You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by ph...@apache.org on 2020/01/18 19:06:15 UTC
[zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker
failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted
data in SocketServer
This is an automated email from the ASF dual-hosted git repository.
phunt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 3bd6b19 ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
3bd6b19 is described below
commit 3bd6b1950eea1fabeac4bc477c8828939d008a4a
Author: Enrico Olivelli <eo...@apache.org>
AuthorDate: Sat Jan 18 11:06:01 2020 -0800
ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Suppress error for CVE-2019-17571 as it does not affect us.
We are not running the log4j server.
Author: Enrico Olivelli <eo...@apache.org>
Reviewers: phunt@apache.org
Closes #1209 from eolivelli/fix/ZOOKEEPER-3677-owasp-log4j
Change-Id: I0ef24a7b142cd32ccf4f5c18f9e0c0132a413d6c
---
owaspSuppressions.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 5c4bc33..ae94db4 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -41,4 +41,9 @@
this writing -->
<cve>CVE-2019-3826</cve>
</suppress>
+ <suppress>
+ <!-- false positive for us, it is about log4j server in log4j-1.2.17.jar
+ ZOOKEEPER-3677 -->
+ <cve>CVE-2019-17571</cve>
+ </suppress>
</suppressions>