This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new d0916754dde [fix][build] Suppress Guava CVE-2020-8908 in OWASP
dependency check (#20005)
d0916754dde is described below
commit d0916754ddeb1a4315e4429601941fdc6a210f30
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Apr 4 23:09:43 2023 +0300
[fix][build] Suppress Guava CVE-2020-8908 in OWASP dependency check (#20005)
---
src/owasp-dependency-check-suppressions.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/owasp-dependency-check-suppressions.xml
b/src/owasp-dependency-check-suppressions.xml
index 2f735646494..84ed2a3332c 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -463,5 +463,12 @@
<cve>CVE-2020-17516</cve>
<cve>CVE-2021-44521</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ The vulnerable method is deprecated in Guava, but isn't removed. It's
necessary to suppress this CVE.
+ See https://github.com/google/guava/issues/4011
+ ]]></notes>
+ <cve>CVE-2020-8908</cve>
+ </suppress>
</suppressions>
