Wow those urls make that email really difficult to understand. I believe
what it says is that the nokogiri version we're setting in the Gemlock file
should be updated to 1.8.1 to fix a known vulnerability? If so it need's to
be addressed in many Apache incubator websites since that Gemlock was
imported from the website repo which was forked from the apache website
template repo. I can patch it in the morning (unless you'd like to do it)
and we can push it to 0.4.1, 0.5.0 and master. I'll have to cut an rc2
tomorrow also in that case.
Alex Bozarth
Software Engineer
Spark Technology Center
E-mail: ajboz...@us.ibm.com
GitHub: github.com/ajbozarth
505 Howard
Street
San Francisco, CA
94105
United
States
From: Saisai Shao <sai.sai.s...@gmail.com>
To: dev@livy.incubator.apache.org
Date: 01/23/2018 06:16 PM
Subject: Fwd: [apache/incubator-livy] One of your dependencies may have
a security vulnerability
Hi Alex,
Is it due to your recent changes to add ruby file?
Thanks
Jerry
---------- Forwarded message ----------
From: Greg Stein <gst...@gmail.com>
Date: 2018-01-24 6:14 GMT+08:00
Subject: Fwd: [apache/incubator-livy] One of your dependencies may have a
security vulnerability
To: priv...@livy.incubator.apache.org
Cc: priv...@incubator.apache.org, priv...@infra.apache.org,
secur...@apache.org
Livy PPMC: FYI
---------- Forwarded message ----------
From: GitHub <notificati...@github.com>
Date: Tue, Jan 23, 2018 at 2:22 PM
Subject: [apache/incubator-livy] One of your dependencies may have a
security vulnerability
To: apache/incubator-livy <incubator-l...@noreply.github.com>
Cc: Security alert <security_al...@noreply.github.com>
We found a potential security vulnerabilty in one of your dependencies
[image: GitHub]
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2D2BRPoWgKQ-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ8ttXgzgS3BVWKu3VBqXOMpSzW2VEkJKKe2e9uTex9Q7Z9UijIWv0RRYA-2D2Fdc2r546s6eSy8HZocDFla36b4iDH-2D2B3aDT4HLjIh-2D2Fo9vK3qWDuW00SPllrHUyE-2D2F7oUepVlho6xRLLFnygiZnALZqGXTakYwTsw7U1i0kOz8YTJZN0atv-2D2B6Wb8Vsz97NI2noXzGt&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=jYMgIvM9_yt_Km6BPb_6bGayAwBnNfdQfyEIUl0nh-c&e=
>
Sign
in
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sJEB6DZ3WcL-2D2F4II6g4nOXtSt18YBqIm8t9ln67kM2qPU7-2D2BwIp1OhBha1A2HxxgKMyX40eU0B-2D2BxCoEbAUvsw0AB0X9T5UGmnA4C-2D2BYrM2D-2D2B3MDuTZhqAqaXY6Ippc5CRnN3usIzrFwtPWH1tKIk-2D2FIapGBC7Y2Lsyw7S4QWTtwqE8U67-2D2FuDGyxs1Fd0tvqdx9gIQ&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=K2tkQ2Tb9oa3Sjqjz5vsiIS-P2Hy6DqVhKB9spHTchQ&e=
>
*gstein,*
We found a potential security vulnerability in a repository for which you
have been granted security alert access.
[image: @apache] apache/incubator-livy
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp23Ag8-2D2FxhdvxK9GAMrvp8gUC-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sqJPyhuVFWI7a-2D2BCvW4tyXVGKVBZY13BEvr-2D2Bq0IaZU-2D2BUr9JXtZ-2D2FwPj4cV2z3v3QVEOiwfg1cPLVN93lsgJ8m5RMCdkFQBaHX-2D2Bxc-2D2B-2D2BIRsFowmpW0QyMBlxuDLaxDM4JwxNhXI3BIM7nyaHpSS-2D2FYq6xcOzCY2u-2D2B-2D2B2GH1SAI3PmsjyEjQqdMIARNgBMpvoIRbrRgp&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=TIOzm9vKkovR4wJNqRAwHMl94HpjJEbjDHlA11VNiY0&e=
>
Known * critical severity* security vulnerability detected in nokogiri <
1.8.1 defined in Gemfile.lock
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sKmS-2D2B4Jr20quYqSULJfJpwhzNFCYuG-2D2Fcp-2D2BZ53NXhvxtDb6uQlhPVD-2D2BWhPS-2D2F8KvYfjoJvoxxa-2D2B8fGggIKzvNEAZq3ghOpKRdYfXiWO7PMcJMkpxyPF1lBYdww4rR2mqKtRCh8hbW8Pikyiij0abzMoZOe5IhuZhuCtVolZWuydD9MOHFlbZZ085iiui59TrE6Z&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=P_7aEqGphQZvRAj4fzeQ9xzAn56srya2eH76eDMcqkM&e=
>.
Gemfile.lock
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1B6kbDR-2D2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ5YHwUqPmspFEs5FGzvBtkT-2D2BGxTgoMX32p1A30L7XZl9ba1BQ6kIc1Ju5KJnc9UFc9YhoObi9S7D6j4K4Kd-2D2BPNMLSjQYMDdw1Ok22ar0ELvfe0GIC8Kr6L3-2D2BcuFd4h134bTAF-2D2BE4BkAZkEJ09z-2D2FBOw8UEmNbvbW47WusN6PUaa-2D2BpC4X2-2D2BAl0DkEaPeDdIX4p&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=4nB55rsmf5lsCkLyAePSjrN-9XeSUAb33uG4uIuqygI&e=
>
update suggested: nokogiri ~> 1.8.1.
Always verify the validity and compatibility of suggestions with your
codebase.
Review vulnerable dependency
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2D2Bh1BsSEpl7-2D2BodLzkPnCI16io1EUX0KWzbnTNsYMVTWx5FkY-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s63BiTzDYzOMuznnWGknprX5nV5qI3p7E5MNq-2D2F-2D2BCeSmff9oAuadWJgaOfvHZLByYIV0zHOOFGuioyaQ9TO1oI3FSGN2IbGYrbjGG7grFgEIaMQdmRl29mN63jqTTvjlIdbxDAHXaDzyseL6To8UVFPOihmHtsBfJ2hvjelwhG2S4n7rmgqoKidrE81f196nYg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=rOjG4cVYadjBS_NYOrnI6yI0vJDCbX4yy9EZISn_bdU&e=
>
------------------------------
Only users who have been assigned access to security alerts will receive
these notifications.
Unsubscribe
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBh4tM-2D2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QERwAm0kRs-2D2BRbdRN9p4cNyTeWPYkfrS1ODEOx0oDnLbM2kp4eFoUgxpyR3UaHs1zobd4govawYg7uAIW5v89Mheg-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sCQBUqbu4yKe40h5oO9JBbZ-2D2F1zvvJCfLchhz3sY23EBCpkI-2D2F5s-2D2BjExUKpmsuicwGyhELdxNuSrd6Q1L3Qb5Vey4NwRdJhiBIaRylHLpQE4Oa05ohrf5fQOPD09AZOpnbJDyiZ-2D2B7C2oktRtytgoDhPHKnOwQwTNnWSUnrnHLW8g0rW9zfxefyuWf5C8L5g5iho&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=PivY1pqnuKvv9L2G7rdFs22-xQd3t3wo5EoQvMtbfIU&e=
>
· Email preferences
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBlttXBNYv-2D2BeGM-2D2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spWA8FXrQ1ep3Y4MqmtLqy0g82Io9WrJdQ7JAJ4ieKHX-2D2FrjvOLsmCuN6OYy-2D2Bj-2D2BuQlwwX27bdOnDTIXfGtB-2D2FmfknuFuijXP1Dykj1crN0oVJNqqZ6nalIMcTzEoXJta2RWzBpA89JPppMP-2D2Fi3gxtaRgOBGg50FqfS6Ha9kBxOoBQYqS2hc8ex3BJjegfu5wVDE&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=wkhToTUjuWCKDO3xh93WKH_SxMfVFw-NDBdFmNFDi18&e=
>
· Terms
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s6sNTjkBCA2xCr4x1F71-2D2BZ14misEugYy0l8X-2D2FzMgtwWsHoYwdGEizaBRfnQ2iRPvKdHS-2D2FCQ081unwMr-2D2BL5fv8UG8vJikLrGWZ48puRQrcusIf9mbVzyIHZnMyHmdgYb2x-2D2Bz8GVa28DwCXzy2oRybx5HrxuiWisqVhsdtUOcXiWVTG7r5hN2oqiyglVPvldKHh&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=GM3alu-l56pknOnQNXDm-IbEtgWP2Un_agSkr_kAqWM&e=
>
· Privacy
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DH-2D2FQ3yMxnv4jw-2D2BxNnSBX80-2D2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2D2Fw-2D2BqmMjx3QOoJQotJaBhy-2D2FxQ-2D3D-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s3h6dQ0QKxN85hwWNE-2D2BqWIl-2D2Bx7lg9gGiAlF0U-2D2Bo1Sl-2D2FFa2SwurJ0v6lr315R9V7G4fhhTQdRgotvoAFvh6qZ3KH8Fw8cRtCnnzvX-2D2Fg-2D2BnBYRi414TuS5GbSAICj8Gtks0F16xrQnOR98zpO3NDH5u5GrJ7sjwzyQWL6cllaGDb7G9NImh7p84Iayt6WXWCQMQx&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=mc6ZkmBiq1XEjg-RqOU7JJWjXsB0AMnCrq5dSqQa8r4&e=
>
· Sign into GitHub
<
https://urldefense.proofpoint.com/v2/url?u=http-3A__sgmail.githubmail.com_wf_click-3Fupn-3DlYxq-2D2FYU7yocrdKNILYalBluE-2D2FGrtUQ7WwbM8S6nEaj0-2D3D-5Fw6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spQrXV-2D2FD70Om0kvkcSUtEX5q3hBMuhzysFierzh9ycD6OINvRkjw0H2rT0qYgQI-2D2FouRhKejIMp9YeHiVmqZH2qt6Gudf161-2D2FePYOd0zXNUYfYDFFzIJdH2zYOCNh8LuyGIpd5QlBiWjdQsdO-2D2FCBxFOdI-2D2FrKiYJI9-2D2FoDyCJ4QBpyTXHiNGVpRmSpAxfsf2lf-2D2Bw&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=-8-hshFkABFmcbChi9IdYV1IA0GpJsPcG5ACKIQ6CwE&e=
>
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
<
https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D88-2BColin-2BP-2BKelly-2BJr-2BSt.-250D-2BSan-2BFrancisco-2C-2BCA-2B94107-26entry-3Dgmail-26source-3Dg&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=S1_S7Dymu4ZL6g7L21O78VQZ53vEnAyZ-cx37DPYDyo&m=Nb2s-wD-u11k66Q4U1HKkndVLMmWEk0K2SJ8nMDlxjw&s=dq8oCkweIPd0tMVoruUT5ci6K_Zm0FHYaVD0Owxun0Q&e=
>
