Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0
Thanks Damien! I reviewed and it looks good except for one small comment I hope we can also address (commented on PR). Regards, Patrick On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen wrote: > > Hi Patrick, all, > > > -1 - the dependency check is failing with a known CVE > > > > $ mvn clean package -DskipTests dependency-check:check > > ... > > [ERROR] One or more dependencies were identified with vulnerabilities > that > > have a CVSS score greater than or equal to '0.0': > > [ERROR] > > [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > > [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > > For the (mailing list) record, I have created: > > https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > https://github.com/apache/zookeeper/pull/1552 > > Best, -D >
Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0
Hi Patrick, all, > -1 - the dependency check is failing with a known CVE > > $ mvn clean package -DskipTests dependency-check:check > ... > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '0.0': > [ERROR] > [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 For the (mailing list) record, I have created: https://issues.apache.org/jira/browse/ZOOKEEPER-4023 https://github.com/apache/zookeeper/pull/1552 Best, -D
[jira] [Created] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216
Damien Diederen created ZOOKEEPER-4023: -- Summary: CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 Key: ZOOKEEPER-4023 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4023 Project: ZooKeeper Issue Type: Task Components: server Affects Versions: 3.7.0, 3.5.8, 3.6.2 Reporter: Damien Diederen Assignee: Andor Molnar Fix For: 3.7.0, 3.5.9, 3.6.3 https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/job/master/38/artifact/zookeeper-server/target/dependency-check-report.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
