Remove slf4j-ext due to CVE-2018-8088

[asfimport]

jawadhoot (Bug 63090):
i am using jmeter to load test application.
my organization did a jfrog xray scan on docker image i build to test and it reported 21 critical securities issues with libaries used inside jmeter

following issues are reported

xercesImpl-2.11.0.jar
commons-collections-3.2.2.jar
geronimo-jms_1.1_spec-1.1.1.jar
slf4j-ext-1.7.25.jar -> 18

Created attachment issues.txt: issues reported by jfrog xray

Severity: normal
OS: All

Duplicates:

• Please update dependency of slf4j (CVE-2018-8088) #5011

[asfimport]

@pmouawad (migrated from Bugzilla):
(In reply to jawadhoot from comment 0)

Created attachment 36379 [details]
issues reported by jfrog xray

i am using jmeter to load test application.
my organization did a jfrog xray scan on docker image i build to test and it
reported 21 critical securities issues with libaries used inside jmeter

following issues are reported

xercesImpl-2.11.0.jar
Upgraded already in nightly build, will be in 5.1
commons-collections-3.2.2.jar
What is the security issue ?
We are not aware of security issues

geronimo-jms_1.1_spec-1.1.1.jar

This is the jar of JMS specification not geronimo version.
What is the CVE concerned

slf4j-ext-1.7.25.jar -> 18

What is the CVE ?
We are not aware of security issue neither

[asfimport]

jawadhoot (migrated from Bugzilla):
for other jars we are raising issues with jfrog xray

> slf4j-ext-1.7.25.jar

What is the CVE ?
We are not aware of security issue neither

CVE-2018-8088

[asfimport]

@pmouawad (migrated from Bugzilla):
Author: pmouawad
Date: Fri Jan 25 18:03:56 2019
New Revision: 1852156

URL: http://svn.apache.org/viewvc?rev=1852156&view=rev
Log:
#4979 - Remove slf4j-ext due to CVE-2018-8088
#4979

Modified:
jmeter/trunk/LICENSE
jmeter/trunk/build.properties
jmeter/trunk/build.xml
jmeter/trunk/eclipse.classpath
jmeter/trunk/lib/ (props changed)
jmeter/trunk/lib/aareadme.txt
jmeter/trunk/res/maven/ApacheJMeter_parent.pom
jmeter/trunk/xdocs/changes.xml