This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.8 by this push:
new 4ac2419913f [fix][build] Resolve OWASP Dependency Check false
positives (#19120)
4ac2419913f is described below
commit 4ac2419913f0b159ab71d4b456a4fe0089bb0182
Author: Lari Hotari <[email protected]>
AuthorDate: Mon Jan 2 15:48:42 2023 +0200
[fix][build] Resolve OWASP Dependency Check false positives (#19120)
(cherry picked from commit f912fb3931a99575f4b8c93ce8174d53b19336c3)
---
src/owasp-dependency-check-false-positives.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 7b945a2bbc9..04add500464 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -27,6 +27,12 @@
</notes>
<cpe>cpe:/a:apache:http_server</cpe>
</suppress>
+ <suppress>
+ <notes>
+ apache:apache_http_server is not used.
+ </notes>
+ <cpe>cpe:/a:apache:apache_http_server</cpe>
+ </suppress>
<suppress>
<notes>pulsar-zookeeper-utils gets mixed with zookeeper.</notes>
<gav regex="true">org\.apache\.pulsar:.*</gav>
@@ -59,4 +65,9 @@
<packageUrl
regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
+
+ <suppress>
+ <notes>commons-net is not used at all and therefore commons-net
vulnerability CVE-2021-37533 is a false positive.</notes>
+ <cve>CVE-2021-37533</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
