You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by Patrick Hunt <ph...@apache.org> on 2023/11/15 17:04:34 UTC

FYI: ZK owasp checks failing

FYI all of the current codelines are failing owasp check with the
following. We should try to get it into the next release...
https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-multi-branch-owasp/

16:51:13  [ERROR] jetty-io-9.4.52.v20230823.jar: CVE-2023-44487(7.5),
CVE-2023-36478(7.5)
16:51:13  [ERROR] jetty-server-9.4.52.v20230823.jar: CVE-2023-44487(7.5),
CVE-2023-36478(7.5)
16:51:13  [ERROR] netty-transport-4.1.94.Final.jar: CVE-2023-44487(7.5)

It's been reported in JIRA, tracked here:

https://issues.apache.org/jira/browse/ZOOKEEPER-4759

Regards,

Patrick