[Security] Upgrade vertx to 3.9.8 to address CVE-2019-17640 (apache#1…

…0889)
cckellogg · Jun 21, 2021 · bce9144 · bce9144
1 parent 9ada9ef
commit bce9144
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 10 deletions.
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -503,10 +503,11 @@ The Apache Software License, Version 2.0
   * JCTools - Java Concurrency Tools for the JVM
     - org.jctools-jctools-core-2.1.2.jar
   * Vertx
-    - io.vertx-vertx-auth-common-3.5.4.jar
-    - io.vertx-vertx-bridge-common-3.5.4.jar
-    - io.vertx-vertx-core-3.5.4.jar
-    - io.vertx-vertx-web-3.5.4.jar
+    - io.vertx-vertx-auth-common-3.9.8.jar
+    - io.vertx-vertx-bridge-common-3.9.8.jar
+    - io.vertx-vertx-core-3.9.8.jar
+    - io.vertx-vertx-web-3.9.8.jar
+    - io.vertx-vertx-web-common-3.9.8.jar
   * Apache ZooKeeper
     - org.apache.zookeeper-zookeeper-3.6.3.jar
     - org.apache.zookeeper-zookeeper-jute-3.6.3.jar

diff --git a/pom.xml b/pom.xml
@@ -115,7 +115,7 @@ flexible messaging model and an intuitive client API.</description>
     <jersey.version>2.34</jersey.version>
     <athenz.version>1.10.9</athenz.version>
     <prometheus.version>0.5.0</prometheus.version>
-    <vertx.version>3.5.4</vertx.version>
+    <vertx.version>3.9.8</vertx.version>
     <rocksdb.version>6.10.2</rocksdb.version>
     <slf4j.version>1.7.25</slf4j.version>
     <commons.collections.version>3.2.2</commons.collections.version>

diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
@@ -36,11 +36,6 @@
     <gav>org.apache.thrift:libthrift:0.12.0</gav>
     <vulnerabilityName regex="true">.*</vulnerabilityName>
   </suppress>
-  <suppress>
-    <notes>Suppress vert.x 3.5.4 vulnerabilities</notes>
-    <gav regex="true">io\.vertx:.*:3\.5\.4</gav>
-    <vulnerabilityName regex="true">.*</vulnerabilityName>
-  </suppress>
   <suppress>
     <notes>Suppress Zookeeper 3.6.2 vulnerabilities</notes>
     <gav regex="true">org\.apache\.zookeeper:.*:3\.6\.2</gav>