This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 89fcabe OWASP false positives
89fcabe is described below
commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
Author: Kevin Risden <[email protected]>
AuthorDate: Thu Dec 20 22:21:59 2018 -0500
OWASP false positives
Signed-off-by: Kevin Risden <[email protected]>
---
.../resources/build-tools/dependency-check/suppressions.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git
a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
index ed557c9..5074ddd 100644
---
a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
+++
b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
@@ -32,6 +32,12 @@ limitations under the License.
<cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
</suppress>
<suppress>
+ <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
+ <gav regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
+ <cpe>cpe:/a:apache:apache_http_server</cpe>
+ <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: gateway-.*.jar]]></notes>
<gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
<cpe>cpe:/a:apache:ambari</cpe>
@@ -94,6 +100,11 @@ limitations under the License.
<cpe>cpe:/a:openid:openid</cpe>
</suppress>
<suppress>
+ <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
+ <gav regex="true">^org\.slf4j:.*$</gav>
+ <cve>CVE-2018-8088</cve>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: xz-.*.jar]]></notes>
<gav regex="true">^org\.tukaani:xz:.*$</gav>
<cve>CVE-2015-4035</cve>
