zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eolive...@apache.org
Subject [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Date Mon, 04 May 2020 12:13:52 GMT
This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new f6b54a6  ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
f6b54a6 is described below

commit f6b54a6cd227ac37f28803f45d7287c7fd3a8142
Author: Mate Szalay-Beko <symat@apache.org>
AuthorDate: Mon May 4 14:13:41 2020 +0200

    ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
    
    Author: Mate Szalay-Beko <symat@apache.org>
    
    Reviewers: Enrico Olivelli <eolivelli@apache.org>
    
    Closes #1346 from symat/ZOOKEEPER-3817
---
 owaspSuppressions.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index ae94db4..2565f0d 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -46,4 +46,9 @@
            ZOOKEEPER-3677 -->
       <cve>CVE-2019-17571</cve>
    </suppress>
+   <suppress>
+      <!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL now, we can't
fix this unless we
+           upgrade to log4j 2. See ZOOKEEPER-3817 -->
+      <cve>CVE-2020-9488</cve>
+   </suppress>
 </suppressions>


Mime
View raw message