This is an automated email from the ASF dual-hosted git repository.
cwylie pushed a commit to branch 26.0.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/26.0.0 by this push:
new 627e64d28f suppress CVE-2021-40331 since it applies to
ranger-hive-plugin which afaict we do not use (#14264)
627e64d28f is described below
commit 627e64d28fd17ea7db7ab9a2c2042664d510f1b0
Author: Clint Wylie <[email protected]>
AuthorDate: Thu May 11 21:45:23 2023 -0700
suppress CVE-2021-40331 since it applies to ranger-hive-plugin which afaict
we do not use (#14264)
---
owasp-dependency-check-suppressions.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index eaca7ad3e9..67091da03b 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -825,4 +825,12 @@
<!-- this one seems to apply to backend server -
https://nvd.nist.gov/vuln/detail/CVE-2023-25613 -->
<cve>CVE-2023-25613</cve>
</suppress>
+ <suppress>g
+ <notes><![CDATA[
+ file name: ranger-plugins-*-2.0.0.jar
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.ranger/ranger\-plugins\-.*@2.0.0$</packageUrl>
+ <!-- applies to ranger-hive-plugin which afaict we do not use
https://nvd.nist.gov/vuln/detail/CVE-2021-40331 -->
+ <cve>CVE-2021-40331</cve>
+ </suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
