This is an automated email from the ASF dual-hosted git repository. nicoloboschi pushed a commit to branch branch-2.10 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8263a110f3ab01fdea170ac04b478c80447feadf Author: Nicolò Boschi <[email protected]> AuthorDate: Fri Apr 22 16:53:31 2022 +0200 [owasp] Suppress MariaDB false positives (#15243) * [owasp] Suppress MariaDB false positives * group suppressions (cherry picked from commit 22c0d94c67345a0011f618c2c8faeeda1a1b0418) --- src/owasp-dependency-check-false-positives.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml index 191f9d6b02f..cd5de474562 100644 --- a/src/owasp-dependency-check-false-positives.xml +++ b/src/owasp-dependency-check-false-positives.xml @@ -68,4 +68,24 @@ <sha1>69c1edfa7d89531af511fcd07e8516fa450f746a</sha1> <cve>CVE-2021-23214</cve> </suppress> + +<!-- MariaDB client is being confused with MariaDB server--> + <suppress> + <notes><![CDATA[ + file name: mariadb-java-client-2.7.5.jar + ]]></notes> + <sha1>9dd29797ecabe7d2e7fa892ec6713a5552cfcc59</sha1> + <cve>CVE-2022-27376</cve> + <cve>CVE-2022-27377</cve> + <cve>CVE-2022-27378</cve> + <cve>CVE-2022-27379</cve> + <cve>CVE-2022-27380</cve> + <cve>CVE-2022-27381</cve> + <cve>CVE-2022-27382</cve> + <cve>CVE-2022-27383</cve> + <cve>CVE-2022-27384</cve> + <cve>CVE-2022-27385</cve> + <cve>CVE-2022-27386</cve> + <cve>CVE-2022-27387</cve> + </suppress> </suppressions> \ No newline at end of file
