Hi Alex, Would you please check again? Thanks!
Best regards ---------- Forwarded message ---------- From: Apache Security Team <secur...@apache.org> Date: 2018-03-06 16:39 GMT+08:00 Subject: Re: [apache/incubator-livy] One of your dependencies may have a security vulnerability To: Saisai Shao <sai.sai.s...@gmail.com> Cc: priv...@livy.incubator.apache.org, Apache Security Team < secur...@apache.org> Hi, no the gitlab notification states it needs to be nokogiri > 1.8.1 and your current Gemfile.lock specifies = 1.8.0 Cheers, Mark J Cox On Tue, Mar 6, 2018 at 12:13 AM, Saisai Shao <sai.sai.s...@gmail.com> wrote: > I think it was fixed by Alex (https://github.com/apache/inc > ubator-livy/commit/26428c56f20ba5ea608038ed8c2e11d8f04665d4). > > > 2018-03-06 2:29 GMT+08:00 Marcelo Vanzin <van...@cloudera.com>: > >> Hey Alex / Saisai, >> >> This was fixed, right? >> >> If so you need to update the guys at security@ saying this was fixed (or >> what needs to be done to fix it). >> >> >> On Mon, Mar 5, 2018 at 1:50 AM, Apache Security Team <secur...@apache.org >> > wrote: >> >>> On Mon, Feb 19, 2018 at 8:55 AM, Apache Security Team < >>> secur...@apache.org> wrote: >>> >>>> Hi Livy team, making sure you saw this and will action it. >>>> >>>> Regards, Mark J Cox >>>> >>>> On Tue, Jan 23, 2018 at 10:14 PM, Greg Stein <gst...@gmail.com> wrote: >>>> >>>>> Livy PPMC: FYI >>>>> >>>>> ---------- Forwarded message ---------- >>>>> From: GitHub <notificati...@github.com> >>>>> Date: Tue, Jan 23, 2018 at 2:22 PM >>>>> Subject: [apache/incubator-livy] One of your dependencies may have a >>>>> security vulnerability >>>>> To: apache/incubator-livy <incubator-l...@noreply.github.com> >>>>> Cc: Security alert <security_al...@noreply.github.com> >>>>> >>>>> >>>>> We found a potential security vulnerabilty in one of your dependencies >>>>> [image: GitHub] >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ8ttXgzgS3BVWKu3VBqXOMpSzW2VEkJKKe2e9uTex9Q7Z9UijIWv0RRYA-2Fdc2r546s6eSy8HZocDFla36b4iDH-2B3aDT4HLjIh-2Fo9vK3qWDuW00SPllrHUyE-2F7oUepVlho6xRLLFnygiZnALZqGXTakYwTsw7U1i0kOz8YTJZN0atv-2B6Wb8Vsz97NI2noXzGt> >>>>> Sign >>>>> in >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sJEB6DZ3WcL-2F4II6g4nOXtSt18YBqIm8t9ln67kM2qPU7-2BwIp1OhBha1A2HxxgKMyX40eU0B-2BxCoEbAUvsw0AB0X9T5UGmnA4C-2BYrM2D-2B3MDuTZhqAqaXY6Ippc5CRnN3usIzrFwtPWH1tKIk-2FIapGBC7Y2Lsyw7S4QWTtwqE8U67-2FuDGyxs1Fd0tvqdx9gIQ> >>>>> *gstein,* >>>>> >>>>> We found a potential security vulnerability in a repository for which >>>>> you have been granted security alert access. >>>>> [image: @apache] apache/incubator-livy >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp23Ag8-2FxhdvxK9GAMrvp8gUC_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sqJPyhuVFWI7a-2BCvW4tyXVGKVBZY13BEvr-2Bq0IaZU-2BUr9JXtZ-2FwPj4cV2z3v3QVEOiwfg1cPLVN93lsgJ8m5RMCdkFQBaHX-2Bxc-2B-2BIRsFowmpW0QyMBlxuDLaxDM4JwxNhXI3BIM7nyaHpSS-2FYq6xcOzCY2u-2B-2B2GH1SAI3PmsjyEjQqdMIARNgBMpvoIRbrRgp> >>>>> Known * critical severity* security vulnerability detected in nokogiri >>>>> < 1.8.1 defined in Gemfile.lock >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2Bh1B6kbDR-2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sKmS-2B4Jr20quYqSULJfJpwhzNFCYuG-2Fcp-2BZ53NXhvxtDb6uQlhPVD-2BWhPS-2F8KvYfjoJvoxxa-2B8fGggIKzvNEAZq3ghOpKRdYfXiWO7PMcJMkpxyPF1lBYdww4rR2mqKtRCh8hbW8Pikyiij0abzMoZOe5IhuZhuCtVolZWuydD9MOHFlbZZ085iiui59TrE6Z>. >>>>> >>>>> Gemfile.lock >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2Bh1B6kbDR-2FojhEUYkAYcdbN0VSnoCf19MxCRvx0tyoloYkc-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sZ5YHwUqPmspFEs5FGzvBtkT-2BGxTgoMX32p1A30L7XZl9ba1BQ6kIc1Ju5KJnc9UFc9YhoObi9S7D6j4K4Kd-2BPNMLSjQYMDdw1Ok22ar0ELvfe0GIC8Kr6L3-2BcuFd4h134bTAF-2BE4BkAZkEJ09z-2FBOw8UEmNbvbW47WusN6PUaa-2BpC4X2-2BAl0DkEaPeDdIX4p> >>>>> update suggested: nokogiri ~> 1.8.1. >>>>> Always verify the validity and compatibility of suggestions with your >>>>> codebase. >>>>> Review vulnerable dependency >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBg5kFs28ucWJkBdd8Thfp210wIho9lAyQVafDi7j-2Bh1BsSEpl7-2BodLzkPnCI16io1EUX0KWzbnTNsYMVTWx5FkY-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s63BiTzDYzOMuznnWGknprX5nV5qI3p7E5MNq-2F-2BCeSmff9oAuadWJgaOfvHZLByYIV0zHOOFGuioyaQ9TO1oI3FSGN2IbGYrbjGG7grFgEIaMQdmRl29mN63jqTTvjlIdbxDAHXaDzyseL6To8UVFPOihmHtsBfJ2hvjelwhG2S4n7rmgqoKidrE81f196nYg> >>>>> ------------------------------ >>>>> >>>>> Only users who have been assigned access to security alerts will >>>>> receive these notifications. >>>>> Unsubscribe >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QERwAm0kRs-2BRbdRN9p4cNyTeWPYkfrS1ODEOx0oDnLbM2kp4eFoUgxpyR3UaHs1zobd4govawYg7uAIW5v89Mheg-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1sCQBUqbu4yKe40h5oO9JBbZ-2F1zvvJCfLchhz3sY23EBCpkI-2F5s-2BjExUKpmsuicwGyhELdxNuSrd6Q1L3Qb5Vey4NwRdJhiBIaRylHLpQE4Oa05ohrf5fQOPD09AZOpnbJDyiZ-2B7C2oktRtytgoDhPHKnOwQwTNnWSUnrnHLW8g0rW9zfxefyuWf5C8L5g5iho> >>>>> · Email preferences >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spWA8FXrQ1ep3Y4MqmtLqy0g82Io9WrJdQ7JAJ4ieKHX-2FrjvOLsmCuN6OYy-2Bj-2BuQlwwX27bdOnDTIXfGtB-2FmfknuFuijXP1Dykj1crN0oVJNqqZ6nalIMcTzEoXJta2RWzBpA89JPppMP-2Fi3gxtaRgOBGg50FqfS6Ha9kBxOoBQYqS2hc8ex3BJjegfu5wVDE> >>>>> · Terms >>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s6sNTjkBCA2xCr4x1F71-2BZ14misEugYy0l8X-2FzMgtwWsHoYwdGEizaBRfnQ2iRPvKdHS-2FCQ081unwMr-2BL5fv8UG8vJikLrGWZ48puRQrcusIf9mbVzyIHZnMyHmdgYb2x-2Bz8GVa28DwCXzy2oRybx5HrxuiWisqVhsdtUOcXiWVTG7r5hN2oqiyglVPvldKHh> >>>>> · Privacy >>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1s3h6dQ0QKxN85hwWNE-2BqWIl-2Bx7lg9gGiAlF0U-2Bo1Sl-2FFa2SwurJ0v6lr315R9V7G4fhhTQdRgotvoAFvh6qZ3KH8Fw8cRtCnnzvX-2Fg-2BnBYRi414TuS5GbSAICj8Gtks0F16xrQnOR98zpO3NDH5u5GrJ7sjwzyQWL6cllaGDb7G9NImh7p84Iayt6WXWCQMQx> >>>>> · Sign into GitHub >>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_w6S5n3vrKqGS7A36Z0jQnv0H94jgQYM8GX7TqkbHsZJGWdsYqQFjxwriEF8ZmW1spQrXV-2FD70Om0kvkcSUtEX5q3hBMuhzysFierzh9ycD6OINvRkjw0H2rT0qYgQI-2FouRhKejIMp9YeHiVmqZH2qt6Gudf161-2FePYOd0zXNUYfYDFFzIJdH2zYOCNh8LuyGIpd5QlBiWjdQsdO-2FCBxFOdI-2FrKiYJI9-2FoDyCJ4QBpyTXHiNGVpRmSpAxfsf2lf-2Bw> >>>>> >>>>> GitHub, Inc. >>>>> 88 Colin P Kelly Jr St. >>>>> San Francisco, CA 94107 >>>>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g> >>>>> >>>>> >>>> >>> >> >> >> -- >> Marcelo >> > >