This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-2.11 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit dfe87a462ff5840693ab8d70126745f21f48e719 Author: Lari Hotari <[email protected]> AuthorDate: Tue Apr 4 23:09:43 2023 +0300 [fix][build] Suppress Guava CVE-2020-8908 in OWASP dependency check (#20005) (cherry picked from commit d0916754ddeb1a4315e4429601941fdc6a210f30) --- src/owasp-dependency-check-suppressions.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml index 72b5985b6fe..9ed8e55a51e 100644 --- a/src/owasp-dependency-check-suppressions.xml +++ b/src/owasp-dependency-check-suppressions.xml @@ -496,5 +496,12 @@ <cve>CVE-2020-17516</cve> <cve>CVE-2021-44521</cve> </suppress> + <suppress> + <notes><![CDATA[ + The vulnerable method is deprecated in Guava, but isn't removed. It's necessary to suppress this CVE. + See https://github.com/google/guava/issues/4011 + ]]></notes> + <cve>CVE-2020-8908</cve> + </suppress> </suppressions>
