This is an automated email from the ASF dual-hosted git repository. nicoloboschi pushed a commit to branch branch-2.10 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 36a41ee372f7ba7853b10de7dcf40b3bfc837394 Author: tison <[email protected]> AuthorDate: Thu Dec 29 19:08:37 2022 +0800 [improve][sec] Suppress false positive OWASP reports (#19105) Signed-off-by: tison <[email protected]> (cherry picked from commit 62a2058f82c854226bcc8e3fc30490a9ae1d1b1a) (cherry picked from commit 5f67f67119fd0e2b919362a5149cd8c02858c87f) --- src/owasp-dependency-check-suppressions.xml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml index 02aa0d4ce41..201a23baa03 100644 --- a/src/owasp-dependency-check-suppressions.xml +++ b/src/owasp-dependency-check-suppressions.xml @@ -36,6 +36,24 @@ <gav>org.apache.thrift:libthrift:0.12.0</gav> <vulnerabilityName regex="true">.*</vulnerabilityName> </suppress> + <suppress> + <notes><![CDATA[ + file name: snakeyaml-1.32.jar + ]]></notes> + <sha1>e80612549feb5c9191c498de628c1aa80693cf0b</sha1> + <cve>CVE-2022-1471</cve> + </suppress> + + <!-- influxdb dependencies --> + <suppress> + <notes><![CDATA[ + file name: msgpack-core-0.9.0.jar + ]]></notes> + <sha1>87d9ce0b22de48428fa32bb8ad476e18b6969548</sha1> + <cve>CVE-2022-41719</cve> + </suppress> + + <!-- see https://github.com/apache/pulsar/pull/16110 --> <suppress> <notes>Suppress Zookeeper 3.6.2 vulnerabilities</notes> <gav regex="true">org\.apache\.zookeeper:.*:3\.6\.2</gav> @@ -416,11 +434,8 @@ <cve>CVE-2015-0242</cve> <cve>CVE-2015-0243</cve> <cve>CVE-2015-0244</cve> - <cve>CVE-2015-3165</cve> <cve>CVE-2015-3166</cve> <cve>CVE-2015-3167</cve> - <cve>CVE-2015-5288</cve> - <cve>CVE-2015-5289</cve> <cve>CVE-2016-0766</cve> <cve>CVE-2016-0768</cve> <cve>CVE-2016-0773</cve>
