curator icon indicating copy to clipboard operation
curator copied to clipboard
verified publisher icon apache

[CURATOR-631] Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version

Open jira-importer opened this issue 3 years ago • 2 comments

Curator is pulling in resteasy-jaxrs 2.3.5 which is affected by multiple CVEs inlcuding CVE-2016-9606 and CVE-2014-3490. 

2.3.5 is also deprecated and needs to be upgraded. 

Curator is also pulling jersey 1.19.4 which is an old version and needs to be upgraded to 2.35 or later (3.0.4).

resteasy-jaxrs dependency cannot be higher than 2.x for compatibility with Jersey 1.x, this is why they need to be upgraded together.

 

Originally reported by dora.horvath, imported from: Upgrade Jersey to 2.35 or later and upgrade resteasy-jaxrs to a newer and compatible version
  • assignee: randgalt
  • status: Open
  • priority: Major
  • resolution: Unresolved
  • imported: 2025-01-21

jira-importer avatar Feb 16 '22 14:02 jira-importer

dora.horvath:

I can work on this ticket, but cannot assign myself.

jira-importer avatar Feb 16 '22 14:02 jira-importer

dora.horvath:

Jordan Zimmerman could you please assign me?

jira-importer avatar Feb 23 '22 11:02 jira-importer