This is an automated email from the ASF dual-hosted git repository. penghui pushed a commit to branch branch-2.10 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d3af1aebf8872858dc5cd3ba5535cb35c9b6dddf Author: Zixuan Liu <[email protected]> AuthorDate: Tue Mar 8 15:50:58 2022 +0800 [OWASP] Update mariadb-jdbc dependency and add suppression rule (#14593) Signed-off-by: Zixuan Liu <[email protected]> (cherry picked from commit 3c5698ac11d91e11aed5bf356e239218acf8313d) --- pom.xml | 2 +- src/owasp-dependency-check-suppressions.xml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f7e1348..3d3bfab 100644 --- a/pom.xml +++ b/pom.xml @@ -152,7 +152,7 @@ flexible messaging model and an intuitive client API.</description> <mysql-jdbc.version>8.0.11</mysql-jdbc.version> <postgresql-jdbc.version>42.2.25</postgresql-jdbc.version> <clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version> - <mariadb-jdbc.version>2.6.0</mariadb-jdbc.version> + <mariadb-jdbc.version>2.7.5</mariadb-jdbc.version> <hdfs-offload-version3>3.3.1</hdfs-offload-version3> <json-smart.version>2.4.7</json-smart.version> <opensearch.version>1.2.4</opensearch.version> diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml index 89cc001..08edea5 100644 --- a/src/owasp-dependency-check-suppressions.xml +++ b/src/owasp-dependency-check-suppressions.xml @@ -444,5 +444,15 @@ <cve>CVE-2019-10174</cve> <cve>CVE-2020-25711</cve> </suppress> + <suppress> + <notes><![CDATA[ + file name: mariadb-java-client-2.7.5.jar + ]]></notes> + <sha1>9dd29797ecabe7d2e7fa892ec6713a5552cfcc59</sha1> + <cve>CVE-2020-28912</cve> + <cve>CVE-2021-46669</cve> + <cve>CVE-2021-46666</cve> + <cve>CVE-2021-46667</cve> + </suppress> </suppressions>
