This is an automated email from the ASF dual-hosted git repository.
ddiederen pushed a commit to branch branch-3.7
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.7 by this push:
new e3a50a589 ZOOKEEPER-4751: Update snappy-java to 1.1.10.5 to address
CVE-2023-43642
e3a50a589 is described below
commit e3a50a589c55cc318cd09b45912776f0334f4a3f
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Oct 3 13:57:46 2023 +0000
ZOOKEEPER-4751: Update snappy-java to 1.1.10.5 to address CVE-2023-43642
snappy-java 1.1.10.1 contains CVE-2023-43642 . Upgrade the dependency to
1.1.10.5 to get rid of the CVE.
see https://issues.apache.org/jira/browse/ZOOKEEPER-4751
Author: Lari Hotari <[email protected]>
Reviewers: Andor Molnar <[email protected]>, Damien Diederen
<[email protected]>
Closes #2072 from lhotari/ZOOKEEPER-4751
---
pom.xml | 2 +-
...va-1.1.10.1.jar_LICENSE.txt => snappy-java-1.1.10.5.jar_LICENSE.txt} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 16c67dd30..d91982267 100644
--- a/pom.xml
+++ b/pom.xml
@@ -441,7 +441,7 @@
<jetty.version>9.4.49.v20220914</jetty.version>
<jackson.version>2.15.2</jackson.version>
<jline.version>2.14.6</jline.version>
- <snappy.version>1.1.10.1</snappy.version>
+ <snappy.version>1.1.10.5</snappy.version>
<kerby.version>2.0.0</kerby.version>
<bouncycastle.version>1.60</bouncycastle.version>
<commons-collections.version>4.4</commons-collections.version>
diff --git
a/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
b/zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.5.jar_LICENSE.txt
similarity index 100%
rename from
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.1.jar_LICENSE.txt
rename to
zookeeper-server/src/main/resources/lib/snappy-java-1.1.10.5.jar_LICENSE.txt
