nicoloboschi commented on pull request #14871: URL: https://github.com/apache/pulsar/pull/14871#issuecomment-1079034179
the owasp check fails due to: ``` athenz-zts-java-client-1.10.9.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: CVE-2020-36518 ``` athenz-zts-java-client-1.10.9.jar is a uber-jar containing a shaded version of jackson-databind. I opened this issue https://github.com/AthenZ/athenz/issues/1824 it would be a good idea to not use the uber jar but it has to be handled in another pull and with more caution and testing. for the moment the owasp check will fail; we could suppress it but that jar will be used in production so it's better to not "forget" about it -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
