[GitHub] [pulsar] tisonkun commented on a diff in pull request #16110: [security] Suppress CVE-2022-23712 warnings

GitBox Sat, 18 Jun 2022 21:45:58 -0700


tisonkun commented on code in PR #16110:
URL: https://github.com/apache/pulsar/pull/16110#discussion_r901046539



##########
src/owasp-dependency-check-suppressions.xml:
##########
@@ -37,7 +37,19 @@
         <vulnerabilityName regex="true">.*</vulnerabilityName>
     </suppress>
 
-    <!-- see https://github.com/apache/pulsar/pull/14629-->
+    <!-- see https://github.com/apache/pulsar/pull/16110 -->
+    <suppress>
+        <notes>CVE-2022-23712 is only related to Elastic server</notes>
+        <gav>co.elastic.clients:elasticsearch-java:8.1.0</gav>

Review Comment:
   It seems that I can get the value of `sha1` from 
https://repo1.maven.org/maven2/co/elastic/clients/elasticsearch-java/8.1.0/elasticsearch-java-8.1.0.jar.sha1
 and ditto rest-client.
   
   I'll make an update but still wonder what's the benefit it brings.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar] tisonkun commented on a diff in pull request #16110: [security] Suppress CVE-2022-23712 warnings

Reply via email to