klwilson227 opened a new issue #7931: URL: https://github.com/apache/pulsar/issues/7931
**Describe the bug** CVE-2018-12540 has been raised on vertx 3.4.1 which is found in the pulsar dependencies. **To Reproduce** mvn dependency:tree|grep vertx [INFO] +- org.apache.bookkeeper.http:vertx-http-server:jar:4.10.0:compile [INFO] | +- io.vertx:vertx-core:jar:3.4.1:compile [INFO] | +- io.vertx:vertx-web:jar:3.4.1:compile [INFO] | | \- io.vertx:vertx-auth-common:jar:3.4.1:compile [INFO] | \- org.apache.bookkeeper.http:vertx-http-server:jar:4.10.0:provided [INFO] | +- io.vertx:vertx-core:jar:3.4.1:provided [INFO] | \- io.vertx:vertx-web:jar:3.4.1:provided [INFO] | \- io.vertx:vertx-auth-common:jar:3.4.1:provided **Expected behavior** Do not expect to see version of vertx less that 3.5.3 which is claimed to fix the problem. **Screenshots** N/A **Desktop (please complete the following information):** N/A **Additional context** from the mvn dependency:tree the vertx inclusion is coming from org.apache.bookkeeper.http:vertx-http-server:jar:4.10.0:compile ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
