You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@curator.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/06/30 12:57:00 UTC
[jira] [Work logged] (CURATOR-631) Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version
[ https://issues.apache.org/jira/browse/CURATOR-631?focusedWorklogId=786571&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-786571 ]
ASF GitHub Bot logged work on CURATOR-631:
------------------------------------------
Author: ASF GitHub Bot
Created on: 30/Jun/22 12:56
Start Date: 30/Jun/22 12:56
Worklog Time Spent: 10m
Work Description: horvathdora closed pull request #424: CURATOR-631: Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version
URL: https://github.com/apache/curator/pull/424
Issue Time Tracking
-------------------
Worklog Id: (was: 786571)
Remaining Estimate: 0h
Time Spent: 10m
> Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version
> --------------------------------------------------------------------------------------------
>
> Key: CURATOR-631
> URL: https://issues.apache.org/jira/browse/CURATOR-631
> Project: Apache Curator
> Issue Type: Task
> Reporter: Dóra Horváth
> Assignee: Jordan Zimmerman
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Curator is pulling in resteasy-jaxrs 2.3.5 which is affected by multiple CVEs inlcuding CVE-2016-9606 and CVE-2014-3490.
> 2.3.5 is also deprecated and needs to be upgraded.
> Curator is also pulling jersey 1.19.4 which is an old version and needs to be upgraded to 2.35 or later (3.0.4).
> resteasy-jaxrs dependency cannot be higher than 2.x for compatibility with Jersey 1.x, this is why they need to be upgraded together.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)