This is an automated email from the ASF dual-hosted git repository.
nicoloboschi pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.10 by this push:
new 342f2c7358a [fix][owasp] Fix false positive
google-http-client-gson-1.41.0.jar (#15651)
342f2c7358a is described below
commit 342f2c7358ae58b4c14b67b517ee7ff2f57514d1
Author: Nicolò Boschi <[email protected]>
AuthorDate: Thu May 19 10:26:05 2022 +0200
[fix][owasp] Fix false positive google-http-client-gson-1.41.0.jar (#15651)
(cherry picked from commit cd0d4299f403505c0713270439d2c46d376de450)
---
src/owasp-dependency-check-false-positives.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index cd5de474562..39589d62fe9 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -88,4 +88,13 @@
<cve>CVE-2022-27386</cve>
<cve>CVE-2022-27387</cve>
</suppress>
+
+ <!-- google-http-client-gson getting confused with gson-->
+ <suppress>
+ <notes><![CDATA[
+ file name: google-http-client-gson-1.41.0.jar
+ ]]></notes>
+ <sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
+ <cve>CVE-2022-25647</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
