rich7420 opened a new pull request, #3981: URL: https://github.com/apache/ambari/pull/3981
## What changes were proposed in this pull request? This pull request addresses a potential security vulnerability by removing the dependency on commons-collections:commons-collections:3.2.2, which is known to have security issues (e.g., CVE-2015-7501). The changes include: Added exclusion rules for commons-collections:commons-collections in the ambari-server and ambari-funtest modules' pom.xml files to prevent the inclusion of version 3.2.2 via org.apache.directory.api:api-ldap-client-api:2.0.0.AM1. Ensured all modules use org.apache.commons:commons-collections4:4.4, a secure and modern alternative, either by adding it as a direct dependency where needed or relying on existing declarations. Updated the parent pom.xml (if applicable) to enforce commons-collections4:4.4 in <dependencyManagement> to prevent future accidental inclusion of older versions. ## How was this patch tested? - Dependency Tree Verification: Run `mvn dependency:tree | grep commons-collections` to confirm that commons-collections:commons-collections:3.2.2 no longer appears in the dependency tree, and only commons-collections4:4.4 is used. - Build Tests: Executed `mvn clean install` to ensure the project builds successfully without errors. - Unit Tests: Run `mvn test `to verify that all unit tests Please review [Ambari Contributing Guide](https://cwiki.apache.org/confluence/display/AMBARI/How+to+Contribute) before opening a pull request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org For additional commands, e-mail: dev-h...@ambari.apache.org
