[AMBARI-23691] Fix CVE security issues in AMS dependencies. (#1097)
diff --git a/ambari-metrics-common/pom.xml b/ambari-metrics-common/pom.xml
index 872e2b4..99b4331 100644
--- a/ambari-metrics-common/pom.xml
+++ b/ambari-metrics-common/pom.xml
@@ -155,7 +155,7 @@
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
- <version>2.12.0</version>
+ <version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
diff --git a/ambari-metrics-hadoop-sink/pom.xml b/ambari-metrics-hadoop-sink/pom.xml
index 0b291cb..97d573a 100644
--- a/ambari-metrics-hadoop-sink/pom.xml
+++ b/ambari-metrics-hadoop-sink/pom.xml
@@ -31,7 +31,6 @@
<packaging>jar</packaging>
<properties>
<sinkJarName>${project.artifactId}-with-common-${project.version}.jar</sinkJarName>
- <hadoopVersion>3.0.0-beta1</hadoopVersion>
</properties>
@@ -142,7 +141,7 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
- <version>${hadoopVersion}</version>
+ <version>3.0.0</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -171,7 +170,7 @@
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
- <version>1.6</version>
+ <version>1.10</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git a/ambari-metrics-host-aggregator/pom.xml b/ambari-metrics-host-aggregator/pom.xml
index d126be5..41081d0 100644
--- a/ambari-metrics-host-aggregator/pom.xml
+++ b/ambari-metrics-host-aggregator/pom.xml
@@ -75,7 +75,7 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
- <version>2.7.1.2.3.4.0-3347</version>
+ <version>3.0.0</version>
</dependency>
<dependency>
<groupId>com.sun.jersey.jersey-test-framework</groupId>
diff --git a/ambari-metrics-kafka-sink/pom.xml b/ambari-metrics-kafka-sink/pom.xml
index 91f8fe7..46afed3 100644
--- a/ambari-metrics-kafka-sink/pom.xml
+++ b/ambari-metrics-kafka-sink/pom.xml
@@ -144,7 +144,7 @@
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka_2.10</artifactId>
- <version>0.10.1.0</version>
+ <version>0.10.2.1</version>
<exclusions>
<exclusion>
<groupId>com.sun.jdmk</groupId>
diff --git a/ambari-metrics-timelineservice/pom.xml b/ambari-metrics-timelineservice/pom.xml
index 98744a1..fcb8186 100644
--- a/ambari-metrics-timelineservice/pom.xml
+++ b/ambari-metrics-timelineservice/pom.xml
@@ -311,6 +311,10 @@
<artifactId>zkclient</artifactId>
<groupId>com.101tec</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>zookeeper</artifactId>
+ <groupId>org.apache.zookeeper</groupId>
+ </exclusion>
</exclusions>
</dependency>
<!-- zkclient is helix-core dependency but it need to be 0.9 in order for AMS HA to work on secure cluster-->
@@ -320,6 +324,11 @@
<version>0.9</version>
</dependency>
<dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.4.5.1.3.0.0-107</version>
+ </dependency>
+ <dependency>
<groupId>org.apache.phoenix</groupId>
<artifactId>phoenix-core</artifactId>
<version>${phoenix.version}</version>
