[
https://issues.apache.org/jira/browse/CASSANDRA-19146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17798506#comment-17798506
]
Jacek Lewandowski commented on CASSANDRA-19146:
-----------------------------------------------
I guess it was due to simple oversights. Nobody ran OWASP checks locally I
suppose and OWASP plugin does not fail with redundant suppression. I think it
should be up to the reviewer to verify that with every library change (which
does not happen very often). We can also open a ticket or even contribute a
flag for the OWASP plugin to fail on that, a separate story though.
> Upgrade owasp to 9.0.x
> ----------------------
>
> Key: CASSANDRA-19146
> URL: https://issues.apache.org/jira/browse/CASSANDRA-19146
> Project: Cassandra
> Issue Type: Bug
> Components: Build
> Reporter: Brandon Williams
> Assignee: Jacek Lewandowski
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0-rc, 5.x
>
>
> From https://github.com/jeremylong/DependencyCheck :
> {quote}
> Upgrading to 9.0.0 or later is mandatory; previous versions of
> dependency-check utilize the NVD data feeds which will be deprecated on Dec
> 15th, 2023.
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
