[
https://issues.apache.org/jira/browse/CASSANDRA-21159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18058982#comment-18058982
]
Stefan Miklosovic commented on CASSANDRA-21159:
-----------------------------------------------
for Lucene, it was supressed here
https://issues.apache.org/jira/browse/CASSANDRA-20024
But I am not sure why it stopped to be reported. My theory is that we either
updated the checker which evaluates it differently or CVE database was updated
on that CVE and it started to point to another artifact or something like that.
Anyway ...
Logback was updated in CASSANDRA-20429 and recently in CASSANDRA-21137
> Clean up dependency-check-suppressions.xml in 5.0 and trunk, suppress
> CVE-2025-67735
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-21159
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21159
> Project: Apache Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> We have more suppressions than needed there. By recent bumping of logback
> version etc. some sections are not necessary anymore and it simplifies the
> content of that file considerably.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
