summaryrefslogtreecommitdiffstats
path: root/plugins/plugins-context/context-locking
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/plugins-context/context-locking')
-rw-r--r--plugins/plugins-context/context-locking/context-locking-curator/pom.xml31
1 files changed, 28 insertions, 3 deletions
diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
index d5d50e1a1..1094ced4e 100644
--- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
+++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
@@ -34,12 +34,37 @@
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ <exclusions>
+ <!-- The default Zookeeper version in Curator has vulnerabilities -->
+ <exclusion>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
- <version>4.0.0</version>
+ <version>4.0.1</version>
+ </dependency>
+ <!-- The latest Zookeeper version fixes the vulnerabilities -->
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.5.4-beta</version>
+ <exclusions>
+ <!-- Zookeeper uses an ancient version of log4j -->
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.curator</groupId>
+ <artifactId>curator-recipes</artifactId>
+ <version>4.0.1</version>
</dependency>
</dependencies>
-</project> \ No newline at end of file
+</project>