Wow those urls make that email really difficult to understand. I believe what it says is that the nokogiri version we're setting in the Gemlock file should be updated to 1.8.1 to fix a known vulnerability? If so it need's to be addressed in many Apache incubator websites since that Gemlock was imported from the website repo which was forked from the apache website template repo. I can patch it in the morning (unless you'd like to do it) and we can push it to 0.4.1, 0.5.0 and master. I'll have to cut an rc2 tomorrow also in that case.
Alex Bozarth Software Engineer Spark Technology Center E-mail: ajboz...@us.ibm.com GitHub: github.com/ajbozarth 505 Howard Street San Francisco, CA 94105 United States From: Saisai Shao <sai.sai.s...@gmail.com> To: dev@livy.incubator.apache.org Date: 01/23/2018 06:16 PM Subject: Fwd: [apache/incubator-livy] One of your dependencies may have a security vulnerability Hi Alex, Is it due to your recent changes to add ruby file? Thanks Jerry ---------- Forwarded message ---------- From: Greg Stein <gst...@gmail.com> Date: 2018-01-24 6:14 GMT+08:00 Subject: Fwd: [apache/incubator-livy] One of your dependencies may have a security vulnerability To: priv...@livy.incubator.apache.org Cc: priv...@incubator.apache.org, priv...@infra.apache.org, secur...@apache.org Livy PPMC: FYI ---------- Forwarded message ---------- From: GitHub <notificati...@github.com> Date: Tue, Jan 23, 2018 at 2:22 PM Subject: [apache/incubator-livy] One of your dependencies may have a security vulnerability To: apache/incubator-livy <incubator-l...@noreply.github.com> Cc: Security alert <security_al...@noreply.github.com> We found a potential security vulnerabilty in one of your dependencies [image: GitHub] < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2D2BRPoWgKQ-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ8ttXgzgS3BVWKu3VBqXOMpSzW2VEkJKKe2e9uTex9Q7Z9UijIWv0RRYA-2D2Fdc2r546s6eSy8HZocDFla36b4iDH-2D2B3aDT4HLjIh-2D2Fo9vK3qWDuW00SPllrHUyE-2D2F7oUepVlho6xRLLFnygiZnALZqGXTakYwTsw7U1i0kOz8YTJZN0atv-2D2B6Wb8Vsz97NI2noXzGt&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=jYMgIvM9_yt_Km6BPb_6bGayAwBnNfdQfyEIUl0nh-c&e= > Sign in < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sJEB6DZ3WcL-2D2F4II6g4nOXtSt18YBqIm8t9ln67kM2qPU7-2D2BwIp1OhBha1A2HxxgKMyX40eU0B-2D2BxCoEbAUvsw0AB0X9T5UGmnA4C-2D2BYrM2D-2D2B3MDuTZhqAqaXY6Ippc5CRnN3usIzrFwtPWH1tKIk-2D2FIapGBC7Y2Lsyw7S4QWTtwqE8U67-2D2FuDGyxs1Fd0tvqdx9gIQ&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=K2tkQ2Tb9oa3Sjqjz5vsiIS-P2Hy6DqVhKB9spHTchQ&e= > *gstein,* We found a potential security vulnerability in a repository for which you have been granted security alert access. [image: @apache] apache/incubator-livy < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp23Ag8-2D2FxhdvxK9GAMrvp8gUC-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sqJPyhuVFWI7a-2D2BCvW4tyXVGKVBZY13BEvr-2D2Bq0IaZU-2D2BUr9JXtZ-2D2FwPj4cV2z3v3QVEOiwfg1cPLVN93lsgJ8m5RMCdkFQBaHX-2D2Bxc-2D2B-2D2BIRsFowmpW0QyMBlxuDLaxDM4JwxNhXI3BIM7nyaHpSS-2D2FYq6xcOzCY2u-2D2B-2D2B2GH1SAI3PmsjyEjQqdMIARNgBMpvoIRbrRgp&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=TIOzm9vKkovR4wJNqRAwHMl94HpjJEbjDHlA11VNiY0&e= > Known * critical severity* security vulnerability detected in nokogiri < 1.8.1 defined in Gemfile.lock < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sKmS-2D2B4Jr20quYqSULJfJpwhzNFCYuG-2D2Fcp-2D2BZ53NXhvxtDb6uQlhPVD-2D2BWhPS-2D2F8KvYfjoJvoxxa-2D2B8fGggIKzvNEAZq3ghOpKRdYfXiWO7PMcJMkpxyPF1lBYdww4rR2mqKtRCh8hbW8Pikyiij0abzMoZOe5IhuZhuCtVolZWuydD9MOHFlbZZ085iiui59TrE6Z&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=P_7aEqGphQZvRAj4fzeQ9xzAn56srya2eH76eDMcqkM&e= >. Gemfile.lock < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ5YHwUqPmspFEs5FGzvBtkT-2D2BGxTgoMX32p1A30L7XZl9ba1BQ6kIc1Ju5KJnc9UFc9YhoObi9S7D6j4K4Kd-2D2BPNMLSjQYMDdw1Ok22ar0ELvfe0GIC8Kr6L3-2D2BcuFd4h134bTAF-2D2BE4BkAZkEJ09z-2D2FBOw8UEmNbvbW47WusN6PUaa-2D2BpC4X2-2D2BAl0DkEaPeDdIX4p&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=4nB55rsmf5lsCkLyAePSjrN-9XeSUAb33uG4uIuqygI&e= > update suggested: nokogiri ~> 1.8.1. Always verify the validity and compatibility of suggestions with your codebase. Review vulnerable dependency < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1BsSEpl7-2D2BodLzkPnCI16io1EUX0KWzbnTNsYMVTWx5FkY-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s63BiTzDYzOMuznnWGknprX5nV5qI3p7E5MNq-2D2F-2D2BCeSmff9oAuadWJgaOfvHZLByYIV0zHOOFGuioyaQ9TO1oI3FSGN2IbGYrbjGG7grFgEIaMQdmRl29mN63jqTTvjlIdbxDAHXaDzyseL6To8UVFPOihmHtsBfJ2hvjelwhG2S4n7rmgqoKidrE81f196nYg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=rOjG4cVYadjBS_NYOrnI6yI0vJDCbX4yy9EZISn_bdU&e= > ------------------------------ Only users who have been assigned access to security alerts will receive these notifications. Unsubscribe < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBh4tM-2D2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QERwAm0kRs-2D2BRbdRN9p4cNyTeWPYkfrS1ODEOx0oDnLbM2kp4eFoUgxpyR3UaHs1zobd4govawYg7uAIW5v89Mheg-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sCQBUqbu4yKe40h5oO9JBbZ-2D2F1zvvJCfLchhz3sY23EBCpkI-2D2F5s-2D2BjExUKpmsuicwGyhELdxNuSrd6Q1L3Qb5Vey4NwRdJhiBIaRylHLpQE4Oa05ohrf5fQOPD09AZOpnbJDyiZ-2D2B7C2oktRtytgoDhPHKnOwQwTNnWSUnrnHLW8g0rW9zfxefyuWf5C8L5g5iho&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=PivY1pqnuKvv9L2G7rdFs22-xQd3t3wo5EoQvMtbfIU&e= > · Email preferences < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlttXBNYv-2D2BeGM-2D2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spWA8FXrQ1ep3Y4MqmtLqy0g82Io9WrJdQ7JAJ4ieKHX-2D2FrjvOLsmCuN6OYy-2D2Bj-2D2BuQlwwX27bdOnDTIXfGtB-2D2FmfknuFuijXP1Dykj1crN0oVJNqqZ6nalIMcTzEoXJta2RWzBpA89JPppMP-2D2Fi3gxtaRgOBGg50FqfS6Ha9kBxOoBQYqS2hc8ex3BJjegfu5wVDE&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=wkhToTUjuWCKDO3xh93WKH_SxMfVFw-NDBdFmNFDi18&e= > · Terms < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s6sNTjkBCA2xCr4x1F71-2D2BZ14misEugYy0l8X-2D2FzMgtwWsHoYwdGEizaBRfnQ2iRPvKdHS-2D2FCQ081unwMr-2D2BL5fv8UG8vJikLrGWZ48puRQrcusIf9mbVzyIHZnMyHmdgYb2x-2D2Bz8GVa28DwCXzy2oRybx5HrxuiWisqVhsdtUOcXiWVTG7r5hN2oqiyglVPvldKHh&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=GM3alu-l56pknOnQNXDm-IbEtgWP2Un_agSkr_kAqWM&e= > · Privacy < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2D2Fw-2D2BqmMjx3QOoJQotJaBhy-2D2FxQ-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s3h6dQ0QKxN85hwWNE-2D2BqWIl-2D2Bx7lg9gGiAlF0U-2D2Bo1Sl-2D2FFa2SwurJ0v6lr315R9V7G4fhhTQdRgotvoAFvh6qZ3KH8Fw8cRtCnnzvX-2D2Fg-2D2BnBYRi414TuS5GbSAICj8Gtks0F16xrQnOR98zpO3NDH5u5GrJ7sjwzyQWL6cllaGDb7G9NImh7p84Iayt6WXWCQMQx&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=mc6ZkmBiq1XEjg-RqOU7JJWjXsB0AMnCrq5dSqQa8r4&e= > · Sign into GitHub < https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spQrXV-2D2FD70Om0kvkcSUtEX5q3hBMuhzysFierzh9ycD6OINvRkjw0H2rT0qYgQI-2D2FouRhKejIMp9YeHiVmqZH2qt6Gudf161-2D2FePYOd0zXNUYfYDFFzIJdH2zYOCNh8LuyGIpd5QlBiWjdQsdO-2D2FCBxFOdI-2D2FrKiYJI9-2D2FoDyCJ4QBpyTXHiNGVpRmSpAxfsf2lf-2D2Bw&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=-8-hshFkABFmcbChi9IdYV1IA0GpJsPcG5ACKIQ6CwE&e= > GitHub, Inc. 88 Colin P Kelly Jr St. San Francisco, CA 94107 < https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D88-2BColin-2BP-2BKelly-2BJr-2BSt.-250D-2BSan-2BFrancisco-2C-2BCA-2B94107-26entry-3Dgmail-26source-3Dg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=dq8oCkweIPd0tMVoruUT5ci6K_Zm0FHYaVD0Owxun0Q&e= >