Sounds reasonable Enrico. Do you want to submit a PR against ZOOKEEPER-3217 <https://issues.apache.org/jira/browse/ZOOKEEPER-3217> and I'll review/commit it? We can revert the patch as part of finally resolving that issue.
Patrick On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli <eolive...@gmail.com> wrote: > Can we whitelist that jar in the meantime? > > Enrico > > Il sab 15 dic 2018, 01:28 Patrick Hunt <ph...@apache.org> ha scritto: > > > > > > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html > > > > https://nvd.nist.gov/vuln/detail/CVE-2018-8088 > > > > We don't use EventData but should consider upgrading. > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-3217 > > > > Patrick > > > -- > > > -- Enrico Olivelli >