zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrico Olivelli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-3256) Enable OWASP checks to Maven build
Date Fri, 25 Jan 2019 22:14:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-3256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752736#comment-16752736
] 

Enrico Olivelli commented on ZOOKEEPER-3256:
--------------------------------------------

This is the result of the Maven version:

[ERROR] pom.xml: CVE-2018-8012, CVE-2016-5017
[ERROR] netty-all-4.1.29.Final.jar: CVE-2018-12056
[ERROR] jetty-http-9.4.10.v20180503.jar: CVE-2017-7656, CVE-2017-7658, CVE-2017-7657, CVE-2018-12536
[ERROR] jackson-databind-2.9.5.jar: CVE-2018-14719, CVE-2018-1000873, CVE-2018-14718, CVE-2018-19362,
CVE-2018-19361, CVE-2018-19360, CVE-2018-14721, CVE-2018-14720
[ERROR] bcprov-jdk15on-1.56.jar: CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613
[ERROR] pom.xml: CVE-2018-8012, CVE-2016-5017

> Enable OWASP checks  to Maven build
> -----------------------------------
>
>                 Key: ZOOKEEPER-3256
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3256
>             Project: ZooKeeper
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Enrico Olivelli
>            Assignee: Enrico Olivelli
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.6.0, 3.5.5, 3.4.14
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Port OWASP check task to the Maven build, the suppressionsFile is the same as the ANT
task
> use this command to run the check:
> {code:java}
> mvn org.owasp:dependency-check-maven:aggregate{code}
>  
> ant based counterpart is:
> {code:java}
> ant owasp{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message