What's the status of this VOTE ? Enrico
Il giorno mar 8 dic 2020 alle ore 21:28 Damien Diederen < [email protected]> ha scritto: > > Hi Andor, > > > Is this not the same Jar that I’ve upgraded recently, because of a CVE? > > It is. You updated it for CVE-2020-27216, and this is now for > CVE-2020-27218! > > Cheers, -D > > > > > >> On 2020. Dec 5., at 22:03, Patrick Hunt <[email protected]> wrote: > >> > >> Thanks Damien! I reviewed and it looks good except for one small > comment I > >> hope we can also address (commented on PR). > >> > >> Regards, > >> > >> Patrick > >> > >> On Sat, Dec 5, 2020 at 12:05 PM Damien Diederen < > [email protected]> > >> wrote: > >> > >>> > >>> Hi Patrick, all, > >>> > >>>> -1 - the dependency check is failing with a known CVE > >>>> > >>>> $ mvn clean package -DskipTests dependency-check:check > >>>> ... > >>>> [ERROR] One or more dependencies were identified with vulnerabilities > >>> that > >>>> have a CVSS score greater than or equal to '0.0': > >>>> [ERROR] > >>>> [ERROR] jetty-server-9.4.34.v20201102.jar: CVE-2020-27218 > >>>> [ERROR] jetty-http-9.4.34.v20201102.jar: CVE-2020-27218 > >>> > >>> For the (mailing list) record, I have created: > >>> > >>> https://issues.apache.org/jira/browse/ZOOKEEPER-4023 > >>> https://github.com/apache/zookeeper/pull/1552 > >>> > >>> Best, -D > >>> >
