AMBARI-26240: Fix alter dispatcher #3896
Conversation
Hello virajjasani, I sent Ambari Security an email about this vulnerability a long time ago( In fact, there is another vulnerability that has been around for a long time and has not been dealt with. You can contact me at [email protected].
|
|
@tarihub Sorry, this was a management and communication error between us and the security team regarding the user information for vulnerability submissions. Next time, you can email me directly and I'll handle it. |
Can you email me? I forwarded you the details of another vulnerability, which has not been fixed yet |
Ok, thank you for following Ambari and submitting Ambari-related CVEs |
I don't have permission to open this link. It seems that our jira permissions can only access normal issues. 
|
|
@tarihub Could you create a PR for the trunk branch? We plan to release Ambari 3.0 based on the trunk next month. I can help review and merged it. |
Because the issue seems to have stopped being fully open to the public, I will follow up with the Apache security team about this. In the meantime, you can register first and then @virajjasani to ask for their help in approving your registration. |
Another vulnerability was previously discussed via email for a fix, but no results were reached. |
I already have an account on jira, my username is tari, but I don't have permission to view security issues, so let me see how to submit it to you. |
|
@virajjasani Could you help tarihub check his jira acoount? |
|
I have provided contributor access to |
* AMBARI-26232 There will be failure when executing shell.py and wrong order of imports for WidgetResourceProvider.java (#3872) * There will be failure when executing shell.py * Wrong order of imports for WidgetResourceProvider.java * Fix issue of test failure * AMBARI-26234: ClusterNotFoundException in stage Confirm Hosts during deploying a cluster #3875 * AMBARI-26184: Resolve snakeyaml 1.12 CVE #3869 * AMBARI-26235: Unable to check firewalld status when setup ambari #3878 * AMBARI-26195: Ambari database page not wokring after JQ upgrade #3885 * AMBARI-26239: Fix OozieUtils (#3894) * AMBARI-26239: Fix OozieUtils * AMBARI-26205: Dropdown menu flex layout overflow #3895 * AMBARI-26236: The database password character type requirement is too few (#3883) * The database password character type requirement is too few * Add more special characters, and add UT for this case * Update test case * AMBARI-26240: Fix alter dispatcher (#3896) * AMBARI-26241: _threadlocal has no uid because it is always None #3898 * AMBARI-26243: refactor: convert .format() to f-strings #3899 * AMBARI-26244: convert .format() to f-strings for ambari-server #3901 * AMBARI-26245: refactor(ambari-agent): convert .format() to f-strings (#3902) * AMBARI-26249: Timeline Service v2 failed to start because of unable to create leveldb state store directory #3905 * AMBARI-26247: convert .format() to f-strings for ambari-contrib #3903 * Update the KEYS File * AMBARI-26253: Can't download all client configs (#3906) * AMBARI-26257: Create new Configuration Group now worked #3907 * AMBARI-26248: Timeline Service Reader failed to start if hbase is not installed #3904 * AMBARI-26147: Add Ruff integration to ambari (#3908) * add ruff check files * add formatted code * AMBARI-26251: tooltip display issue #3911 * AMBARI-26207: Metrics sortable not work #3912 * AMBARI-26255: fix can't add capacity-scheduler views (#3913) * AMBARI-26270: Add quicklink of hiveserver2 web ui #3918 * AMBARI-26142: JDK17 support for Ambari Co-authored-by: Mohammad Arshad <[email protected]> (#3851) * AMBARI-26204: Migrate RecommendationResourceProviderTest from EasyMoc… (#3860) * AMBARI-26204: Migrate RecommendationResourceProviderTest from EasyMock to Mockito * AMBARI-26203: Fix annotation processing issue in ConfigurationTest after JDK 17 upgrade (#3859) * AMBARI-26203: Fix testAllPropertiesHaveMarkdownDescriptions failed * AMBARI-26212: Fix checkstyle error (#3862) * Ambari-26211: Fix TaskActionScheduler test failed (#3861) * AMBARI-26211: Fix TaskActionScheduler test failed * AMBARI-26215: Fix BlueprintConfigurationProcessorTest and others (#3863) * AMBARI-26215: Fix BlueprintConfigurationProcessorTest and others * AMBARI-26220: Fix ConfigureClusterTaskTest Unexpected method calls: ClusterConfigurationRequest.getRequiredHostGroups() error (#3864) fix AsyncCallableServiceTest Unexpected method calls: Callable.call() error * AMBARI-26221: Fix StackAdvisorCommandTest error,remove unnecessary code. (#3865) * AMBARI-26222: Fix ClientConfigResourceProviderTest & PreUpgradeCheckResourceProviderTest& ExecutionSchedulerTest& AmbariProxiedUserDetailsServiceTest * AMBARI-26233: Fix ambari-env.sh after jdk upgrade (#3873) * fix ambari agent env after jdk upgrade * AMBARI-26238: Add Ambari Java Home configuration for JDK 17 in Ambari… (#3891) * AMBARI-26238: Add Ambari Java Home configuration for JDK 17 in Ambari server * AMBARI-26268: Remove default value for ambari-java-home in ambari-server.py to fix setup handling #3915 Co-authored-by: tongxiaojun <[email protected]> * AMBARI-26269: Fix regex pattern flag position in ambari_jinja2 filters #3917 * AMBARI-26269: Fix regex pattern flag position in ambari_jinja2 filters --------- Co-authored-by: tongxiaojun <[email protected]> * AMBARI-26249: Addendum, adjusting the location of creating directory code (#3920) * AMBARI-26271: Invalid parameter was provided when using shell.call in HostInfo.py #3919 * AMBARI-26273: Add Oceanbase Support to Ambari MySQL DDL #3921 Co-authored-by: tongxiaojun <[email protected]> * AMBARI-26275: NoClassesFoundToAnalyzeException when compiling ambari with jdk17 #3924 * AMBARI-25848 : Need to update org.codehaus.jackson:jackson-mapper-asl dependency (#3922) Issue: Need to update org.codehaus.jackson:jackson-mapper-asl dependency. Cause: the library has been moved to com.fasterxml.jackson.core » jackson-databind, hence to keep up with the newer versions need to update the library dependency. Changes made: to update the jackson-mapper-asl dependency to jackson-databind and the required library version upgrades Co-authored-by: Vishal Suvagia <[email protected]> * AMBARI-26276: fix hdfs web service check (#3925) * AMBARI-26277:fix kerberos encryption error (#3926) * AMBARI-26279: ambari-agent prints logs that netstat command not found #3928 * AMBARI-26286: refactor(ambari-ruff): convert .format() to f-strings #3927 AMBARI-26286: refactor(ambari-ruff): convert .format() to f-strings * AMBARI-26055: Add alluxio support (#3934) * add alluxio service Co-authored-by: jialiang <[email protected]> * fix license --------- Co-authored-by: jialiang <[email protected]> * AMBARI-26185: Upgrade commons-collections to resolve CVEs (#3936) --------- Co-authored-by: Peng Lu <[email protected]> Co-authored-by: Sandeep Kumar <[email protected]> Co-authored-by: zrain <[email protected]> Co-authored-by: coldless177 <[email protected]> Co-authored-by: jialiang <[email protected]> Co-authored-by: yaruyng <[email protected]> Co-authored-by: tongxiaojun <[email protected]> Co-authored-by: tongxiaojun <[email protected]> Co-authored-by: Vishal Suvagia <[email protected]> Co-authored-by: Vishal Suvagia <[email protected]>
3 participants
What changes were proposed in this pull request?
Fix alter dispatcher
How was this patch tested?
manual test and unit test
(Please explain how this patch was tested. Ex: unit tests, manual tests)
(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)
Please review Ambari Contributing Guide before opening a pull request.