This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch 0.23.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.23.0 by this push:
new 9c3fd8fc7c Suppress CVEs (#12553) (#12560)
9c3fd8fc7c is described below
commit 9c3fd8fc7c1ddd204e2723b1808caf49c7e9d2f9
Author: Abhishek Agarwal <[email protected]>
AuthorDate: Mon May 23 16:12:16 2022 +0530
Suppress CVEs (#12553) (#12560)
Co-authored-by: AmatyaAvadhanula
<[email protected]>
---
owasp-dependency-check-suppressions.xml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index 05e4517831..174eee15fa 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -253,6 +253,7 @@
]]></notes>
<packageUrl
regex="true">^pkg:maven/com\.google\.oauth-client/google\-oauth\-client@.*$</packageUrl>
<cve>CVE-2020-7692</cve>
+ <cve>CVE-2021-22573</cve>
</suppress>
<suppress>
<!--
@@ -286,6 +287,11 @@
]]></notes>
<packageUrl regex="true">^pkg:maven/log4j/[email protected]$</packageUrl>
<cve>CVE-2019-17571</cve>
+ <cve>CVE-2021-4104</cve>
+ <cve>CVE-2020-9493</cve>
+ <cve>CVE-2022-23307</cve>
+ <cve>CVE-2022-23305</cve>
+ <cve>CVE-2022-23302</cve>
</suppress>
<suppress>
<!--
@@ -513,4 +519,12 @@
<cve>CVE-2022-24735</cve>
</suppress>
+ <suppress>
+ <!-- pac4j-core-3.8.3 -->
+ <notes><![CDATA[
+ file name: pac4j-core-3.8.3.jar
+ ]]></notes>
+ <cve>CVE-2021-44878</cve>
+ </suppress>
+
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
