Wow those urls make that email really difficult to understand. I believe
what it says is that the nokogiri version we're setting in the Gemlock file
should be updated to 1.8.1 to fix a known vulnerability? If so it need's to
be addressed in many Apache incubator websites since that Gemlock was
imported from the website repo which was forked from the apache website
template repo. I can patch it in the morning (unless you'd like to do it)
and we can push it to 0.4.1, 0.5.0 and master. I'll have to cut an rc2
tomorrow also in that case.
Alex Bozarth
Software Engineer
Spark Technology Center
E-mail: [email protected]
GitHub: github.com/ajbozarth
505 Howard
Street
San Francisco, CA
94105
United
States
From: Saisai Shao <[email protected]>
To: [email protected]
Date: 01/23/2018 06:16 PM
Subject: Fwd: [apache/incubator-livy] One of your dependencies may have
a security vulnerability
Hi Alex,
Is it due to your recent changes to add ruby file?
Thanks
Jerry
---------- Forwarded message ----------
From: Greg Stein <[email protected]>
Date: 2018-01-24 6:14 GMT+08:00
Subject: Fwd: [apache/incubator-livy] One of your dependencies may have a
security vulnerability
To: [email protected]
Cc: [email protected], [email protected],
[email protected]
Livy PPMC: FYI
---------- Forwarded message ----------
From: GitHub <[email protected]>
Date: Tue, Jan 23, 2018 at 2:22 PM
Subject: [apache/incubator-livy] One of your dependencies may have a
security vulnerability
To: apache/incubator-livy <[email protected]>
Cc: Security alert <[email protected]>
We found a potential security vulnerabilty in one of your dependencies
[image: GitHub]
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2D2BRPoWgKQ-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ8ttXgzgS3BVWKu3VBqXOMpSzW2VEkJKKe2e9uTex9Q7Z9UijIWv0RRYA-2D2Fdc2r546s6eSy8HZocDFla36b4iDH-2D2B3aDT4HLjIh-2D2Fo9vK3qWDuW00SPllrHUyE-2D2F7oUepVlho6xRLLFnygiZnALZqGXTakYwTsw7U1i0kOz8YTJZN0atv-2D2B6Wb8Vsz97NI2noXzGt&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=jYMgIvM9_yt_Km6BPb_6bGayAwBnNfdQfyEIUl0nh-c&e=
>
Sign
in
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sJEB6DZ3WcL-2D2F4II6g4nOXtSt18YBqIm8t9ln67kM2qPU7-2D2BwIp1OhBha1A2HxxgKMyX40eU0B-2D2BxCoEbAUvsw0AB0X9T5UGmnA4C-2D2BYrM2D-2D2B3MDuTZhqAqaXY6Ippc5CRnN3usIzrFwtPWH1tKIk-2D2FIapGBC7Y2Lsyw7S4QWTtwqE8U67-2D2FuDGyxs1Fd0tvqdx9gIQ&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=K2tkQ2Tb9oa3Sjqjz5vsiIS-P2Hy6DqVhKB9spHTchQ&e=
>
*gstein,*
We found a potential security vulnerability in a repository for which you
have been granted security alert access.
[image: @apache] apache/incubator-livy
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp23Ag8-2D2FxhdvxK9GAMrvp8gUC-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sqJPyhuVFWI7a-2D2BCvW4tyXVGKVBZY13BEvr-2D2Bq0IaZU-2D2BUr9JXtZ-2D2FwPj4cV2z3v3QVEOiwfg1cPLVN93lsgJ8m5RMCdkFQBaHX-2D2Bxc-2D2B-2D2BIRsFowmpW0QyMBlxuDLaxDM4JwxNhXI3BIM7nyaHpSS-2D2FYq6xcOzCY2u-2D2B-2D2B2GH1SAI3PmsjyEjQqdMIARNgBMpvoIRbrRgp&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=TIOzm9vKkovR4wJNqRAwHMl94HpjJEbjDHlA11VNiY0&e=
>
Known * critical severity* security vulnerability detected in nokogiri <
1.8.1 defined in Gemfile.lock
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sKmS-2D2B4Jr20quYqSULJfJpwhzNFCYuG-2D2Fcp-2D2BZ53NXhvxtDb6uQlhPVD-2D2BWhPS-2D2F8KvYfjoJvoxxa-2D2B8fGggIKzvNEAZq3ghOpKRdYfXiWO7PMcJMkpxyPF1lBYdww4rR2mqKtRCh8hbW8Pikyiij0abzMoZOe5IhuZhuCtVolZWuydD9MOHFlbZZ085iiui59TrE6Z&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=P_7aEqGphQZvRAj4fzeQ9xzAn56srya2eH76eDMcqkM&e=
>.
Gemfile.lock
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ5YHwUqPmspFEs5FGzvBtkT-2D2BGxTgoMX32p1A30L7XZl9ba1BQ6kIc1Ju5KJnc9UFc9YhoObi9S7D6j4K4Kd-2D2BPNMLSjQYMDdw1Ok22ar0ELvfe0GIC8Kr6L3-2D2BcuFd4h134bTAF-2D2BE4BkAZkEJ09z-2D2FBOw8UEmNbvbW47WusN6PUaa-2D2BpC4X2-2D2BAl0DkEaPeDdIX4p&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=4nB55rsmf5lsCkLyAePSjrN-9XeSUAb33uG4uIuqygI&e=
>
update suggested: nokogiri ~> 1.8.1.
Always verify the validity and compatibility of suggestions with your
codebase.
Review vulnerable dependency
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1BsSEpl7-2D2BodLzkPnCI16io1EUX0KWzbnTNsYMVTWx5FkY-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s63BiTzDYzOMuznnWGknprX5nV5qI3p7E5MNq-2D2F-2D2BCeSmff9oAuadWJgaOfvHZLByYIV0zHOOFGuioyaQ9TO1oI3FSGN2IbGYrbjGG7grFgEIaMQdmRl29mN63jqTTvjlIdbxDAHXaDzyseL6To8UVFPOihmHtsBfJ2hvjelwhG2S4n7rmgqoKidrE81f196nYg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=rOjG4cVYadjBS_NYOrnI6yI0vJDCbX4yy9EZISn_bdU&e=
>
------------------------------
Only users who have been assigned access to security alerts will receive
these notifications.
Unsubscribe
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBh4tM-2D2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QERwAm0kRs-2D2BRbdRN9p4cNyTeWPYkfrS1ODEOx0oDnLbM2kp4eFoUgxpyR3UaHs1zobd4govawYg7uAIW5v89Mheg-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sCQBUqbu4yKe40h5oO9JBbZ-2D2F1zvvJCfLchhz3sY23EBCpkI-2D2F5s-2D2BjExUKpmsuicwGyhELdxNuSrd6Q1L3Qb5Vey4NwRdJhiBIaRylHLpQE4Oa05ohrf5fQOPD09AZOpnbJDyiZ-2D2B7C2oktRtytgoDhPHKnOwQwTNnWSUnrnHLW8g0rW9zfxefyuWf5C8L5g5iho&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=PivY1pqnuKvv9L2G7rdFs22-xQd3t3wo5EoQvMtbfIU&e=
>
· Email preferences
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlttXBNYv-2D2BeGM-2D2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spWA8FXrQ1ep3Y4MqmtLqy0g82Io9WrJdQ7JAJ4ieKHX-2D2FrjvOLsmCuN6OYy-2D2Bj-2D2BuQlwwX27bdOnDTIXfGtB-2D2FmfknuFuijXP1Dykj1crN0oVJNqqZ6nalIMcTzEoXJta2RWzBpA89JPppMP-2D2Fi3gxtaRgOBGg50FqfS6Ha9kBxOoBQYqS2hc8ex3BJjegfu5wVDE&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=wkhToTUjuWCKDO3xh93WKH_SxMfVFw-NDBdFmNFDi18&e=
>
· Terms
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s6sNTjkBCA2xCr4x1F71-2D2BZ14misEugYy0l8X-2D2FzMgtwWsHoYwdGEizaBRfnQ2iRPvKdHS-2D2FCQ081unwMr-2D2BL5fv8UG8vJikLrGWZ48puRQrcusIf9mbVzyIHZnMyHmdgYb2x-2D2Bz8GVa28DwCXzy2oRybx5HrxuiWisqVhsdtUOcXiWVTG7r5hN2oqiyglVPvldKHh&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=GM3alu-l56pknOnQNXDm-IbEtgWP2Un_agSkr_kAqWM&e=
>
· Privacy
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2D2Fw-2D2BqmMjx3QOoJQotJaBhy-2D2FxQ-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s3h6dQ0QKxN85hwWNE-2D2BqWIl-2D2Bx7lg9gGiAlF0U-2D2Bo1Sl-2D2FFa2SwurJ0v6lr315R9V7G4fhhTQdRgotvoAFvh6qZ3KH8Fw8cRtCnnzvX-2D2Fg-2D2BnBYRi414TuS5GbSAICj8Gtks0F16xrQnOR98zpO3NDH5u5GrJ7sjwzyQWL6cllaGDb7G9NImh7p84Iayt6WXWCQMQx&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=mc6ZkmBiq1XEjg-RqOU7JJWjXsB0AMnCrq5dSqQa8r4&e=
>
· Sign into GitHub
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spQrXV-2D2FD70Om0kvkcSUtEX5q3hBMuhzysFierzh9ycD6OINvRkjw0H2rT0qYgQI-2D2FouRhKejIMp9YeHiVmqZH2qt6Gudf161-2D2FePYOd0zXNUYfYDFFzIJdH2zYOCNh8LuyGIpd5QlBiWjdQsdO-2D2FCBxFOdI-2D2FrKiYJI9-2D2FoDyCJ4QBpyTXHiNGVpRmSpAxfsf2lf-2D2Bw&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=-8-hshFkABFmcbChi9IdYV1IA0GpJsPcG5ACKIQ6CwE&e=
>
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
<
https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D88-2BColin-2BP-2BKelly-2BJr-2BSt.-250D-2BSan-2BFrancisco-2C-2BCA-2B94107-26entry-3Dgmail-26source-3Dg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=dq8oCkweIPd0tMVoruUT5ci6K_Zm0FHYaVD0Owxun0Q&e=
>
