curator-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mujassim Sheikh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CURATOR-484) CVE-2014-0085, CVE-2018-8012 known security vulnerabilities
Date Mon, 12 Nov 2018 13:56:00 GMT

    [ https://issues.apache.org/jira/browse/CURATOR-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683820#comment-16683820
] 

Mujassim Sheikh commented on CURATOR-484:
-----------------------------------------

Hi Jordan,

Thanks for your reply. As per the dependency tree below

+- org.apache.curator:curator-x-discovery:jar:4.0.1:compile
| +- org.apache.curator:curator-recipes:jar:4.0.1:compile
| | \- org.apache.curator:curator-framework:jar:4.0.1:compile
| | \- org.apache.curator:curator-client:jar:4.0.1:compile
| | \- org.apache.zookeeper:zookeeper:jar:3.5.3-beta:compile

curator has dependency on zookeeper:jar:3.5.3-beta that is vulnerable to CVE-2018-8012, this
should be updated to the more stable version. 

> CVE-2014-0085, CVE-2018-8012 known security vulnerabilities
> -----------------------------------------------------------
>
>                 Key: CURATOR-484
>                 URL: https://issues.apache.org/jira/browse/CURATOR-484
>             Project: Apache Curator
>          Issue Type: Improvement
>            Reporter: Mujassim Sheikh
>            Assignee: Jordan Zimmerman
>            Priority: Major
>
> 1. Due to the dependency on apache zookeeper 3.5.3-beta, curator is vulnerable to CVE-2018-8012
>  We should change it to use 3.5.4-beta as soon as possible.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message