diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2018-06-19 15:11:08 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-06-19 15:11:08 +0000 |
commit | 04c9f0fe95c3f750a2bd2b7142f8eebf5ee39381 (patch) | |
tree | 4b2f67ccd9ca8dc0da10a75898353bc4e52ab312 /plugins | |
parent | 28a639db40aaa98bcfdaf6c690780b727524b2b4 (diff) | |
parent | 54e09f566758b0176df3553cdec8a5e8f67efb0c (diff) |
Merge "Fix security vul'y in Curator Locking Plugin"
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/plugins-context/context-locking/context-locking-curator/pom.xml | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml index d5d50e1a1..1094ced4e 100644 --- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml +++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml @@ -34,12 +34,37 @@ <dependency> <groupId>org.apache.curator</groupId> <artifactId>curator-framework</artifactId> - <version>4.0.0</version> + <version>4.0.1</version> + <exclusions> + <!-- The default Zookeeper version in Curator has vulnerabilities --> + <exclusion> + <groupId>org.apache.zookeeper</groupId> + <artifactId>zookeeper</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.curator</groupId> <artifactId>curator-recipes</artifactId> - <version>4.0.0</version> + <version>4.0.1</version> + </dependency> + <!-- The latest Zookeeper version fixes the vulnerabilities --> + <dependency> + <groupId>org.apache.zookeeper</groupId> + <artifactId>zookeeper</artifactId> + <version>3.5.4-beta</version> + <exclusions> + <!-- Zookeeper uses an ancient version of log4j --> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.curator</groupId> + <artifactId>curator-recipes</artifactId> + <version>4.0.1</version> </dependency> </dependencies> -</project>
\ No newline at end of file +</project> |