[ https://issues.apache.org/jira/browse/AMBARI-25316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Krisztian Kasa resolved AMBARI-25316. ------------------------------------- Resolution: Fixed > Upgrade dependency on org.springframework:spring-web:jar:4.3.18.RELEASE in > Ambari Server > ---------------------------------------------------------------------------------------- > > Key: AMBARI-25316 > URL: https://issues.apache.org/jira/browse/AMBARI-25316 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.7.3 > Reporter: Krisztian Kasa > Assignee: Krisztian Kasa > Priority: Major > Labels: pull-request-available > Fix For: 2.7.4 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Remove dependency on org.springframework.security:spring-security-web > 4.3.18.RELEASE in Ambari Server due to security concerns. See > https://nvd.nist.gov/vuln/detail/CVE-2018-15756 > {code} > [INFO] Scanning for projects... > [INFO] > [INFO] ------------------< org.apache.ambari:ambari-server > >------------------- > [INFO] Building Ambari Server 2.7.3.0.0 > [INFO] --------------------------------[ jar > ]--------------------------------- > [INFO] > [INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ ambari-server --- > ... > [INFO] +- org.springframework:spring-web:jar:4.3.18.RELEASE:compile > {code} > Recommendation is to remove the dependency or upgrade to version > 4.3.20.RELEASE or the latest version, if possible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)