You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Christopher Tubbs (Jira)" <ji...@apache.org> on 2021/03/28 13:40:00 UTC
[jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j
1.7.25 has security vulnerability CVE-2018-8088
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17310207#comment-17310207 ]
Christopher Tubbs commented on ZOOKEEPER-4264:
----------------------------------------------
This is a false positive. According to the upstream ticket, this only affects slf4j-ext EventData, which ZooKeeper doesn't use.
> Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
> ------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4264
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4264
> Project: ZooKeeper
> Issue Type: Improvement
> Reporter: Sai Kiran Vudutala
> Priority: Major
> Attachments: image-2021-03-27-18-19-31-497.png
>
>
> Apache zookeeper 3.6.2 shows security vulnerabilities CVE-2018-8088 for package slf4j 1.7.25 after black duck scanner analysis
> !image-2021-03-27-18-19-31-497.png|width=648,height=336!
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)