[
https://issues.apache.org/jira/browse/AMBARI-23064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated AMBARI-23064:
-----------------------------------
Fix Version/s: (was: 2.7.0)
> Remove dependency on com.fasterxml.jackson.core:jackson-databind before
> version 2.9.4 for Ambari Server
> -------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-23064
> URL: https://issues.apache.org/jira/browse/AMBARI-23064
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.2
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Blocker
> Labels: black-duck, pull-request-available
> Fix For: 2.6.2
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Remove dependency on com.fasterxml.jackson.core:jackson-databind before
> version 2.9.4 due to security concerns. See
> * CVE-2018-5968 - [https://nvd.nist.gov/vuln/detail/CVE-2018-5968]
> * CVE-2017-17485 - [https://nvd.nist.gov/vuln/detail/CVE-2017-17485]
> {noformat}
> --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server ---
> org.apache.ambari:ambari-server:jar:2.6.1.0.0
> \- com.networknt:json-schema-validator:jar:0.1.10:test
> \- com.fasterxml.jackson.core:jackson-databind:jar:2.8.7:test
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
