Skip to content

Commit

Permalink
[Dependency upgrade] Fix jdom2 CVE violation (opensearch-project#3509)
Browse files Browse the repository at this point in the history
Signed-off-by: Suraj Singh <[email protected]>
  • Loading branch information
dreamer-89 authored Jun 7, 2022
1 parent 083d717 commit faba9f5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
3 changes: 3 additions & 0 deletions buildSrc/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ dependencies {
runtimeOnly("org.apache.logging.log4j:log4j-core:${props.getProperty('log4j')}") {
because 'log4j CVE'
}
runtimeOnly("org.jdom:jdom2:${props.getProperty('jdom2')}") {
because 'CVE-2021-33813 violation'
}
}
}

Expand Down
1 change: 1 addition & 0 deletions buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ icu4j = 62.1
supercsv = 2.4.0
log4j = 2.17.1
slf4j = 1.6.2
jdom2 = 2.0.6.1

# when updating the JNA version, also update the version in buildSrc/build.gradle
jna = 5.5.0
Expand Down

0 comments on commit faba9f5

Please sign in to comment.