zookeeper-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814
Date Mon, 24 Jun 2019 18:53:55 GMT
phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar
for CVE-2019-12814
URL: https://github.com/apache/zookeeper/pull/1001#discussion_r296866736
 
 

 ##########
 File path: owaspSuppressions.xml
 ##########
 @@ -35,4 +35,10 @@
            False positive on Netty 4.x-->
       <cve>CVE-2018-12056</cve>
    </suppress>
+   <suppress>
 
 Review comment:
   I'd recommend just waiting for the upstream to get published rather than suppressing. I
don't think we have adequate tracking to ensure we eventually do fix. Seems like we should
just wait a few days based on what I'm seeing upstream?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message