zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrico Olivelli <eolive...@gmail.com>
Subject Re: owasp job just started flagging slf4j
Date Mon, 17 Dec 2018 16:33:49 GMT
Here it is
https://github.com/apache/zookeeper/pull/736

I have disable all jars for slf4j, I can narrow the patch down to the
single file. I don't know how it is worth

Enrico

Il giorno lun 17 dic 2018 alle ore 07:02 Enrico Olivelli
<eolivelli@gmail.com> ha scritto:
>
> Sure
>
> Enrico
>
> Il lun 17 dic 2018, 02:43 Patrick Hunt <phunt@apache.org> ha scritto:
>>
>> Sounds reasonable Enrico. Do you want to submit a PR against ZOOKEEPER-3217
>> <https://issues.apache.org/jira/browse/ZOOKEEPER-3217> and I'll
>> review/commit it? We can revert the patch as part of finally resolving that
>> issue.
>>
>> Patrick
>>
>> On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli <eolivelli@gmail.com> wrote:
>>
>> > Can we whitelist that jar in the meantime?
>> >
>> > Enrico
>> >
>> > Il sab 15 dic 2018, 01:28 Patrick Hunt <phunt@apache.org> ha scritto:
>> >
>> > >
>> > >
>> > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html
>> > >
>> > > https://nvd.nist.gov/vuln/detail/CVE-2018-8088
>> > >
>> > > We don't use EventData but should consider upgrading.
>> > >
>> > > https://issues.apache.org/jira/browse/ZOOKEEPER-3217
>> > >
>> > > Patrick
>> > >
>> > --
>> >
>> >
>> > -- Enrico Olivelli
>> >
>
> --
>
>
> -- Enrico Olivelli

Mime
View raw message