Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2952

Upgrade third party libraries to address vulnerabilities

    Details

    • Flags:
      Important

      Description

      Hi,

      I'm going to upgrade the following third party libraries in order to address vulnerabilities found in them:

      • io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
      • org.slf4j:slf4j-api 1.7.5 -> 1.7.25
      • log4j:log4j 1.2.16 -> 1.2.17

      Please review the list and let me know if you have any concerns or would like to add more deps to upgrade.

      Thanks,
      Andor

        Attachments

          Activity

            People

            • Assignee:
              andorm Andor Molnar
              Reporter:
              andorm Andor Molnar
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: