You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2022/12/09 10:25:00 UTC

[GitHub] [zookeeper] symat opened a new pull request, #1956: ZOOKEEPER-4644: update dependencies before release 3.6.4

symat opened a new pull request, #1956:
URL: https://github.com/apache/zookeeper/pull/1956

   dependency checks are failing currently on branch-3.6:
   
   ```
   mvn clean package -DskipTests dependency-check:check
   
   (...)
   
   [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper: 
   [ERROR] 
   [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': 
   [ERROR] 
   [ERROR] jackson-databind-2.13.2.1.jar: CVE-2022-42003(7.5), CVE-2022-42004(7.5)
   [ERROR] jetty-io-9.4.43.v20210629.jar: CVE-2022-2047(2.7), CVE-2022-2048(7.5)
   [ERROR] jetty-server-9.4.43.v20210629.jar: CVE-2022-2047(2.7), CVE-2022-2048(7.5)
   [ERROR] netty-transport-4.1.76.Final.jar: CVE-2022-24823(5.5)
   ```
   
   In this commit I updated several third party libraries and also updated / fixes license and notice files.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] symat closed pull request #1956: ZOOKEEPER-4644: update dependencies before release 3.6.4

Posted by GitBox <gi...@apache.org>.

symat closed pull request #1956: ZOOKEEPER-4644: update dependencies before release 3.6.4
URL: https://github.com/apache/zookeeper/pull/1956


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] chufe-dremio commented on pull request #1956: ZOOKEEPER-4644: update dependencies before release 3.6.4

Posted by GitBox <gi...@apache.org>.

chufe-dremio commented on PR #1956:
URL: https://github.com/apache/zookeeper/pull/1956#issuecomment-1385117776

   Did this merge also go to Zookeeper 3.8?
   Somehow we see the CVEs reported:  CVE-2022-42003(7.5), CVE-2022-42004(7.5)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org