[jira] [Commented] (ZOOKEEPER-2952) Upgrade third party libraries to address vulnerabilities

Hadoop QA (JIRA) Wed, 13 Dec 2017 07:55:13 -0800

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289423#comment-16289423
 ]


Hadoop QA commented on ZOOKEEPER-2952:
--------------------------------------

+1 overall.  GitHub Pull Request  Build
      

    +1 @author.  The patch does not contain any @author tags.

    +0 tests included.  The patch appears to be a documentation patch that 
doesn't require tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac 
compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs (version 3.0.1) 
warnings.

    +1 release audit.  The applied patch does not increase the total number of 
release audit warnings.

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1364//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1364//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: 
https://builds.apache.org/job/PreCommit-ZOOKEEPER-github-pr-build/1364//console

This message is automatically generated.

> Upgrade third party libraries to address vulnerabilities
> --------------------------------------------------------
>
>                 Key: ZOOKEEPER-2952
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2952
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.5.3, 3.4.11, 3.6.0
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Critical
>              Labels: dependencies, upgrade, vulnerabilities
>             Fix For: 3.5.4, 3.6.0, 3.4.12
>
>
> Hi,
> I'm going to upgrade the following third party libraries in order to address 
> vulnerabilities found in them:
> - io.netty:netty 3.10.5.Final -> 3.10.6.Final (CVE-2015-2156 (H), 
> CVE-2014-3488 (H), protobuf: CVE-2015-5237 (H), npn-api: CVE-2017-9735 (H), 
> CVE-1999-1198 (H), CVE-1999-1193 (H))
> - org.slf4j:slf4j-api 1.7.5 -> 1.7.25
> - log4j:log4j 1.2.16 -> 1.2.17
> Please review the list and let me know if you have any concerns or would like 
> to add more deps to upgrade.
> Thanks,
> Andor



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (ZOOKEEPER-2952) Upgrade third party libraries to address vulnerabilities

Reply via email to