diff options
| author | Enrico Olivelli <eolivelli@apache.org> | 2019-02-08 06:06:39 +0100 |
|---|---|---|
| committer | Andor Molnar <andor@apache.org> | 2019-02-08 11:27:41 +0100 |
| commit | 927d0e4e7f8001d01767c458b3ddbe61c55b4e02 (patch) | |
| tree | 307b2d5e4ff28de1c7686a48d8c70b38a5f451dc | |
| parent | 3788d763da42e02b38eec540ad40bb07d0b414bb (diff) | |
| download | zookeeper-927d0e4e7f8001d01767c458b3ddbe61c55b4e02.tar.gz | |
ZOOKEEPER-3262: Update dependencies flagged by OWASP report
- Dropped unused dependencies BounceCastle, Jackson and Jetty
- Suppress false positives against ZooKeeper itself: CVE-2018-8012
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: andor@apache.org
Closes #806 from eolivelli/fix/owasp-34
| -rw-r--r-- | owaspSuppressions.xml | 4 | ||||
| -rwxr-xr-x | pom.xml | 18 | ||||
| -rwxr-xr-x | zookeeper-server/pom.xml | 22 |
3 files changed, 5 insertions, 39 deletions
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml index 0165b9ada..3dd0f3818 100644 --- a/owaspSuppressions.xml +++ b/owaspSuppressions.xml @@ -22,4 +22,8 @@ <!-- ZOOKEEPER-3217 --> <cve>CVE-2018-8088</cve> </suppress> + <suppress> + <!-- ZOOKEEPER-3262 --> + <cve>CVE-2018-8012</cve> + </suppress> </suppressions> @@ -271,12 +271,9 @@ <hamcrest.version>1.3</hamcrest.version> <commons-cli.version>1.2</commons-cli.version> <netty.version>3.10.6.Final</netty.version> - <jetty.version>9.4.10.v20180503</jetty.version> - <jackson.version>2.9.5</jackson.version> <json.version>1.1.1</json.version> <jline.version>0.9.94</jline.version> <kerby.version>1.1.0</kerby.version> - <bouncycastle.version>1.56</bouncycastle.version> <commons-collections.version>3.2.2</commons-collections.version> <commons-lang.version>2.4</commons-lang.version> <apache-directory-server.version>2.0.0-M15</apache-directory-server.version> @@ -344,16 +341,6 @@ </exclusions> </dependency> <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - <version>${bouncycastle.version}</version> - </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcpkix-jdk15on</artifactId> - <version>${bouncycastle.version}</version> - </dependency> - <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>${slf4j.version}</version> @@ -400,11 +387,6 @@ <version>${jetty.version}</version> </dependency> <dependency> - <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> - </dependency> - <dependency> <groupId>com.googlecode.json-simple</groupId> <artifactId>json-simple</artifactId> <version>${json.version}</version> diff --git a/zookeeper-server/pom.xml b/zookeeper-server/pom.xml index 44a58b5df..fee486357 100755 --- a/zookeeper-server/pom.xml +++ b/zookeeper-server/pom.xml @@ -76,30 +76,10 @@ <artifactId>slf4j-log4j12</artifactId> </dependency> <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-server</artifactId> - </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-servlet</artifactId> - </dependency> - <dependency> - <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-databind</artifactId> - </dependency> - <dependency> <groupId>com.googlecode.json-simple</groupId> <artifactId>json-simple</artifactId> </dependency> <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcpkix-jdk15on</artifactId> - </dependency> - <dependency> <groupId>jline</groupId> <artifactId>jline</artifactId> </dependency> @@ -307,4 +287,4 @@ </plugins> </build> -</project>
\ No newline at end of file +</project> |