[AMBARI-23065] Upgrading org.apache.httpcomponents:httpclient dependecy to v4.5.5 and removing commons-httpclient:commons-httpclient dependency due to security reasons #454
Conversation
|
@rlevas @zeroflag @adoroszlai @oleewere Please review this PR; thanks! |
|
Refer to this link for build results (access rights to CI server needed): |
smolnar82
changed the title
|
retest this please |
|
Refer to this link for build results (access rights to CI server needed): |
|
retest this please |
|
Refer to this link for build results (access rights to CI server needed): |
|
retest this please |
|
Refer to this link for build results (access rights to CI server needed): |
…y to v4.5.5 and removing commons-httpclient:commons-httpclient dependency due to security reasons
smolnar82
force-pushed
the
AMBARI-23065
branch
from
83f9a5d
to
284440f
Compare
|
Refer to this link for build results (access rights to CI server needed): |
|
Refer to this link for build results (access rights to CI server needed): |
…y to v4.5.5 and removing commons-httpclient:commons-httpclient dependency due to security reasons (apache#454) (cherry picked from commit 2ebb3dd) Change-Id: I20422c5391f5207ab31e3d47df008ae1e989596f
What changes were proposed in this pull request?
Per CVE-2014-3577
Per CVE-2015-5262
So that we need to upgrade to a more recent version (>4.3.6); at the time of this issue is being fixed the latest one is 4.5.5
How was this patch tested?
After updating the affected pom.xml files I've done the following:
1.) Checking Maven's dependency resolution:
2.) I executed
mvn clean installinutilityand inambari-server:3.) In addition to this; I replaced the content of
usr/lib/ambari-serverin my vagrant host with the content fromambari-server/target/ambari-server-2.6.0.0.0-dist/usr/lib/ambari-server(where the relevant JAR(s) were replaced with version 4.5.5) and restarted the server; logged in and did some actions (in this case I used the REST API to get information about my cluster I created before); there were no any issues.