Created attachment 36379 [details] issues reported by jfrog xray i am using jmeter to load test application. my organization did a jfrog xray scan on docker image i build to test and it reported 21 critical securities issues with libaries used inside jmeter following issues are reported xercesImpl-2.11.0.jar commons-collections-3.2.2.jar geronimo-jms_1.1_spec-1.1.1.jar slf4j-ext-1.7.25.jar -> 18
(In reply to jawadhoot from comment #0) > Created attachment 36379 [details] > issues reported by jfrog xray > > i am using jmeter to load test application. > my organization did a jfrog xray scan on docker image i build to test and it > reported 21 critical securities issues with libaries used inside jmeter > > following issues are reported > > xercesImpl-2.11.0.jar Upgraded already in nightly build, will be in 5.1 > commons-collections-3.2.2.jar What is the security issue ? We are not aware of security issues > geronimo-jms_1.1_spec-1.1.1.jar This is the jar of JMS specification not geronimo version. What is the CVE concerned > slf4j-ext-1.7.25.jar -> 18 What is the CVE ? We are not aware of security issue neither
for other jars we are raising issues with jfrog xray >> slf4j-ext-1.7.25.jar >What is the CVE ? >We are not aware of security issue neither CVE-2018-8088
Author: pmouawad Date: Fri Jan 25 18:03:56 2019 New Revision: 1852156 URL: http://svn.apache.org/viewvc?rev=1852156&view=rev Log: Bug 63090 - Remove slf4j-ext due to CVE-2018-8088 Bugzilla Id: 63090 Modified: jmeter/trunk/LICENSE jmeter/trunk/build.properties jmeter/trunk/build.xml jmeter/trunk/eclipse.classpath jmeter/trunk/lib/ (props changed) jmeter/trunk/lib/aareadme.txt jmeter/trunk/res/maven/ApacheJMeter_parent.pom jmeter/trunk/xdocs/changes.xml
*** Bug 63175 has been marked as a duplicate of this bug. ***
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4979