This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.1 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit efc4bf392e9ee95bd4625a7b7e964f8c1fe6d726 Author: Lari Hotari <[email protected]> AuthorDate: Sat Sep 30 11:27:36 2023 +0300 [fix][sec] Add OWASP Dependency Check suppressions (#21281) (cherry picked from commit 1bf7371b6d33c4e015d006e547b393b97686ff20) --- src/owasp-dependency-check-suppressions.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml index d5ddc28e884..b5bb58c3d0e 100644 --- a/src/owasp-dependency-check-suppressions.xml +++ b/src/owasp-dependency-check-suppressions.xml @@ -457,4 +457,16 @@ ]]></notes> <cve>CVE-2023-35116</cve> </suppress> + <suppress> + <notes><![CDATA[ + This is a false positive in avro-protobuf. The vulnerability is in Hamba avro golang library. + ]]></notes> + <cve>CVE-2023-37475</cve> + </suppress> + <suppress> + <notes><![CDATA[ + This CVE can be suppressed since it is covered in Pulsar by hostname verification changes made in https://github.com/apache/pulsar/pull/15824. + ]]></notes> + <cve>CVE-2023-4586</cve> + </suppress> </suppressions>
