You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Andor Molnar (JIRA)" <ji...@apache.org> on 2017/12/12 11:05:00 UTC
[jira] [Updated] (ZOOKEEPER-2952) Upgrade third party libraries to
address vulnerabilities
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andor Molnar updated ZOOKEEPER-2952:
------------------------------------
Description:
Hi,
I'm going to upgrade the following third party libraries in order to address vulnerabilities found in them:
- io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
- org.slf4j:slf4j-api 1.7.5 -> 1.7.25
Please review the list and let me know if you have any concerns or would like to add more deps to upgrade.
Thanks,
Andor
was:
Hi,
I'm going to upgrade the following third party libraries in order to address vulnerabilities found in them:
- io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
- org.slf4j:slf4j-api 1.6.1 -> 1.7.25
- log4j:log4j 1.2.16 -> 1.2.17
Please review the list and let me know if you have any concerns or would like to add more deps to upgrade.
Thanks,
Andor
> Upgrade third party libraries to address vulnerabilities
> --------------------------------------------------------
>
> Key: ZOOKEEPER-2952
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2952
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.5.3, 3.4.11
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Critical
> Labels: dependencies, upgrade, vulnerabilities
> Fix For: 3.5.4, 3.4.12
>
>
> Hi,
> I'm going to upgrade the following third party libraries in order to address vulnerabilities found in them:
> - io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), CVE-1999-1198 (H), CVE-1999-1193 (H))
> - org.slf4j:slf4j-api 1.7.5 -> 1.7.25
> Please review the list and let me know if you have any concerns or would like to add more deps to upgrade.
> Thanks,
> Andor
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)