Here it is https://github.com/apache/zookeeper/pull/736
I have disable all jars for slf4j, I can narrow the patch down to the single file. I don't know how it is worth Enrico Il giorno lun 17 dic 2018 alle ore 07:02 Enrico Olivelli <[email protected]> ha scritto: > > Sure > > Enrico > > Il lun 17 dic 2018, 02:43 Patrick Hunt <[email protected]> ha scritto: >> >> Sounds reasonable Enrico. Do you want to submit a PR against ZOOKEEPER-3217 >> <https://issues.apache.org/jira/browse/ZOOKEEPER-3217> and I'll >> review/commit it? We can revert the patch as part of finally resolving that >> issue. >> >> Patrick >> >> On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli <[email protected]> wrote: >> >> > Can we whitelist that jar in the meantime? >> > >> > Enrico >> > >> > Il sab 15 dic 2018, 01:28 Patrick Hunt <[email protected]> ha scritto: >> > >> > > >> > > >> > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html >> > > >> > > https://nvd.nist.gov/vuln/detail/CVE-2018-8088 >> > > >> > > We don't use EventData but should consider upgrading. >> > > >> > > https://issues.apache.org/jira/browse/ZOOKEEPER-3217 >> > > >> > > Patrick >> > > >> > -- >> > >> > >> > -- Enrico Olivelli >> > > > -- > > > -- Enrico Olivelli
