You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@curator.apache.org by "Dóra Horváth (Jira)" <ji...@apache.org> on 2022/02/16 14:32:00 UTC

[jira] [Commented] (CURATOR-631) Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version

    [ https://issues.apache.org/jira/browse/CURATOR-631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17493256#comment-17493256 ] 

Dóra Horváth commented on CURATOR-631:
--------------------------------------

I can work on this ticket, but cannot assign myself.

> Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version
> --------------------------------------------------------------------------------------------
>
>                 Key: CURATOR-631
>                 URL: https://issues.apache.org/jira/browse/CURATOR-631
>             Project: Apache Curator
>          Issue Type: Task
>            Reporter: Dóra Horváth
>            Assignee: Jordan Zimmerman
>            Priority: Major
>
> Curator is pulling in resteasy-jaxrs 2.3.5 which is affected by multiple CVEs inlcuding CVE-2016-9606 and CVE-2014-3490. 
> 2.3.5 is also deprecated and needs to be upgraded. 
> Curator is also pulling jersey 1.19.4 which is an old version and needs to be upgraded to 2.35 or later (3.0.4).
> resteasy-jaxrs dependency cannot be higher than 2.x for compatibility with Jersey 1.x, this is why they need to be upgraded together.
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)