You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by GitBox <gi...@apache.org> on 2019/02/06 21:36:39 UTC
[GitHub] eolivelli removed a comment on issue #806: ZOOKEEPER-3262: Update
dependencies flagged by OWASP report
eolivelli removed a comment on issue #806: ZOOKEEPER-3262: Update dependencies flagged by OWASP report
URL: https://github.com/apache/zookeeper/pull/806#issuecomment-461075314
Please note that OWASP will still fail due to bouncycastle
```
ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0':
[ERROR]
[ERROR] bcprov-jdk15on-1.56.jar: CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613
[ERROR]
[ERROR] See the dependency-check report for more details.
```
Please also note that on Maven pom.xml we have Jackson and Jetty which are not needed on 3.4 and OWASP reports errors.
I can also drop from this patch the suppression for Netty 4, which is not needed on 3.4.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services