This is an automated email from the ASF dual-hosted git repository. nicoloboschi pushed a commit to branch branch-2.10 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit de9c718c6d36a39f77de69ef3dc03fd41c5db489 Author: Nicolò Boschi <[email protected]> AuthorDate: Mon Mar 28 18:16:38 2022 +0200 [owasp] suppress debezium-connector-postgres CVE-2021-23214 false positive (#14802) Let's get this in and unblock flaky tests (cherry picked from commit d03e2d32064d2d52b437c7700078f4a7a4dca2e7) --- .github/workflows/ci-owasp-dep-check.yaml | 2 ++ src/owasp-dependency-check-false-positives.xml | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/.github/workflows/ci-owasp-dep-check.yaml b/.github/workflows/ci-owasp-dep-check.yaml index 150156b30ec..bcce2b78368 100644 --- a/.github/workflows/ci-owasp-dep-check.yaml +++ b/.github/workflows/ci-owasp-dep-check.yaml @@ -51,6 +51,8 @@ jobs: poms: - 'pom.xml' - '**/pom.xml' + - 'src/owasp-dependency-check-false-positives.xml' + - 'src/owasp-dependency-check-suppressions.xml' - name: Cache local Maven repository if: ${{ steps.changes.outputs.poms == 'true' }} diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml index 7b945a2bbc9..191f9d6b02f 100644 --- a/src/owasp-dependency-check-false-positives.xml +++ b/src/owasp-dependency-check-false-positives.xml @@ -59,4 +59,13 @@ <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl> <cpe>cpe:/a:netty:netty</cpe> </suppress> + + <!-- CVE-2021-23214 is about PostGre server --> + <suppress> + <notes><![CDATA[ + file name: debezium-connector-postgres-1.7.2.Final.jar + ]]></notes> + <sha1>69c1edfa7d89531af511fcd07e8516fa450f746a</sha1> + <cve>CVE-2021-23214</cve> + </suppress> </suppressions> \ No newline at end of file
