This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 6d85ba4c00 Suppress CVEs (#12553)
6d85ba4c00 is described below
commit 6d85ba4c00411b5333507e75daab1cd9b53dc505
Author: AmatyaAvadhanula <[email protected]>
AuthorDate: Mon May 23 12:35:23 2022 +0530
Suppress CVEs (#12553)
---
owasp-dependency-check-suppressions.xml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index 05e4517831..174eee15fa 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -253,6 +253,7 @@
]]></notes>
<packageUrl
regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
<cve>CVE-2020-7692</cve>
+ <cve>CVE-2021-22573</cve>
</suppress>
<suppress>
<!--
@@ -286,6 +287,11 @@
]]></notes>
<packageUrl regex="true">^pkg:maven/log4j/[email protected]$</packageUrl>
<cve>CVE-2019-17571</cve>
+ <cve>CVE-2021-4104</cve>
+ <cve>CVE-2020-9493</cve>
+ <cve>CVE-2022-23307</cve>
+ <cve>CVE-2022-23305</cve>
+ <cve>CVE-2022-23302</cve>
</suppress>
<suppress>
<!--
@@ -513,4 +519,12 @@
<cve>CVE-2022-24735</cve>
</suppress>
+ <suppress>
+ <!-- pac4j-core-3.8.3 -->
+ <notes><![CDATA[
+ file name: pac4j-core-3.8.3.jar
+ ]]></notes>
+ <cve>CVE-2021-44878</cve>
+ </suppress>
+
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
