This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
new a1421ec324 Suppress CVE-2023-6378
a1421ec324 is described below
commit a1421ec324e4bf8ab46df2a72af298f9286e0d59
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Fri Dec 1 08:43:51 2023 -0600
Suppress CVE-2023-6378
Patch by brandonwilliams, reviewed by smiklosovic for CASSANDRA-19142
---
.build/dependency-check-suppressions.xml | 9 +++++++++
CHANGES.txt | 1 +
2 files changed, 10 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml
b/.build/dependency-check-suppressions.xml
index 1d9fba6218..04a74bb4b2 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -107,4 +107,13 @@
<cve>CVE-2019-17267</cve>
</suppress>
+ <!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 -->
+ <suppress>
+ <packageUrl
regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
+ <cve>CVE-2023-6378</cve>
+ </suppress>
+ <suppress>
+ <packageUrl
regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
+ <cve>CVE-2023-6378</cve>
+ </suppress>
</suppressions>
diff --git a/CHANGES.txt b/CHANGES.txt
index 10c771ae2d..b53bc55d26 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.30
+ * Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail
counter updates for deployments with coordinator and storage nodes with
transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip
(CASSANDRA-18935)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
