[ZOOKEEPER-2952] Upgrade third party libraries to address vulnerabilities - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.5.3, 3.4.11, 3.6.0
Fix Version/s: 3.5.4, 3.6.0, 3.4.12
Component/s: server
Labels:

Flags:

Important

Description

Hi,

I'm going to upgrade the following third party libraries in order to address vulnerabilities found in them:

io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
org.slf4j:slf4j-api 1.7.5 -> 1.7.25
log4j:log4j 1.2.16 -> 1.2.17

Please review the list and let me know if you have any concerns or would like to add more deps to upgrade.

Thanks,
Andor

Attachments

Issue Links

links to

GitHub Pull Request #429

GitHub Pull Request #435

Activity

People

Assignee:: Andor Molnar

Reporter:: Andor Molnar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Dec/17 10:38

Updated:: 14/Dec/17 07:26

Resolved:: 13/Dec/17 22:02