-1 - the dependency check is failing with a known CVE $ mvn clean package -DskipTests dependency-check:check ... [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [ERROR] [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 [ERROR]
Patrick On Tue, Dec 1, 2020 at 8:58 AM Norbert Kalmar <[email protected]> wrote: > This is a bugfix release candidate for 3.5.9. It contains 24 fixes, > including 2 CVE fix. > > The full release notes is available at: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12348201 > > *** Please download, test and vote by December 4th 2020, 23:59 UTC+0. *** > > Source files: > https://people.apache.org/~nkalmar/zookeeper-3.5.9-candidate-0/ > > Maven staging repo: > > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.5.9/ > > The release candidate tag in git to be voted upon: release-3.5.9-rc0 > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > https://www.apache.org/dist/zookeeper/KEYS > > Should we release this candidate? > > - Norbert >
