Re: owasp job just started flagging slf4j

2018-12-22 Thread Patrick Hunt
lgtm, minor nit and then we're good to go imo. Thanks, Patrick On Sat, Dec 22, 2018 at 6:31 AM Enrico Olivelli wrote: > Patch updated with a better approach > > Enrico > > Il ven 21 dic 2018, 00:29 Patrick Hunt ha scritto: > > > Thanks Enrico, I commented on the PR, lmk if that doesn't make s

Re: owasp job just started flagging slf4j

2018-12-22 Thread Enrico Olivelli
Patch updated with a better approach Enrico Il ven 21 dic 2018, 00:29 Patrick Hunt ha scritto: > Thanks Enrico, I commented on the PR, lmk if that doesn't make sense. > > Patrick > > On Mon, Dec 17, 2018 at 8:34 AM Enrico Olivelli > wrote: > > > Here it is > > https://github.com/apache/zookeep

Re: owasp job just started flagging slf4j

2018-12-20 Thread Patrick Hunt
Thanks Enrico, I commented on the PR, lmk if that doesn't make sense. Patrick On Mon, Dec 17, 2018 at 8:34 AM Enrico Olivelli wrote: > Here it is > https://github.com/apache/zookeeper/pull/736 > > I have disable all jars for slf4j, I can narrow the patch down to the > single file. I don't know

Re: owasp job just started flagging slf4j

2018-12-17 Thread Enrico Olivelli
Here it is https://github.com/apache/zookeeper/pull/736 I have disable all jars for slf4j, I can narrow the patch down to the single file. I don't know how it is worth Enrico Il giorno lun 17 dic 2018 alle ore 07:02 Enrico Olivelli ha scritto: > > Sure > > Enrico > > Il lun 17 dic 2018, 02:43 P

Re: owasp job just started flagging slf4j

2018-12-16 Thread Enrico Olivelli
Sure Enrico Il lun 17 dic 2018, 02:43 Patrick Hunt ha scritto: > Sounds reasonable Enrico. Do you want to submit a PR against ZOOKEEPER-3217 > and I'll > review/commit it? We can revert the patch as part of finally resolving that > issue. >

Re: owasp job just started flagging slf4j

2018-12-16 Thread Patrick Hunt
Sounds reasonable Enrico. Do you want to submit a PR against ZOOKEEPER-3217 and I'll review/commit it? We can revert the patch as part of finally resolving that issue. Patrick On Sat, Dec 15, 2018 at 2:39 PM Enrico Olivelli wrote: > Can we

Re: owasp job just started flagging slf4j

2018-12-15 Thread Enrico Olivelli
Can we whitelist that jar in the meantime? Enrico Il sab 15 dic 2018, 01:28 Patrick Hunt ha scritto: > > https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html > > https://nvd.nist.gov/vuln/detail/CVE-2018-80

owasp job just started flagging slf4j

2018-12-14 Thread Patrick Hunt
https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk-owasp/204/artifact/build/test/owasp/dependency-check-vulnerability.html https://nvd.nist.gov/vuln/detail/CVE-2018-8088 We don't use EventData but should consider upgrading. https://issues.apache.org/jira/browse/ZOOKEEPER-3217