

CVE-2012-6708 - https://nvd.nist.gov/vuln/detail/CVE-2012-6708
CVE-2011-4969 - https://nvd.nist.gov/vuln/detail/CVE-2011-4969
CVE-2015-9251 - https://nvd.nist.gov/vuln/detail/CVE-2015-9251

It is recommended that JQuery is updated to 1.8.3+1

Path to offending file:

ambari
|- ambari-server-2.7.1.0-119.x86_64.rpm
|  |- usr
|  |  |- lib
|  |  |  |- ambari-server
|  |  |  |  |- web
|  |  |  |  |  |- api-docs
|  |  |  |  |  |  |- lib
|  |  |  |  |  |  |  |- jquery-1.8.0.min.js

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #2128

Delete this link

GitHub Pull Request #2129

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Andrii Tkach

Reporter:: Andrii Tkach

Votes:: 0 Vote for this issue

Watchers:: 2 Stop watching this issue

Dates

Created:: 21/Aug/18 08:54

Updated:: 21/Aug/18 13:01

Resolved:: 21/Aug/18 12:13

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Remove dependency on JQuery 1.8.0 for Ambari Server UI

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment