lgtm, minor nit and then we're good to go imo. Thanks,
Patrick On Sat, Dec 22, 2018 at 6:31 AM Enrico Olivelli <[email protected]> wrote: > Patch updated with a better approach > > Enrico > > Il ven 21 dic 2018, 00:29 Patrick Hunt <[email protected]> ha scritto: > > > Thanks Enrico, I commented on the PR, lmk if that doesn't make sense. > > > > Patrick > > > > On Mon, Dec 17, 2018 at 8:34 AM Enrico Olivelli <[email protected]> > > wrote: > > > > > Here it is > > > https://github.com/apache/zookeeper/pull/736 > > > > > > I have disable all jars for slf4j, I can narrow the patch down to the > > > single file. I don't know how it is worth > > > > > > Enrico > > > > > > Il giorno lun 17 dic 2018 alle ore 07:02 Enrico Olivelli > > > <[email protected]> ha scritto: > > > > > > > > Sure > > > > > > > > Enrico > > > > > > > > Il lun 17 dic 2018, 02:43 Patrick Hunt <[email protected]> ha > scritto: > > > >> > > > >> Sounds reasonable Enrico. Do you want to submit a PR against > > > ZOOKEEPER-3217 > > > >> <https://issues.apache.org/jira/browse/ZOOKEEPER-3217> and I'll > > > >> review/commit it? We can revert the patch as part of finally > resolving > > > that > > > >> issue. > > > >> > > > >> Patrick > > > >> > > > >> On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli < > [email protected]> > > > wrote: > > > >> > > > >> > Can we whitelist that jar in the meantime? > > > >> > > > > >> > Enrico > > > >> > > > > >> > Il sab 15 dic 2018, 01:28 Patrick Hunt <[email protected]> ha > > scritto: > > > >> > > > > >> > > > > > >> > > > > > >> > > > > > > > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html > > > >> > > > > > >> > > https://nvd.nist.gov/vuln/detail/CVE-2018-8088 > > > >> > > > > > >> > > We don't use EventData but should consider upgrading. > > > >> > > > > > >> > > https://issues.apache.org/jira/browse/ZOOKEEPER-3217 > > > >> > > > > > >> > > Patrick > > > >> > > > > > >> > -- > > > >> > > > > >> > > > > >> > -- Enrico Olivelli > > > >> > > > > > > > > > -- > > > > > > > > > > > > -- Enrico Olivelli > > > > > > -- > > > -- Enrico Olivelli >
