This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch branch-3.6
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.6 by this push:
new 6f23dfb ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
6f23dfb is described below
commit 6f23dfbbe3684092cb645d52b718c8f99902cff2
Author: Mate Szalay-Beko <symat@apache.org>
AuthorDate: Mon May 4 14:13:41 2020 +0200
ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Author: Mate Szalay-Beko <symat@apache.org>
Reviewers: Enrico Olivelli <eolivelli@apache.org>
Closes #1346 from symat/ZOOKEEPER-3817
(cherry picked from commit f6b54a6cd227ac37f28803f45d7287c7fd3a8142)
Signed-off-by: Enrico Olivelli <eolivelli@apache.org>
---
owaspSuppressions.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index ae94db4..2565f0d 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -46,4 +46,9 @@
ZOOKEEPER-3677 -->
<cve>CVE-2019-17571</cve>
</suppress>
+ <suppress>
+ <!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL now, we can't
fix this unless we
+ upgrade to log4j 2. See ZOOKEEPER-3817 -->
+ <cve>CVE-2020-9488</cve>
+ </suppress>
</suppressions>
|