This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new dbb5081 [owasp] suppress false positive netty-tc-native (#13364)
dbb5081 is described below
commit dbb508162032a78f5d76c73113ababb8b0df7fe4
Author: Nicolò Boschi <[email protected]>
AuthorDate: Fri Dec 17 16:43:48 2021 +0100
[owasp] suppress false positive netty-tc-native (#13364)
(cherry picked from commit f657a3f64f690d0066629e3e088f85c6d2e9538f)
---
src/owasp-dependency-check-false-positives.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 7336fee..28e53b5 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -42,4 +42,11 @@
<gav regex="true">org\.apache\.avro:.*</gav>
<cve>CVE-2019-17195</cve>
</suppress>
+ <suppress base="true">
+ <notes><![CDATA[
+ FP per #3889
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
+ <cpe>cpe:/a:netty:netty</cpe>
+ </suppress>
</suppressions>
\ No newline at end of file
