[ https://issues.apache.org/jira/browse/ZOOKEEPER-3217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16721907#comment-16721907 ]
Patrick Hunt commented on ZOOKEEPER-3217: ----------------------------------------- afaict there is no stable release of slf4j which includes this fix. There is a beta available though from the looks of it. > owasp job flagging slf4j on trunk > --------------------------------- > > Key: ZOOKEEPER-3217 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3217 > Project: ZooKeeper > Issue Type: Bug > Reporter: Patrick Hunt > Priority: Major > Fix For: 3.6.0, 3.5.5, 3.4.14 > > > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html > https://nvd.nist.gov/vuln/detail/CVE-2018-8088 > We don't use EventData but should consider upgrading. -- This message was sent by Atlassian JIRA (v7.6.3#76005)