Thanks Patrick, I'll review and preferably commit your patch, which should negate the CVE warning.
Regards, Norbert On Wed, Jan 22, 2020 at 5:31 PM Patrick Hunt <[email protected]> wrote: > owasp is failing on branch-3.5, > [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330 > > seems the same as: > https://issues.apache.org/jira/browse/ZOOKEEPER-3699 > > Patrick > > On Wed, Jan 22, 2020 at 5:12 AM Ivan Kelly <[email protected]> wrote: > > > > Would you have time for a quick fix ? > > > > The measures to avoid the problem are listed at the end of the JIRA > > description. I can't submit a PR until I get permission from my > > company legal to push to ZK. > > > > -Ivan > > >
