summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@ericsson.com>2018-06-19 11:06:27 +0800
committerliamfallon <liam.fallon@ericsson.com>2018-06-19 11:08:44 +0800
commit54e09f566758b0176df3553cdec8a5e8f67efb0c (patch)
tree36f2832cdb5b4500bbb6a6b7b1a531f4dd7cc8aa
parent8623ca6174b6d724d3d480f0bf54300f18460350 (diff)
Fix security vul'y in Curator Locking Plugin
Increment the version of the Curator dependencies. Upgrade the version of Zookeeper used by Curator tot he latest version. Remove ancient log4j dependency from Zookeeper. Issue-ID: POLICY-905 Change-Id: I103bd36404d3dc9c33bdd59585f67ba0fde349be Signed-off-by: liamfallon <liam.fallon@ericsson.com>
-rw-r--r--plugins/plugins-context/context-locking/context-locking-curator/pom.xml31
1 files changed, 28 insertions, 3 deletions
diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
index d5d50e1a1..1094ced4e 100644
--- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
+++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
@@ -34,12 +34,37 @@
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ <exclusions>
+ <!-- The default Zookeeper version in Curator has vulnerabilities -->
+ <exclusion>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ </dependency>
+ <!-- The latest Zookeeper version fixes the vulnerabilities -->
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.5.4-beta</version>
+ <exclusions>
+ <!-- Zookeeper uses an ancient version of log4j -->
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.curator</groupId>
+ <artifactId>curator-recipes</artifactId>
+ <version>4.0.1</version>
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>