Is this not the same Jar that I’ve upgraded recently, because of a CVE? Andor
> On 2020. Dec 5., at 22:03, Patrick Hunt <ph...@apache.org> wrote: > > Thanks Damien! I reviewed and it looks good except for one small comment I > hope we can also address (commented on PR). > > Regards, > > Patrick > > On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen <ddiede...@sinenomine.net> > wrote: > >> >> Hi Patrick, all, >> >>> -1 - the dependency check is failing with a known CVE >>> >>> $ mvn clean package -DskipTests dependency-check:check >>> ... >>> [ERROR] One or more dependencies were identified with vulnerabilities >> that >>> have a CVSS score greater than or equal to '0.0': >>> [ERROR] >>> [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 >>> [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 >> >> For the (mailing list) record, I have created: >> >> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 >> https://github.com/apache/zookeeper/pull/1552 >> >> Best, -D >>
