From faba9f5b5348b410fc3e95b6628e63b0b47e9ba2 Mon Sep 17 00:00:00 2001 From: Suraj Singh Date: Tue, 7 Jun 2022 13:20:55 -0700 Subject: [PATCH] [Dependency upgrade] Fix jdom2 CVE violation (#3509) Signed-off-by: Suraj Singh --- buildSrc/build.gradle | 3 +++ buildSrc/version.properties | 1 + 2 files changed, 4 insertions(+) diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index ac447141c7078..2f14dd29f81ef 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -131,6 +131,9 @@ dependencies { runtimeOnly("org.apache.logging.log4j:log4j-core:${props.getProperty('log4j')}") { because 'log4j CVE' } + runtimeOnly("org.jdom:jdom2:${props.getProperty('jdom2')}") { + because 'CVE-2021-33813 violation' + } } } diff --git a/buildSrc/version.properties b/buildSrc/version.properties index 4ef46ac94a110..fab29f1edc88e 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -16,6 +16,7 @@ icu4j = 62.1 supercsv = 2.4.0 log4j = 2.17.1 slf4j = 1.6.2 +jdom2 = 2.0.6.1 # when updating the JNA version, also update the version in buildSrc/build.gradle jna = 5.5.0