[ https://issues.apache.org/jira/browse/ZOOKEEPER-4510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531892#comment-17531892 ]
Mohammad Arshad commented on ZOOKEEPER-4510: -------------------------------------------- dependency-check-maven upgrade to latest release 7.1.0 solves this false positive CVE issue. I will raise PR. > dependency-check:check failing - reload4j-1.2.19.jar: CVE-2020-9493, > CVE-2022-23307 > ----------------------------------------------------------------------------------- > > Key: ZOOKEEPER-4510 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4510 > Project: ZooKeeper > Issue Type: Bug > Reporter: Mohammad Arshad > Assignee: Mohammad Arshad > Priority: Blocker > Labels: pull-request-available > Fix For: 3.6.4, 3.7. > > Time Spent: 0.5h > Remaining Estimate: 0h > > On branch-3.7 "mvn clean package -DskipTests dependency-check:check" is > failing with following errors. > {code:java} > [ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.3:check > (default-cli) on project zookeeper-assembly: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '0.0': > [ERROR] > [ERROR] reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307 > {code} -- This message was sent by Atlassian Jira (v8.20.7#820007)