zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andor Molnar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-2952) Upgrade third party libraries to address vulnerabilities
Date Tue, 12 Dec 2017 10:39:00 GMT
Andor Molnar created ZOOKEEPER-2952:
---------------------------------------

             Summary: Upgrade third party libraries to address vulnerabilities
                 Key: ZOOKEEPER-2952
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2952
             Project: ZooKeeper
          Issue Type: Improvement
          Components: server
    Affects Versions: 3.4.11, 3.5.3
            Reporter: Andor Molnar
            Assignee: Andor Molnar
            Priority: Critical
             Fix For: 3.5.4, 3.4.12


Hi,

I'm going to upgrade the following third party libraries in order to address vulnerabilities
found in them:

- io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf:
CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
- org.slf4j:slf4j-api 1.6.1 -> 1.7.25
- log4j:log4j 1.2.16 -> 1.2.17

Please review the list and let me know if you have any concerns or would like to add more
deps to upgrade.

Thanks,
Andor




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message