This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new f6b54a6 ZOOKEEPER-3817: suppress log4j SmtpAppender related
CVE-2020-9488
f6b54a6 is described below
commit f6b54a6cd227ac37f28803f45d7287c7fd3a8142
Author: Mate Szalay-Beko <[email protected]>
AuthorDate: Mon May 4 14:13:41 2020 +0200
ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Author: Mate Szalay-Beko <[email protected]>
Reviewers: Enrico Olivelli <[email protected]>
Closes #1346 from symat/ZOOKEEPER-3817
---
owaspSuppressions.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index ae94db4..2565f0d 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -46,4 +46,9 @@
ZOOKEEPER-3677 -->
<cve>CVE-2019-17571</cve>
</suppress>
+ <suppress>
+ <!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL
now, we can't fix this unless we
+ upgrade to log4j 2. See ZOOKEEPER-3817 -->
+ <cve>CVE-2020-9488</cve>
+ </suppress>
</suppressions>
