Code Review / policy / apex-pdp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8623ca6)
Fix security vul'y in Curator Locking Plugin 47/55047/1
authorliamfallon <liam.fallon@ericsson.com>
Tue, 19 Jun 2018 03:06:27 +0000 (11:06 +0800)
committerliamfallon <liam.fallon@ericsson.com>
Tue, 19 Jun 2018 03:08:44 +0000 (11:08 +0800)
Increment the version of the Curator dependencies.
Upgrade the version of Zookeeper used by Curator tot he latest version.
Remove ancient log4j dependency from Zookeeper.

Issue-ID: POLICY-905
Change-Id: I103bd36404d3dc9c33bdd59585f67ba0fde349be
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
plugins/plugins-context/context-locking/context-locking-curator/pom.xml patch | blob | history

diff --git a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
index d5d50e1..1094ced 100644 (file)
--- a/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
+++ b/plugins/plugins-context/context-locking/context-locking-curator/pom.xml
@@ -34,12 +34,37 @@
         <dependency>
             <groupId>org.apache.curator</groupId>
             <artifactId>curator-framework</artifactId>
-            <version>4.0.0</version>
+            <version>4.0.1</version>
+            <exclusions>
+                <!-- The default Zookeeper version in Curator has vulnerabilities -->
+                <exclusion>
+                    <groupId>org.apache.zookeeper</groupId>
+                    <artifactId>zookeeper</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.curator</groupId>
             <artifactId>curator-recipes</artifactId>
-            <version>4.0.0</version>
+            <version>4.0.1</version>
+        </dependency>
+        <!-- The latest Zookeeper version fixes the vulnerabilities -->
+        <dependency>
+            <groupId>org.apache.zookeeper</groupId>
+            <artifactId>zookeeper</artifactId>
+            <version>3.5.4-beta</version>
+             <exclusions>
+            <!-- Zookeeper uses an ancient version of log4j -->
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.curator</groupId>
+            <artifactId>curator-recipes</artifactId>
+            <version>4.0.1</version>
         </dependency>
     </dependencies>
-</project>
\ No newline at end of file
+</project>
This repo will hold the next generation Apex PDP engine (Casablanca)