[druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)

Fri, 07 May 2021 01:22:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

cwylie pushed a commit to branch 0.21.1
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/0.21.1 by this push:
     new db67938  Suppressing false positive CVE-2020-7791 (#11215) (#11217)
db67938 is described below

commit db679380a0ef14160e5bfcb335eff74b4e7b99ae
Author: Clint Wylie <cwy...@apache.org>
AuthorDate: Fri May 7 01:22:20 2021 -0700

    Suppressing false positive CVE-2020-7791 (#11215) (#11217)
    
    * suppressing false positive CVE-2020-7791
    
    * add comments
    
    Co-authored-by: Maytas Monsereenusorn <mayt...@apache.org>
---
 owasp-dependency-check-suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/owasp-dependency-check-suppressions.xml 
b/owasp-dependency-check-suppressions.xml
index 30147fb..5326442 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -158,6 +158,14 @@
     <cve>CVE-2019-17195</cve>
   </suppress>
   <suppress>
+    <!-- This CVE is a false positive. The CVE is not for apacheds-i18n -->
+    <notes><![CDATA[
+   file name: apacheds-i18n-2.0.0-M15.jar
+   ]]></notes>
+    <packageUrl 
regex="true">^pkg:maven/org\.apache\.directory\.server/apacheds\-i18n@.*$</packageUrl>
+    <cve>CVE-2020-7791</cve>
+  </suppress>
+  <suppress>
       <!-- TODO: Fix by using com.datastax.oss:java-driver-core instead of 
com.netflix.astyanax:astyanax in extensions-contrib/cassandra-storage -->
       <notes><![CDATA[
    file name: libthrift-0.6.1.jar

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org

Reply via email to