Git Repo Viewer
git.user254.kr/gitiles/2e24348e25679963158f1ac41d50a172bab7cef4^!/.
commit
2e24348e25679963158f1ac41d50a172bab7cef4
[log] [tgz]
author
Matthias Sohn <[email protected]>
Tue Dec 11 15:53:48 2018 -0800
committer
David Pursehouse <[email protected]>
Thu Jun 06 09:32:44 2019 +0900
tree
b1fd97b74f854897e5aa9d9eaa7e8edc7bfcea81
parent
d30ae4c6c0d5ac074ec9693730fe36ac7c019306 [diff]
Update Apache commons compress to 1.18.0 [reland]

This version fixes CVE-2018-1324 [1] and CVE-2018-11771 [2]
Also update org.tukaani to 1.8 which is the version commons
compress 1.18.0 is using.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-1324
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11771

Change-Id: I4f991bffd0df909e77cd941994cdfae0615dd4f2

diff --git a/WORKSPACE b/WORKSPACE
index 1d6e531..cd62856 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -194,17 +194,17 @@
 # corresponding version
 maven_jar(
     name = "commons-compress",
-    artifact = "org.apache.commons:commons-compress:1.15",
-    sha1 = "b686cd04abaef1ea7bc5e143c080563668eec17e",
+    artifact = "org.apache.commons:commons-compress:1.18",
+    sha1 = "1191f9f2bc0c47a8cce69193feb1ff0a8bcb37d5",
 )
 
 # Transitive dependency of commons_compress. Should only be
 # upgraded at the same time as commons_compress.
 maven_jar(
     name = "tukaani-xz",
-    artifact = "org.tukaani:xz:1.6",
+    artifact = "org.tukaani:xz:1.8",
     attach_source = False,
-    sha1 = "05b6f921f1810bdf90e25471968f741f87168b64",
+    sha1 = "c4f7d054303948eb6a4066194253886c8af07128",
 )
 
 maven_jar(