Il giorno mar 5 gen 2021 alle ore 15:48 Norbert Kalmar <nkal...@cloudera.com.invalid> ha scritto:
> It failed due to the CVE, and the fix was not a clean cherry-pick to 3.5. > Thank you Norbert, I didn't find any official "CANCELLED" response. no hurry Enrico > Then Holidays hit, and I didn't do RC2. Picking it up now, and checking > what needs to be backported and doing an RC2. > > - Norbert > > On Tue, Jan 5, 2021 at 12:26 PM Enrico Olivelli <eolive...@gmail.com> > wrote: > > > What's the status of this VOTE ? > > > > Enrico > > > > Il giorno mar 8 dic 2020 alle ore 21:28 Damien Diederen < > > ddiede...@sinenomine.net> ha scritto: > > > > > > > > Hi Andor, > > > > > > > Is this not the same Jar that I’ve upgraded recently, because of a > CVE? > > > > > > It is. You updated it for CVE-2020-27216, and this is now for > > > CVE-2020-27218! > > > > > > Cheers, -D > > > > > > > > > > > > > > > >> On 2020. Dec 5., at 22:03, Patrick Hunt <ph...@apache.org> wrote: > > > >> > > > >> Thanks Damien! I reviewed and it looks good except for one small > > > comment I > > > >> hope we can also address (commented on PR). > > > >> > > > >> Regards, > > > >> > > > >> Patrick > > > >> > > > >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen < > > > ddiede...@sinenomine.net> > > > >> wrote: > > > >> > > > >>> > > > >>> Hi Patrick, all, > > > >>> > > > >>>> -1 - the dependency check is failing with a known CVE > > > >>>> > > > >>>> $ mvn clean package -DskipTests dependency-check:check > > > >>>> ... > > > >>>> [ERROR] One or more dependencies were identified with > > vulnerabilities > > > >>> that > > > >>>> have a CVSS score greater than or equal to '0.0': > > > >>>> [ERROR] > > > >>>> [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > > > >>>> [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > > > >>> > > > >>> For the (mailing list) record, I have created: > > > >>> > > > >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > > > >>> https://github.com/apache/zookeeper/pull/1552 > > > >>> > > > >>> Best, -D > > > >>> > > > > > >