[GitHub] [pulsar] tisonkun commented on a diff in pull request #16520: [fix][security] Upgrade to Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

GitBox Mon, 11 Jul 2022 21:00:18 -0700


tisonkun commented on code in PR #16520:
URL: https://github.com/apache/pulsar/pull/16520#discussion_r918525908



##########
src/owasp-dependency-check-false-positives.xml:
##########
@@ -158,4 +158,13 @@
     <sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
     <cve>CVE-2022-25647</cve>
   </suppress>
+
+  <!-- 9.4.x is not affected 
https://github.com/eclipse/jetty.project/issues/8161#issuecomment-1178728623-->
+  <suppress>

Review Comment:
   My latest OWASP check gave green here: 
https://github.com/apache/pulsar/runs/7294406368?check_suite_focus=true
   
   So I wonder even whether we should bump jetty version, while bump to new 
version is always a valid improvement from my side.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [pulsar] tisonkun commented on a diff in pull request #16520: [fix][security] Upgrade to Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

Reply via email to