AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)

ambari-infra/ambari-infra-manager/pom.xml

@@ -29,8 +29,8 @@
   <artifactId>ambari-infra-manager</artifactId>
 
   <properties>
-    <spring.version>5.1.8.RELEASE</spring.version>
-    <spring.security.version>5.1.5.RELEASE</spring.security.version>
+    <spring.version>5.1.18.RELEASE</spring.version>
+    <spring.security.version>5.1.13.RELEASE</spring.security.version>
     <spring.ldap.version>2.3.2.RELEASE</spring.ldap.version>
     <jersey.version>2.27</jersey.version>
     <spring-batch.version>4.1.1.RELEASE</spring-batch.version>

ambari-logsearch/ambari-logsearch-server/pom.xml

@@ -26,8 +26,8 @@
   <packaging>jar</packaging>
   <name>Ambari Logsearch Server</name>
   <properties>
-    <spring.version>5.1.8.RELEASE</spring.version>
-    <spring.security.version>5.1.5.RELEASE</spring.security.version>
+    <spring.version>5.1.18.RELEASE</spring.version>
+    <spring.security.version>5.1.13.RELEASE</spring.security.version>
     <spring-data-solr.version>3.0.10.RELEASE</spring-data-solr.version>
     <spring-data.version>2.0.10.RELEASE</spring-data.version>
     <spring-boot.version>2.1.5.RELEASE</spring-boot.version>

ambari-project/pom.xml

@@ -38,8 +38,8 @@
     <swagger.maven.plugin.version>3.1.4</swagger.maven.plugin.version>
     <slf4j.version>1.7.20</slf4j.version>
     <guice.version>4.1.0</guice.version>
-    <spring.version>5.1.8.RELEASE</spring.version>
-    <spring.security.version>5.1.5.RELEASE</spring.security.version>
+    <spring.version>5.1.18.RELEASE</spring.version>
+    <spring.security.version>5.1.13.RELEASE</spring.security.version>
     <fasterxml.jackson.version>2.10.0</fasterxml.jackson.version>
     <fasterxml.jackson.databind.version>2.10.0</fasterxml.jackson.databind.version>
     <postgres.version>42.2.2</postgres.version>