[
https://issues.apache.org/jira/browse/CURATOR-484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683820#comment-16683820
]
Mujassim Sheikh commented on CURATOR-484:
-----------------------------------------
Hi Jordan,
Thanks for your reply. As per the dependency tree below
+- org.apache.curator:curator-x-discovery:jar:4.0.1:compile
| +- org.apache.curator:curator-recipes:jar:4.0.1:compile
| | \- org.apache.curator:curator-framework:jar:4.0.1:compile
| | \- org.apache.curator:curator-client:jar:4.0.1:compile
| | \- org.apache.zookeeper:zookeeper:jar:3.5.3-beta:compile
curator has dependency on zookeeper:jar:3.5.3-beta that is vulnerable to
CVE-2018-8012, this should be updated to the more stable version.
> CVE-2014-0085, CVE-2018-8012 known security vulnerabilities
> -----------------------------------------------------------
>
> Key: CURATOR-484
> URL: https://issues.apache.org/jira/browse/CURATOR-484
> Project: Apache Curator
> Issue Type: Improvement
> Reporter: Mujassim Sheikh
> Assignee: Jordan Zimmerman
> Priority: Major
>
> 1. Due to the dependency on apache zookeeper 3.5.3-beta, curator is
> vulnerable to CVE-2018-8012
> We should change it to use 3.5.4-beta as soon as possible.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
