[ https://issues.apache.org/jira/browse/ZOOKEEPER-3933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681079#comment-17681079 ]
Doug Whitfield commented on ZOOKEEPER-3933: ------------------------------------------- 3.7.0 and 3.6.3 are listed as fixed versions in the history, but now the fixed versions are listed as None. I don't see a reference to ZOOKEEPER-3933 in the github repo. Is this fixed? If so, what versions? > owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712 > ----------------------------------------------------------------------- > > Key: ZOOKEEPER-3933 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3933 > Project: ZooKeeper > Issue Type: Bug > Components: security > Affects Versions: 3.7.0, 3.5.8, 3.6.2 > Reporter: Patrick D. Hunt > Priority: Blocker > > dependency-check is failing with: > json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712 -- This message was sent by Atlassian Jira (v8.20.10#820010)