This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
new de7b1584f8 Suppress CVE-2023-35116
de7b1584f8 is described below
commit de7b1584f888eb6acc7d10602e302475169472bb
Author: Brandon Williams <[email protected]>
AuthorDate: Tue Jun 27 13:44:42 2023 -0500
Suppress CVE-2023-35116
Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18630
---
.build/dependency-check-suppressions.xml | 6 ++++++
CHANGES.txt | 1 +
2 files changed, 7 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml
b/.build/dependency-check-suppressions.xml
index 08bf3f7236..d59b76b873 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -133,4 +133,10 @@
<cve>CVE-2019-16335</cve>
<cve>CVE-2019-17267</cve>
</suppress>
+ <!-- https://issues.apache.org/jira/browse/CASSANDRA-18630 -->
+ <suppress>
+ <packageUrl
regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+ <cve>CVE-2023-35116</cve>
+ </suppress>
+
</suppressions>
diff --git a/CHANGES.txt b/CHANGES.txt
index fd862d225b..5a1a609b06 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.30
+ * Suppress CVE-2023-35116 (CASSANDRA-18630)
* Pass taskId from CompactionTask to system.compaction_history
(CASSANDRA-12183)
* Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 (CASSANDRA-18608)
* Backport CASSANDRA-10508: Remove hard-coded SSL cipher suites
(CASSANDRA-18575)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
