You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2021/06/10 10:54:19 UTC
[GitHub] [bookkeeper] lhotari opened a new pull request #2735: [Security] Exclude grpc-okhttp dependency
lhotari opened a new pull request #2735:
URL: https://github.com/apache/bookkeeper/pull/2735
Fixes #2733
### Motivation
The okhttp dependency version 2.7.4 is old and vulnerable. This dependency isn't needed and it causes Bookkeeper to be flagged for security vulnerabilities.
### Changes
- exclude grpc-okhttp dependency which pulls in okhttp 2.7.4
- update license files
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] lhotari commented on pull request #2735: [Security] Exclude grpc-okhttp dependency
Posted by GitBox <gi...@apache.org>.
lhotari commented on pull request #2735:
URL: https://github.com/apache/bookkeeper/pull/2735#issuecomment-864138708
@sijie @merlimat Please review. This is part of the security fixes that were discussed in the Pulsar Community meeting.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [bookkeeper] sijie merged pull request #2735: [Security] Exclude grpc-okhttp dependency
Posted by GitBox <gi...@apache.org>.
sijie merged pull request #2735:
URL: https://github.com/apache/bookkeeper/pull/2735
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org