summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorchenying83 <chenying83@huawei.com>2018-04-26 08:20:10 +0000
committerchenying83 <chenying83@huawei.com>2018-04-26 08:20:10 +0000
commit98e3f70497d2cdde07bb03a57fdd2ebdf3208882 (patch)
treece2d6f0dbff4f98e0a3612c05edbdab2ec0752c8
parentefdfc40f759c70b9ab2ac7e23de42c7d211fde79 (diff)
Fix library CVEs in SO
Fix additional CVEs: commons-fileupload 1.3.3 For CVE-2016-1000031 logback 1.1.11 For CVE-2017-5929 springframework 4.3.14.RELEASE For CVE-2014-0225 CVE-2015-5211 Issue-ID: SO-579 Change-Id: I94f8332d420d2586262260a0a59a645f0de66b73 Signed-off-by: chenying83 <chenying83@huawei.com>
-rw-r--r--packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final2
-rw-r--r--pom.xml18
2 files changed, 19 insertions, 1 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
index 771949fdfd..7b5f06ae98 100644
--- a/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
+++ b/packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final
@@ -68,7 +68,7 @@ RUN apt-get -y install \
zlib1g=1:1.2.11.dfsg-0ubuntu2 \
libexpat1=2.2.5-3 \
libc-bin=2.26-0ubuntu2.1 libc6=2.26-0ubuntu2.1 \
- openssl=1.1.0g-2ubuntu3 \
+ openssl=1.1.0g-2ubuntu4 \
libpcre3=2:8.39-5ubuntu3
RUN apt-get install -y netcat curl && curl -LO https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y
diff --git a/pom.xml b/pom.xml
index ed64d08b70..73286d651c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -529,6 +529,24 @@
<version>${resteasy.version}</version>
<scope>test</scope>
</dependency>
+ <!-- For CVE-2016-1000031 -->
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
+ </dependency>
+ <!-- For CVE-2017-5929 -->
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.1.11</version>
+ </dependency>
+ <!-- For CVE-2014-0225 CVE-2015-5211 -->
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>4.3.14.RELEASE</version>
+ </dependency>
</dependencies>
<dependencyManagement>
<dependencies>