-
Notifications
You must be signed in to change notification settings - Fork 7.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 #1549
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am sorry, you have to update license files as well
@eolivelli @phunt I'm not sure where to get an up-to-date license file from. |
@anmolnar AFAIK Jetty is moving from JavaEE to JarkartaEE. Probably we have to use the "Eclipse Public License", we usually rename those files without looking at the real license of Jetty. Thanks for pointing it out, it is actually a great catch ! |
The JAR manifest says either:
And, indeed,
In case it helps: here is something I tried, which seems to work, and might facilitate future maintenance: rm -f zookeeper-server/src/main/resources/lib/jetty-*.LICENSE.txt
for i in zookeeper-server/target/lib/jetty-*.jar; do
unzip -qq -c "$i" META-INF/LICENSE \
>"zookeeper-server/src/main/resources/lib/$(basename "$i" .jar).LICENSE.txt"
done Cheers, -D |
Thanks @eolivelli & @ztzg !
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1, license files looks good to me, reading the new one it seems to me same terms apply.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great work !
it is better to pick this patch to branch-3.6 and possibly to branch-3.5 as @nkalmar is going to cut a release
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you!
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes #1549 from anmolnar/ZOOKEEPER-4017 (cherry picked from commit ef1f12f) Signed-off-by: Norbert Kalmar <nkalmar@apache.org>
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes #1549 from anmolnar/ZOOKEEPER-4017 (cherry picked from commit ef1f12f) Signed-off-by: Norbert Kalmar <nkalmar@apache.org>
Merged to master, 3.6 and 3.5 branch. |
Checked package, license files are there now:
|
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes apache#1549 from anmolnar/ZOOKEEPER-4017
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes apache#1549 from anmolnar/ZOOKEEPER-4017
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes apache#1549 from anmolnar/ZOOKEEPER-4017
Author: Andor Molnar <andor@apache.org> Reviewers: Mate Szalay-Beko <symat@apache.org>, Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@apache.org> Closes apache#1549 from anmolnar/ZOOKEEPER-4017
No description provided.