[druid] branch 0.23.0 updated: Suppress CVEs (#12590) (#12597)

Thu, 02 Jun 2022 01:08:14 -0700 

This is an automated email from the ASF dual-hosted git repository.

abhishek pushed a commit to branch 0.23.0
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/0.23.0 by this push:
     new 79949a572a Suppress CVEs (#12590) (#12597)
79949a572a is described below

commit 79949a572a3cbbc850552f1d475cc004ab9bdc6c
Author: AmatyaAvadhanula <[email protected]>
AuthorDate: Thu Jun 2 13:37:59 2022 +0530

    Suppress CVEs (#12590) (#12597)
---
 owasp-dependency-check-suppressions.xml | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/owasp-dependency-check-suppressions.xml 
b/owasp-dependency-check-suppressions.xml
index 7c58bb0a51..6017967fac 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -71,6 +71,7 @@
    ]]></notes>
     <packageUrl 
regex="true">^pkg:maven/net\.minidev/json\-smart@.*$</packageUrl>
     <cve>CVE-2021-27568</cve>
+    <cve>CVE-2021-31684</cve>
   </suppress>
 
 
@@ -340,6 +341,7 @@
      <cve>CVE-2018-11765</cve>
      <cve>CVE-2020-9492</cve>
      <cve>CVE-2022-26612</cve>
+     <cve>CVE-2018-8009</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[
@@ -528,4 +530,36 @@
     <cve>CVE-2021-44878</cve>
   </suppress>
 
+  <suppress>
+    <!-- cassandra-all-1.0.8.jar -->
+    <notes><![CDATA[
+   file name: cassandra-all-1.0.8.jar
+   ]]></notes>
+    <cve>CVE-2020-17516</cve>
+  </suppress>
+
+  <suppress>
+    <!-- jackson-dataformat-cbor-2.10.5.jar -->
+    <notes><![CDATA[
+   file name: jackson-dataformat-cbor-2.10.5.jar
+   ]]></notes>
+    <cve>CVE-2020-28491</cve>
+  </suppress>
+
+  <suppress>
+    <!-- okhttp -->
+    <notes><![CDATA[
+   file name: okhttp-*.jar
+   ]]></notes>
+    <cve>CVE-2021-0341</cve>
+  </suppress>
+
+  <suppress>
+    <!-- parquet-format-structures-1.12.0.jar -->
+    <notes><![CDATA[
+   file name: parquet-format-structures-1.12.0.jar
+   ]]></notes>
+    <cve>CVE-2021-41561</cve>
+  </suppress>
+
 </suppressions>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to