diff options
| author |   chenying83 <chenying83@huawei.com> | 2018-04-26 08:20:10 +0000 |
|---|---|---|
| committer | chenying83 <chenying83@huawei.com> | 2018-04-26 08:20:10 +0000 |
| commit | 98e3f70497d2cdde07bb03a57fdd2ebdf3208882 (patch) | |
| tree | ce2d6f0dbff4f98e0a3612c05edbdab2ec0752c8 | |
| parent | efdfc40f759c70b9ab2ac7e23de42c7d211fde79 (diff) | |
Fix library CVEs in SO
Fix additional CVEs:
commons-fileupload 1.3.3
For CVE-2016-1000031
logback 1.1.11
For CVE-2017-5929
springframework 4.3.14.RELEASE
For CVE-2014-0225 CVE-2015-5211
Issue-ID: SO-579
Change-Id: I94f8332d420d2586262260a0a59a645f0de66b73
Signed-off-by: chenying83 <chenying83@huawei.com>
| -rw-r--r-- | packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final | 2 | ||||
| -rw-r--r-- | pom.xml | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final index 771949fdfd..7b5f06ae98 100644 --- a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final @@ -68,7 +68,7 @@ RUN apt-get -y install \ zlib1g=1:1.2.11.dfsg-0ubuntu2 \ libexpat1=2.2.5-3 \ libc-bin=2.26-0ubuntu2.1 libc6=2.26-0ubuntu2.1 \ - openssl=1.1.0g-2ubuntu3 \ + openssl=1.1.0g-2ubuntu4 \ libpcre3=2:8.39-5ubuntu3 RUN apt-get install -y netcat curl && curl -LO https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y @@ -529,6 +529,24 @@ <version>${resteasy.version}</version> <scope>test</scope> </dependency> + <!-- For CVE-2016-1000031 --> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + <version>1.3.3</version> + </dependency> + <!-- For CVE-2017-5929 --> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.1.11</version> + </dependency> + <!-- For CVE-2014-0225 CVE-2015-5211 --> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + <version>4.3.14.RELEASE</version> + </dependency> </dependencies> <dependencyManagement> <dependencies> |