zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] eolivelli commented on issue #792: ZOOKEEPER-3262 Update dependencies flagged by OWASP report
Date Fri, 01 Feb 2019 21:12:16 GMT
eolivelli commented on issue #792: ZOOKEEPER-3262 Update dependencies flagged by OWASP report
URL: https://github.com/apache/zookeeper/pull/792#issuecomment-459869080
 
 
   @phunt  we are suppressing specifics CVEs, they are tied to specific versions of dependencies,
I think there is no trouble even for the future.
   
   We should check suppressed CVEs in the future, maybe such suppressions won't be needed
any more, but having them in the codebase does not hurt.
   
   IMHO  The is no risk that suppressing a CVE will have an impact on other checks 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message