[ https://issues.apache.org/jira/browse/ZOOKEEPER-4543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mate Szalay-Beko resolved ZOOKEEPER-4543. ----------------------------------------- Resolution: Fixed Issue resolved by pull request 1878 [https://github.com/apache/zookeeper/pull/1878] > upgrade dependencies on branch-3.5 to avoid CVEs > ------------------------------------------------ > > Key: ZOOKEEPER-4543 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4543 > Project: ZooKeeper > Issue Type: Bug > Affects Versions: 3.5.9 > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > Labels: pull-request-available > Fix For: 3.5.10 > > Time Spent: 40m > Remaining Estimate: 0h > > The aim of this ticket to fix all CVEs on branch-3.5 before the last 3.5.10 > release. > branch-3.5 is quite outdated when it comes to CVE fixes. I already backported > ZOOKEEPER-4455 (remove log4j and add reload4j) but other dependencies are > also outdated. Most probably the dependency plugin also needs to be updated > to avoid the netty-transport related false-positive CVEs. > > -- This message was sent by Atlassian Jira (v8.20.7#820007)