[ZOOKEEPER-4510] dependency-check:check failing - reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.5.10, 3.7.1, 3.6.4, 3.8.1
Component/s: None
Labels:
- pull-request-available

Description

On branch-3.7 "mvn clean package -DskipTests dependency-check:check" is failing with following errors.

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.3:check (default-cli) on project zookeeper-assembly:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] reload4j-1.2.19.jar: CVE-2020-9493, CVE-2022-23307

Attachments

Issue Links

links to

GitHub Pull Request #1860

GitHub Pull Request #1872

Activity

People

Assignee:: Mohammad Arshad

Reporter:: Mohammad Arshad

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Apr/22 10:59

Updated:: 30/Jan/23 07:57

Resolved:: 05/May/22 06:28

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1.5h