Apache Ambari Release Notes
Also available as:
PDF

Common Vulnerabilities and Exposures

Ambari 2.6.1.0 includes fixes for the following information-security Common Vulnerabilities and Exposures (CVEs)

Table 1.4.  Ambari 2.6.1.0 CVEs

CVE #

Description

CVE-2017-12629

RunExecutableListener has been disabled by default (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving external entities in the XML query parser (defType=xmlparser or {!xmlparser ... }) is now disabled by default.

CVE-2017-7660

Fixed Security Vulnerability in secure inter-node communication in Apache Solr

CVE-2017-3163

Fixed ReplicationHandler path traversal vulnerability

CVE-2016-6809

Upgraded TIKA fixing a potential vulnerability

CVE-2016-3092

Upgraded commons-fileupload to 1.3.2, fixing a potential vulnerability