This is an automated email from the ASF dual-hosted git repository.
ddiederen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 35a9441f3 ZOOKEEPER-4751: Update snappy-java to 1.1.10.5 to address
CVE-2023-43642
35a9441f3 is described below
commit 35a9441f31ba533c6de97f8b12fbe7a1c0c7481b
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Oct 3 13:57:46 2023 +0000
ZOOKEEPER-4751: Update snappy-java to 1.1.10.5 to address CVE-2023-43642
snappy-java 1.1.10.1 contains CVE-2023-43642 . Upgrade the dependency to
1.1.10.5 to get rid of the CVE.
see https://issues.apache.org/jira/browse/ZOOKEEPER-4751
Author: Lari Hotari <[email protected]>
Reviewers: Andor Molnar <[email protected]>, Damien Diederen
<[email protected]>
Closes #2072 from lhotari/ZOOKEEPER-4751
---
pom.xml | 2 +-
...va-1.1.10.1.jar_LICENSE.txt => snappy-java-1.1.10.5.jar_LICENSE.txt} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 68717b1a9..da7fbe57a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -563,7 +563,7 @@
<jetty.version>9.4.51.v20230217</jetty.version>
<jackson.version>2.15.2</jackson.version>
<jline.version>2.14.6</jline.version>
- <snappy.version>1.1.10.1</snappy.version>
+ <snappy.version>1.1.10.5</snappy.version>
<kerby.version>2.0.0</kerby.version>
<bouncycastle.version>1.75</bouncycastle.version>
<commons-collections.version>4.4</commons-collections.version>
diff --git
a/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
b/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.5.jar_LICENSE.txt
similarity index 100%
rename from
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
rename to
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.5.jar_LICENSE.txt
