Details
-
Task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
commons-cli 1.2 is affected by a known vulnerability (). To fix it, we need to upgrade, but versions 1.3+ deprecated some classes we use in the code. In ZOOKEEPER-3941 we upgraded to commons-cli to version 1.4, but this was originally shipped only in ZooKeeper 3.7.0+.
To fix the CVE before the release 3.6.4, we need to update commons-cli (by backporting ZOOKEEPER-3941) on branch-3.6.
Attachments
Issue Links
- blocks
-
ZOOKEEPER-4644 Update 3rd party library versions before release 3.6.4
- Closed
- relates to
-
ZOOKEEPER-3941 Upgrade commons-cli to 1.4
- Closed
- links to