This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a commit to branch 0.18.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.18.0 by this push:
new 7f2bce4 Suppress CVEs for jackson-mapper-asl:1.9.13 (#9604) (#9613)
7f2bce4 is described below
commit 7f2bce416ea7cd08ed7dcfb26e6c206deaf1147e
Author: Chi Cao Minh <[email protected]>
AuthorDate: Fri Apr 3 14:42:44 2020 -0700
Suppress CVEs for jackson-mapper-asl:1.9.13 (#9604) (#9613)
The jackson-mapper-asl:1.9.13 CVEs via curator-x-discovery are all
suppressed for now as fixing them requires updating the curator version.
---
owasp-dependency-check-suppressions.xml | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index ebeb371..a6433a1 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -122,17 +122,8 @@
<notes><![CDATA[
file name: jackson-mapper-asl-1.9.13.jar
]]></notes>
- <packageUrl
regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
- <cve>CVE-2017-7525</cve>
- <cve>CVE-2017-15095</cve>
- <cve>CVE-2017-17485</cve>
- <cve>CVE-2018-5968</cve>
- <cve>CVE-2018-7489</cve>
- <cve>CVE-2018-14718</cve>
- <cve>CVE-2019-10172</cve>
- <cve>CVE-2019-14540</cve>
- <cve>CVE-2019-16335</cve>
- <cve>CVE-2019-17267</cve>
+ <packageUrl
regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\[email protected]$</packageUrl>
+ <cvssBelow>10</cvssBelow> <!-- suppress all CVEs for
jackson-mapper-asl:1.9.13 ince it is via curator-x-discovery -->
</suppress>
<suppress>
<!-- TODO: Fix by updating
org.apache.druid.java.util.http.client.NettyHttpClient to use netty 4 -->
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
