Re: Overriding Maven lifecycles used in test-patch

Tue, 07 Aug 2018 08:37:25 -0700 

Yikes. o.O

On 8/3/18 2:47 PM, Allen Wittenauer wrote:



On Aug 3, 2018, at 10:29 AM, Josh Elser <[email protected]> wrote:

Hi Nick!

In chatting with Sean before sending this email, he pretty much suggested the 
same thing to me. I think this is the eventuality I need to embrace -- was just 
hoping for something a little less drastic for a first contribution ;)



        Playing with YETUS-441 (which still hasn’t been committed, for those of 
you with time to review patches), you could always make your first contribution 
to fix up any valid CVEs… haha.

             CVE  |  Severity Dependency
   CVE-2015-5237  |  Medium protobuf-javanano-3.1.0.jar
   CVE-2014-3488  |  Medium netty-tcnative-2.0.8.Final-linux-x86_64.jar
   CVE-2015-2156  |  Medium netty-tcnative-2.0.8.Final-linux-x86_64.jar
   CVE-2017-5645  |  High log4j-api-2.6.2.jar
   CVE-2011-4461  |  Medium jetty-6.1.26.jar
   CVE-2014-0114  |  High commons-beanutils-1.7.0.jar
   CVE-2014-0114  |  High commons-beanutils-core-1.8.0.jar
   CVE-2015-5237  |  Medium protobuf-java-2.5.0.jar
  CVE-2017-12972  |  Medium nimbus-jose-jwt-3.9.jar
  CVE-2017-12973  |  Medium nimbus-jose-jwt-3.9.jar
  CVE-2017-12974  |  Medium nimbus-jose-jwt-3.9.jar
   CVE-2014-0085  |  Low curator-framework-2.7.1.jar
   CVE-2016-5017  |  Medium curator-framework-2.7.1.jar
   CVE-2018-8012  |  Medium curator-framework-2.7.1.jar
  CVE-2017-15713  |  Medium hadoop-auth-3.0.0-alpha1.jar
   CVE-2017-3166  |  Medium hadoop-auth-3.0.0-alpha1.jar
   CVE-2017-7669  |  High hadoop-auth-3.0.0-alpha1.jar
   CVE-2016-5725  |  Medium jsch-0.1.51.jar
   CVE-2014-0193  |  Medium netty-3.7.0.Final.jar
   CVE-2014-3488  |  Medium netty-3.7.0.Final.jar
   CVE-2015-2156  |  Medium netty-3.7.0.Final.jar
   CVE-2014-0085  |  Low zookeeper-3.4.6.jar
   CVE-2016-5017  |  Medium zookeeper-3.4.6.jar
   CVE-2017-5637  |  Medium zookeeper-3.4.6.jar
   CVE-2018-8012  |  Medium zookeeper-3.4.6.jar
   CVE-2015-4035  |  Medium xz-1.0.jar
   CVE-2012-4449  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
   CVE-2016-5001  |  Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
   CVE-2017-3161  |  Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
   CVE-2017-3162  |  High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
























					Reply via email to