This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/2.x by this push:
new b4986fe109 Add vulnerabilities to ignored list
b4986fe109 is described below
commit b4986fe109d2a37d99b7b167bf50a460c0510c1e
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Sat Nov 11 18:24:35 2023 +0100
Add vulnerabilities to ignored list
---
log4j-parent/osv-scanner.toml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/log4j-parent/osv-scanner.toml b/log4j-parent/osv-scanner.toml
index 34c9f349a8..d19b49590d 100644
--- a/log4j-parent/osv-scanner.toml
+++ b/log4j-parent/osv-scanner.toml
@@ -32,3 +32,9 @@ reason = "log4j:log4j is a test dependency used in
performance comparisons"
[[IgnoredVulns]]
id = "GHSA-59j4-wjwp-mw9m"
reason = "Velocity templates are only used at build time and modifiable by
committers."
+[[IgnoredVulns]]
+id = "GHSA-m9p2-j4hg-g373"
+reason = "The CVE doesn't even mention Cassandra 3.x."
+[[IgnoredVulns]]
+id = "GHSA-w77p-8cfg-2x43"
+reason = "Risk is tolerable for the project. Users need to use functionality
explicitly."
