diff options
author | liamfallon <liam.fallon@ericsson.com> | 2018-06-19 11:06:27 +0800 |
---|---|---|
committer | liamfallon <liam.fallon@ericsson.com> | 2018-06-19 11:08:44 +0800 |
commit | 54e09f566758b0176df3553cdec8a5e8f67efb0c (patch) | |
tree | 36f2832cdb5b4500bbb6a6b7b1a531f4dd7cc8aa /plugins/plugins-context | |
parent | 8623ca6174b6d724d3d480f0bf54300f18460350 (diff) |
Fix security vul'y in Curator Locking Plugin
Increment the version of the Curator dependencies.
Upgrade the version of Zookeeper used by Curator tot he latest version.
Remove ancient log4j dependency from Zookeeper.
Issue-ID: POLICY-905
Change-Id: I103bd36404d3dc9c33bdd59585f67ba0fde349be
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
Diffstat (limited to 'plugins/plugins-context')
-rw-r--r-- | plugins/plugins-context/context-locking/context-locking-curator/pom.xml | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml index d5d50e1a1..1094ced4e 100644 --- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml +++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml @@ -34,12 +34,37 @@ <dependency> <groupId>org.apache.curator</groupId> <artifactId>curator-framework</artifactId> - <version>4.0.0</version> + <version>4.0.1</version> + <exclusions> + <!-- The default Zookeeper version in Curator has vulnerabilities --> + <exclusion> + <groupId>org.apache.zookeeper</groupId> + <artifactId>zookeeper</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.curator</groupId> <artifactId>curator-recipes</artifactId> - <version>4.0.0</version> + <version>4.0.1</version> + </dependency> + <!-- The latest Zookeeper version fixes the vulnerabilities --> + <dependency> + <groupId>org.apache.zookeeper</groupId> + <artifactId>zookeeper</artifactId> + <version>3.5.4-beta</version> + <exclusions> + <!-- Zookeeper uses an ancient version of log4j --> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.curator</groupId> + <artifactId>curator-recipes</artifactId> + <version>4.0.1</version> </dependency> </dependencies> -</project>
\ No newline at end of file +</project> |