[jira] [Created] (AMBARI-24515) Remove dependency on JQuery 1.8.0 for Ambari Server UI

Andrii Tkach (JIRA) Tue, 21 Aug 2018 01:55:05 -0700

Andrii Tkach created AMBARI-24515:
-------------------------------------

             Summary: Remove dependency on JQuery 1.8.0 for Ambari Server UI
                 Key: AMBARI-24515
                 URL: https://issues.apache.org/jira/browse/AMBARI-24515
             Project: Ambari
          Issue Type: Bug
          Components: ambari-web
    Affects Versions: 2.7.1
            Reporter: Andrii Tkach
            Assignee: Andrii Tkach
             Fix For: 2.7.1



Remove dependency on JQuery 1.8.0 for Ambari Server UI due to security 
concerns. See 
* CVE-2012-6708 - https://nvd.nist.gov/vuln/detail/CVE-2012-6708
* CVE-2011-4969 - https://nvd.nist.gov/vuln/detail/CVE-2011-4969
* CVE-2015-9251 - https://nvd.nist.gov/vuln/detail/CVE-2015-9251

It is recommended that JQuery is updated to 1.8.3+1

Path to offending file:
{noformat}
ambari
|- ambari-server-2.7.1.0-119.x86_64.rpm
|  |- usr
|  |  |- lib
|  |  |  |- ambari-server
|  |  |  |  |- web
|  |  |  |  |  |- api-docs
|  |  |  |  |  |  |- lib
|  |  |  |  |  |  |  |- jquery-1.8.0.min.js
{noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (AMBARI-24515) Remove dependency on JQuery 1.8.0 for Ambari Server UI

Reply via email to