[zookeeper] branch master updated: ZOOKEEPER-3262: Update dependencies flagged by OWASP report

Sat, 02 Feb 2019 11:02:05 -0800 

This is an automated email from the ASF dual-hosted git repository.

phunt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 97e51a4  ZOOKEEPER-3262: Update dependencies flagged by OWASP report
97e51a4 is described below

commit 97e51a41ae7b9e30d76d33b6d2d91c5ab15167f2
Author: Enrico Olivelli <[email protected]>
AuthorDate: Sat Feb 2 10:59:45 2019 -0800

    ZOOKEEPER-3262: Update dependencies flagged by OWASP report
    
    - Upgrade Jetty to 9.4.14.v20181114
    - Upgrade Jackson to 2.9.8
    - Suppress a false positive about Netty  
(https://github.com/jeremylong/DependencyCheck/issues/1653)
    - Suppress false positives against ZooKeeper itself: CVE-2018-8012 and  
CVE-2016-5017
    
    Author: Enrico Olivelli <[email protected]>
    
    Reviewers: [email protected]
    
    Closes #792 from eolivelli/fix/ZOOKEEPER-3262
    
    Change-Id: I6152ee061765a6eb7e4b9ac19db79d11bee4f4c5
---
 build.xml             |  4 ++--
 owaspSuppressions.xml | 13 +++++++++++++
 pom.xml               |  4 ++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/build.xml b/build.xml
index c4e718a..26810ca 100644
--- a/build.xml
+++ b/build.xml
@@ -54,8 +54,8 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
 
     <property name="javacc.version" value="5.0"/>
 
-    <property name="jetty.version" value="9.4.10.v20180503"/>
-    <property name="jackson.version" value="2.9.5"/>
+    <property name="jetty.version" value="9.4.14.v20181114"/>
+    <property name="jackson.version" value="2.9.8"/>
     <property name="dependency-check-ant.version" value="4.0.2"/>
 
     <property name="commons-io.version" value="2.6"/>
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 0165b9a..93f0250 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -22,4 +22,17 @@
       <!-- ZOOKEEPER-3217 -->
       <cve>CVE-2018-8088</cve>
    </suppress>
+   <suppress>
+      <!-- ZOOKEEPER-3262 -->
+      <cve>CVE-2018-8012</cve>
+   </suppress>
+   <suppress>
+      <!-- ZOOKEEPER-3262 -->
+      <cve>CVE-2016-5017</cve>
+   </suppress>
+   <suppress>
+      <!-- https://github.com/jeremylong/DependencyCheck/issues/1653
+           False positive on Netty 4.x-->
+      <cve>CVE-2018-12056</cve>
+   </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index b649ce1..e6b0424 100755
--- a/pom.xml
+++ b/pom.xml
@@ -271,8 +271,8 @@
     <hamcrest.version>1.3</hamcrest.version>
     <commons-cli.version>1.2</commons-cli.version>
     <netty.version>4.1.29.Final</netty.version>
-    <jetty.version>9.4.10.v20180503</jetty.version>
-    <jackson.version>2.9.5</jackson.version>
+    <jetty.version>9.4.14.v20181114</jetty.version>
+    <jackson.version>2.9.8</jackson.version>
     <json.version>1.1.1</json.version>
     <jline.version>2.11</jline.version>
     <kerby.version>1.1.0</kerby.version>

Reply via email to