[ https://issues.apache.org/jira/browse/ZOOKEEPER-4510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517491#comment-17517491 ]
Christopher Tubbs commented on ZOOKEEPER-4510: ---------------------------------------------- 1.2.19 is the latest version right now and includes changes to address these. > dependency-check:check failing - reload4j-1.2.19.jar: CVE-2020-9493, > CVE-2022-23307 > ----------------------------------------------------------------------------------- > > Key: ZOOKEEPER-4510 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4510 > Project: ZooKeeper > Issue Type: Bug > Reporter: Mohammad Arshad > Priority: Critical > Fix For: 3.7.1, 3.6.4 > > > On branch-3.7 "mvn clean package -DskipTests dependency-check:check" is > failing with following errors. > {code:java} > [ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.3:check > (default-cli) on project zookeeper-assembly: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '0.0': > [ERROR] > [ERROR] reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307 > {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)