zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: owasp job just started flagging slf4j
Date Sun, 23 Dec 2018 01:38:59 GMT
lgtm, minor nit and then we're good to go imo.

Thanks,

Patrick

On Sat, Dec 22, 2018 at 6:31 AM Enrico Olivelli <eolivelli@gmail.com> wrote:

> Patch updated with a better approach
>
> Enrico
>
> Il ven 21 dic 2018, 00:29 Patrick Hunt <phunt1@gmail.com> ha scritto:
>
> > Thanks Enrico, I commented on the PR, lmk if that doesn't make sense.
> >
> > Patrick
> >
> > On Mon, Dec 17, 2018 at 8:34 AM Enrico Olivelli <eolivelli@gmail.com>
> > wrote:
> >
> > > Here it is
> > > https://github.com/apache/zookeeper/pull/736
> > >
> > > I have disable all jars for slf4j, I can narrow the patch down to the
> > > single file. I don't know how it is worth
> > >
> > > Enrico
> > >
> > > Il giorno lun 17 dic 2018 alle ore 07:02 Enrico Olivelli
> > > <eolivelli@gmail.com> ha scritto:
> > > >
> > > > Sure
> > > >
> > > > Enrico
> > > >
> > > > Il lun 17 dic 2018, 02:43 Patrick Hunt <phunt@apache.org> ha
> scritto:
> > > >>
> > > >> Sounds reasonable Enrico. Do you want to submit a PR against
> > > ZOOKEEPER-3217
> > > >> <https://issues.apache.org/jira/browse/ZOOKEEPER-3217> and I'll
> > > >> review/commit it? We can revert the patch as part of finally
> resolving
> > > that
> > > >> issue.
> > > >>
> > > >> Patrick
> > > >>
> > > >> On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli <
> eolivelli@gmail.com>
> > > wrote:
> > > >>
> > > >> > Can we whitelist that jar in the meantime?
> > > >> >
> > > >> > Enrico
> > > >> >
> > > >> > Il sab 15 dic 2018, 01:28 Patrick Hunt <phunt@apache.org>
ha
> > scritto:
> > > >> >
> > > >> > >
> > > >> > >
> > > >> >
> > >
> >
> https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html
> > > >> > >
> > > >> > > https://nvd.nist.gov/vuln/detail/CVE-2018-8088
> > > >> > >
> > > >> > > We don't use EventData but should consider upgrading.
> > > >> > >
> > > >> > > https://issues.apache.org/jira/browse/ZOOKEEPER-3217
> > > >> > >
> > > >> > > Patrick
> > > >> > >
> > > >> > --
> > > >> >
> > > >> >
> > > >> > -- Enrico Olivelli
> > > >> >
> > > >
> > > > --
> > > >
> > > >
> > > > -- Enrico Olivelli
> > >
> >
> --
>
>
> -- Enrico Olivelli
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message