[GitHub] [pulsar] tisonkun commented on a diff in pull request #16520: [fix][security] Upgrade to Jetty to 9.4.48.v20220622 to get rid of CVE-2022-2047

Mon, 11 Jul 2022 20:58:14 -0700 


tisonkun commented on code in PR #16520:
URL: https://github.com/apache/pulsar/pull/16520#discussion_r918525317


##########
src/owasp-dependency-check-false-positives.xml:
##########
@@ -158,4 +158,13 @@
     <sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
     <cve>CVE-2022-25647</cve>
   </suppress>
+
+  <!-- 9.4.x is not affected 
https://github.com/eclipse/jetty.project/issues/8161#issuecomment-1178728623-->
+  <suppress>

Review Comment:
   We can revert this change since upstream has fixed the false positive 
https://github.com/eclipse/jetty.project/issues/8161.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to