This is an automated email from the ASF dual-hosted git repository. nicoloboschi pushed a commit to branch branch-2.11 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 5f67f67119fd0e2b919362a5149cd8c02858c87f Author: tison <[email protected]> AuthorDate: Thu Dec 29 19:08:37 2022 +0800 [improve][sec] Suppress false positive OWASP reports (#19105) Signed-off-by: tison <[email protected]> (cherry picked from commit 62a2058f82c854226bcc8e3fc30490a9ae1d1b1a) --- src/owasp-dependency-check-suppressions.xml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml index bc1d0c8749a..72b5985b6fe 100644 --- a/src/owasp-dependency-check-suppressions.xml +++ b/src/owasp-dependency-check-suppressions.xml @@ -37,6 +37,23 @@ <vulnerabilityName regex="true">.*</vulnerabilityName> </suppress> + <suppress> + <notes><![CDATA[ + file name: snakeyaml-1.32.jar + ]]></notes> + <sha1>e80612549feb5c9191c498de628c1aa80693cf0b</sha1> + <cve>CVE-2022-1471</cve> + </suppress> + + <!-- influxdb dependencies --> + <suppress> + <notes><![CDATA[ + file name: msgpack-core-0.9.0.jar + ]]></notes> + <sha1>87d9ce0b22de48428fa32bb8ad476e18b6969548</sha1> + <cve>CVE-2022-41719</cve> + </suppress> + <!-- see https://github.com/apache/pulsar/pull/16110 --> <suppress> <notes><