[ https://issues.apache.org/jira/browse/CURATOR-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683820#comment-16683820 ]
Mujassim Sheikh commented on CURATOR-484: ----------------------------------------- Hi Jordan, Thanks for your reply. As per the dependency tree below +- org.apache.curator:curator-x-discovery:jar:4.0.1:compile | +- org.apache.curator:curator-recipes:jar:4.0.1:compile | | \- org.apache.curator:curator-framework:jar:4.0.1:compile | | \- org.apache.curator:curator-client:jar:4.0.1:compile | | \- org.apache.zookeeper:zookeeper:jar:3.5.3-beta:compile curator has dependency on zookeeper:jar:3.5.3-beta that is vulnerable to CVE-2018-8012, this should be updated to the more stable version. > CVE-2014-0085, CVE-2018-8012 known security vulnerabilities > ----------------------------------------------------------- > > Key: CURATOR-484 > URL: https://issues.apache.org/jira/browse/CURATOR-484 > Project: Apache Curator > Issue Type: Improvement > Reporter: Mujassim Sheikh > Assignee: Jordan Zimmerman > Priority: Major > > 1. Due to the dependency on apache zookeeper 3.5.3-beta, curator is > vulnerable to CVE-2018-8012 > We should change it to use 3.5.4-beta as soon as possible. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)