Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade curator framework to 5.6.x #330

Open
lambliesdown opened this issue Feb 29, 2024 · 1 comment
Open

Upgrade curator framework to 5.6.x #330

lambliesdown opened this issue Feb 29, 2024 · 1 comment
Labels
dependencies Pull requests that update a dependency file
Milestone
4.2.0-M1

Comments

@lambliesdown
Copy link

Is your feature request related to a problem? Please describe.
spring-cloud-zookeeper-dependencies refers to curator.version 5.1.0 which is from 2020 and exhibits multiple vulnerabilities
(see https://mvnrepository.com/artifact/org.apache.curator/curator-framework/5.1.0).
Our security scanning constantly lists those in projects using spring-cloud-zookeeper.

Describe the solution you'd like
Any chance to update to the latest curator-framework 5.6.0 in the next major spring-cloud version?
@spencergibb spencergibb changed the title upgrade curator framework version due to multiple vulnerabilities in version 5.1.0 Upgrade curator framework to 5.6.x Feb 29, 2024
@spencergibb spencergibb added dependencies Pull requests that update a dependency file and removed waiting-for-triage labels Feb 29, 2024
@spencergibb spencergibb added this to the 4.2.0-M1 milestone Feb 29, 2024
@spencergibb
Copy link
Member

We can do it in a minor. Development on 4.2.0 will start after May 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
2024.0.0-M1
Status: Todo
Milestone
4.2.0-M1
Development

No branches or pull requests
3 participants
@spencergibb @lambliesdown @spring-cloud-issues