You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by Patrick Hunt <ph...@apache.org> on 2017/09/16 21:51:42 UTC

Keeping on top of ZK dependencies.

Abe Fine recently submitted a patch to look for known security issues
(CVEs) in third party dependencies:
https://issues.apache.org/jira/browse/ZOOKEEPER-2875

This is a very useful tool - thanks Abe!

It was committed to trunk and I recently cherrypicked it onto 3.4 and 3.5
code lines.

I ran the check on all open branches (trunk/3.4/3.5) and it's mostly clean,
although there is a recent issue identified in Jetty that we should take
care of (3.5+ only) - that said the severity for us seems low (not sure if
we expose that functionality).

Patrick