Hi Andor,
> Is this not the same Jar that I’ve upgraded recently, because of a CVE? It is. You updated it for CVE-2020-27216, and this is now for CVE-2020-27218! Cheers, -D >> On 2020. Dec 5., at 22:03, Patrick Hunt <ph...@apache.org> wrote: >> >> Thanks Damien! I reviewed and it looks good except for one small comment I >> hope we can also address (commented on PR). >> >> Regards, >> >> Patrick >> >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen <ddiede...@sinenomine.net> >> wrote: >> >>> >>> Hi Patrick, all, >>> >>>> -1 - the dependency check is failing with a known CVE >>>> >>>> $ mvn clean package -DskipTests dependency-check:check >>>> ... >>>> [ERROR] One or more dependencies were identified with vulnerabilities >>> that >>>> have a CVSS score greater than or equal to '0.0': >>>> [ERROR] >>>> [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 >>>> [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 >>> >>> For the (mailing list) record, I have created: >>> >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 >>> https://github.com/apache/zookeeper/pull/1552 >>> >>> Best, -D >>>
