Unfortunately I missed these OWASP failures on the contrib packages [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper-it: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [ERROR] [ERROR] junit-4.13.jar: CVE-2020-15250(5.5) [ERROR] junit-platform-engine-1.6.2.jar: CVE-2022-31514(9.3) [ERROR] [ERROR] See the dependency-check report for more details.
I will send other PRs Enrico Il giorno gio 19 gen 2023 alle ore 12:07 Enrico Olivelli <eolive...@gmail.com> ha scritto: > > I have opened a few PRs, > please help me review > > https://github.com/apache/zookeeper/pull/1972 > https://github.com/apache/zookeeper/pull/1971 > https://github.com/apache/zookeeper/pull/1970 > > Enrico > > Il giorno gio 19 gen 2023 alle ore 11:43 Enrico Olivelli > <eolive...@gmail.com> ha scritto: > > > > Unfortunately OWASP check is failing on branch-3.8 > > > > [ERROR] Failed to execute goal > > org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project > > zookeeper: > > [ERROR] > > [ERROR] One or more dependencies were identified with vulnerabilities > > that have a CVSS score greater than or equal to '0.0': > > [ERROR] > > [ERROR] commons-cli-1.4.jar: CVE-2021-37533(6.5) > > [ERROR] commons-io-2.11.0.jar: CVE-2021-37533(6.5) > > [ERROR] jackson-databind-2.13.2.1.jar: CVE-2022-42003(7.5), > > CVE-2022-42004(7.5) > > [ERROR] netty-transport-4.1.76.Final.jar: CVE-2022-41915(6.5), > > CVE-2022-24823(5.5), CVE-2022-41881(7.5) > > [ERROR] > > [ERROR] See the dependency-check report for more details. > > [ERROR] > > > > I will take a look if there are already patches to be cherry-picked. > > > > I guess it will take some time, I hoped to cut the release candidate today > > :-( > > > > Enrico > > > > Il giorno mar 17 gen 2023 alle ore 23:06 Chris Nauroth > > <cnaur...@apache.org> ha scritto: > > > > > > +1 > > > > > > Thank you for taking this up, Enrico! > > > > > > Chris Nauroth > > > > > > > > > On Tue, Jan 17, 2023 at 9:24 AM Enrico Olivelli <eolive...@gmail.com> > > > wrote: > > > > > > > Hello ZooKeepers, > > > > We have received a few requests to cut a 3.8.1 release. > > > > > > > > I will start the release procedure by the end of this week, > > > > if there anything that blocks the release or that you would like to > > > > cherry-pick please let me know > > > > > > > > Best regards > > > > Enrico > > > >
