summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2018-06-19 15:11:08 +0000
committerGerrit Code Review <gerrit@onap.org>2018-06-19 15:11:08 +0000
commit04c9f0fe95c3f750a2bd2b7142f8eebf5ee39381 (patch)
tree4b2f67ccd9ca8dc0da10a75898353bc4e52ab312 /plugins
parent28a639db40aaa98bcfdaf6c690780b727524b2b4 (diff)
parent54e09f566758b0176df3553cdec8a5e8f67efb0c (diff)
Merge "Fix security vul'y in Curator Locking Plugin"
Diffstat (limited to 'plugins')
-rw-r--r--plugins/plugins-context/context-locking/context-locking-curator/pom.xml31
1 files changed, 28 insertions, 3 deletions
diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
index d5d50e1a1..1094ced4e 100644
--- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
+++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
@@ -34,12 +34,37 @@
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ <exclusions>
+ <!-- The default Zookeeper version in Curator has vulnerabilities -->
+ <exclusion>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ </dependency>
+ <!-- The latest Zookeeper version fixes the vulnerabilities -->
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.5.4-beta</version>
+ <exclusions>
+ <!-- Zookeeper uses an ancient version of log4j -->
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.curator</groupId>
+ <artifactId>curator-recipes</artifactId>
+ <version>4.0.1</version>
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>