Unfortunately OWASP check is failing on branch-3.8 [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [ERROR] [ERROR] commons-cli-1.4.jar: CVE-2021-37533(6.5) [ERROR] commons-io-2.11.0.jar: CVE-2021-37533(6.5) [ERROR] jackson-databind-2.13.2.1.jar: CVE-2022-42003(7.5), CVE-2022-42004(7.5) [ERROR] netty-transport-4.1.76.Final.jar: CVE-2022-41915(6.5), CVE-2022-24823(5.5), CVE-2022-41881(7.5) [ERROR] [ERROR] See the dependency-check report for more details. [ERROR]
I will take a look if there are already patches to be cherry-picked. I guess it will take some time, I hoped to cut the release candidate today :-( Enrico Il giorno mar 17 gen 2023 alle ore 23:06 Chris Nauroth <cnaur...@apache.org> ha scritto: > > +1 > > Thank you for taking this up, Enrico! > > Chris Nauroth > > > On Tue, Jan 17, 2023 at 9:24 AM Enrico Olivelli <eolive...@gmail.com> wrote: > > > Hello ZooKeepers, > > We have received a few requests to cut a 3.8.1 release. > > > > I will start the release procedure by the end of this week, > > if there anything that blocks the release or that you would like to > > cherry-pick please let me know > > > > Best regards > > Enrico > >
