Comments (7)
thanks for raising the issue. All CVEs that can be easily remedied will be done in the next few days and cut as a patch release.
Meanwhile, I'm trying to get a better understanding of current users. What configuration of zipkin do you run? Feel free to reply here or on gitter https://app.gitter.im/#/room/#openzipkin_zipkin:gitter.im
from zipkin.
Thanks for the reply.
I understand that it will be fixed soon. Looking forward to it.
I am also using the zipkin-server jar on the server where the SpringBoot application is deployed.
from zipkin.
can you verify the master build addresses this CVE and also mention how you are validating CVEs?
from zipkin.
We use a service called Snyk to verify vulnerabilities.
We detected this when verifying with Snyk against the bundled spring boot and zipkin.
We checked the contents of the zipkin jar and found that it was a CVE-unsupported version.
from zipkin.
ok thanks. are you able to test the current 2.24.4-SNAPSHOT (master) version prior to release?
from zipkin.
I saw the PR for the version update. Thanks.
I also confirmed that the version of the library contained in the jar created by building the master locally is updated.
Also, the snapshot version of the jar cleared the snyk check.
from zipkin.
thanks for the help and attention! we'll release a patch tomorrow.
from zipkin.
Related Issues (20)
- ci: helm release process is independently versioned and released vs zipkin HOT 6
- flakey test: ITActiveMQSender
- flakey test: ZipkinExtensionTest.postSpans_disconnectDuringBody HOT 2
- ServerIntegratedBenchmark no longer runs
- Add a way to install zipkin through homebrew on macos HOT 10
- Docker container ends up with defunkt wget processes HOT 14
- flakey test: ITElasticsearchStorage$ITDependenciesHeavy.manyLinks
- java 21 java -jar zipkin.jar HOT 7
- Unable to register to an authenticated eureka server HOT 19
- flakey test: ITZipkinEureka HOT 2
- Support for a single global index HOT 16
- ES_HTTP_LOGGING appears broken HOT 4
- move off react-scripts HOT 1
- lens: i18n doesn't work anymore HOT 4
- lens: UiConfigTest "provides config when resolved" no longer runs
- lens: migrate off Netflix/vizceral
- Possbility to override the default namin strategy of span names. HOT 1
- spring boot admin support HOT 5
- ZIPKIN_UI_BASEPATH doesn't seem to work with 3.1.0 HOT 25
- Spring version mismatch between master and latest ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zipkin.