zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andor Molnar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-2952) Upgrade third party libraries to address vulnerabilities
Date Tue, 12 Dec 2017 10:39:00 GMT
Andor Molnar created ZOOKEEPER-2952:

             Summary: Upgrade third party libraries to address vulnerabilities
                 Key: ZOOKEEPER-2952
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2952
             Project: ZooKeeper
          Issue Type: Improvement
          Components: server
    Affects Versions: 3.4.11, 3.5.3
            Reporter: Andor Molnar
            Assignee: Andor Molnar
            Priority: Critical
             Fix For: 3.5.4, 3.4.12


I'm going to upgrade the following third party libraries in order to address vulnerabilities
found in them:

- io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf:
CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
- org.slf4j:slf4j-api 1.6.1 -> 1.7.25
- log4j:log4j 1.2.16 -> 1.2.17

Please review the list and let me know if you have any concerns or would like to add more
deps to upgrade.


This message was sent by Atlassian JIRA

View raw message