This is an automated email from the ASF dual-hosted git repository.
nicoloboschi pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 959fd0960e3 [fix][owasp] Fix false positive
google-http-client-gson-1.41.0.jar (#15651)
959fd0960e3 is described below
commit 959fd0960e3fd8cb9f848cc1e0bb1b821a9d54e1
Author: Nicolò Boschi <boschi1...@gmail.com>
AuthorDate: Thu May 19 10:26:05 2022 +0200
[fix][owasp] Fix false positive google-http-client-gson-1.41.0.jar (#15651)
(cherry picked from commit cd0d4299f403505c0713270439d2c46d376de450)
---
src/owasp-dependency-check-false-positives.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 7b945a2bbc9..4984db5762b 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -59,4 +59,13 @@
<packageUrl
regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
+
+ <!-- google-http-client-gson getting confused with gson-->
+ <suppress>
+ <notes><![CDATA[
+ file name: google-http-client-gson-1.41.0.jar
+ ]]></notes>
+ <sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
+ <cve>CVE-2022-25647</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
