[ https://issues.apache.org/jira/browse/ZOOKEEPER-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16290459#comment-16290459 ]
ASF GitHub Bot commented on ZOOKEEPER-2952: ------------------------------------------- Github user anmolnar closed the pull request at: https://github.com/apache/zookeeper/pull/435 > Upgrade third party libraries to address vulnerabilities > -------------------------------------------------------- > > Key: ZOOKEEPER-2952 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2952 > Project: ZooKeeper > Issue Type: Improvement > Components: server > Affects Versions: 3.5.3, 3.4.11, 3.6.0 > Reporter: Andor Molnar > Assignee: Andor Molnar > Priority: Critical > Labels: dependencies, upgrade, vulnerabilities > Fix For: 3.5.4, 3.6.0, 3.4.12 > > > Hi, > I'm going to upgrade the following third party libraries in order to address > vulnerabilities found in them: > - io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), > CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), > CVE-1999-1198 (H), CVE-1999-1193 (H)) > - org.slf4j:slf4j-api 1.7.5 -> 1.7.25 > - log4j:log4j 1.2.16 -> 1.2.17 > Please review the list and let me know if you have any concerns or would like > to add more deps to upgrade. > Thanks, > Andor -- This message was sent by Atlassian JIRA (v6.4.14#64029)