[
https://issues.apache.org/jira/browse/CASSANDRA-17697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556952#comment-17556952
]
Brandon Williams commented on CASSANDRA-17697:
----------------------------------------------
The two failing tests are CASSANDRA-17701 and CASSANDRA-17702, both have been
failing for some time now.
bq. Would we want to add an explanation comment to the ignored CVE's?
There are comments in the file that basically say these aren't applicable.
Every suppression can be blamed to find a jira though, which is probably the
best route to take for more detail so I don't think there's much to add in the
suppression file.
> netty-all 4.0.44 is affected by CVE-2020-7238
> ---------------------------------------------
>
> Key: CASSANDRA-17697
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17697
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.0.x, 3.11.x
>
>
> {noformat}
> Dependency-Check Failure:
> One or more dependencies were identified with vulnerabilities that have a
> CVSS score greater than or equal to '1.0':
> netty-all-4.0.44.Final.jar: CVE-2020-7238
> {noformat}
> Similar to CASSANDRA-17633, the HTTP request smuggling vulnerabilities
> continue.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
