Mate Szalay-Beko created ZOOKEEPER-4468:
---
Summary: Backport BCFKS key/trust store format support to branch
3.5
Key: ZOOKEEPER-4468
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4468
Proje
Kezhu Wang created ZOOKEEPER-4467:
-
Summary: Missing op code (addWatch) in Request.op2String
Key: ZOOKEEPER-4467
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4467
Project: ZooKeeper
I
Kezhu Wang created ZOOKEEPER-4466:
-
Summary: Watchers of different modes interfere on overlapping
pathes
Key: ZOOKEEPER-4466
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4466
Project: ZooKeepe
On 2022/02/04 11:07:34 Enrico Olivelli wrote:
>
> Source files:
> https://people.apache.org/~eolivelli/zookeeper-3.8.0-candidate-0/
>
>
> The staging version of the website is:
> https://people.apache.org/~eolivelli/zookeeper-3.8.0-candidate-0/website/
>
Is there a reason that these are st
-1 (binding)
Let me add the exclusion and prepare a new RC.
I am cancelling this VOTE
Thanks to everyone
Enrico
Il Gio 10 Feb 2022, 17:47 Andor Molnar ha scritto:
> I agree with Pat. Though adding exclusions doesn’t make any difference in
> the quality of our code, but a build is a build. It’
I agree with Pat. Though adding exclusions doesn’t make any difference in the
quality of our code, but a build is a build. It’s either green or red (not
green). No excuse.
Andor
> On 2022. Feb 10., at 16:51, Patrick Hunt wrote:
>
> On Thu, Feb 10, 2022 at 12:22 AM Enrico Olivelli
> wrote:
On Thu, Feb 10, 2022 at 12:22 AM Enrico Olivelli
wrote:
> Patrick,
> If you prefer I can send a patch for. the exclusion of
> [ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869,
> CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137,
> CVE-2019-20445, CVE-2019-20444,
Patrick,
If you prefer I can send a patch for. the exclusion of
[ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869,
CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137,
CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409,
CVE-2021-21290
That said, this won'
Thanks Enrico for working on the release candidate!
The RC looks good to me if we are sure that the OWASP problem is a false
positive and we can skip this netty-tcnative jar check. However, these CVEs
are old... Is it possible that we just added this jar by accident with the
recent netty upgrade?