eolivelli removed a comment on issue #806: ZOOKEEPER-3262: Update dependencies flagged by OWASP report URL: https://github.com/apache/zookeeper/pull/806#issuecomment-461075314 Please note that OWASP will still fail due to bouncycastle ``` ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0': [ERROR] [ERROR] bcprov-jdk15on-1.56.jar: CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613 [ERROR] [ERROR] See the dependency-check report for more details. ``` Please also note that on Maven pom.xml we have Jackson and Jetty which are not needed on 3.4 and OWASP reports errors. I can also drop from this patch the suppression for Netty 4, which is not needed on 3.4.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
