This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push:
new 677f769 Uses proper suppresses to exclude vulnerable Oval transitive
dependencies
677f769 is described below
commit 677f769bb71b6bdd08e271937e5b89a14c995d24
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Mon May 18 07:57:11 2020 +0200
Uses proper suppresses to exclude vulnerable Oval transitive dependencies
---
src/etc/project-suppression.xml | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index f00cc85..35b6e53 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -150,7 +150,22 @@
</suppress>
<suppress>
<notes><![CDATA[file name: oval-1.90.jar]]></notes>
- <packageUrl
regex="true">^pkg:maven/net\.sf\.oval/oval@1\.90$</packageUrl>
- <vulnerabilityName>Vulnerable transitive
dependencies</vulnerabilityName>
+ <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+ <cpe>cpe:/a:apache:groovy</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+ <cpe>cpe:/a:apache:log4j</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+ <cpe>cpe:/a:jruby:jruby</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: oval-1.90.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/net\.sf\.oval/oval@.*$</packageUrl>
+ <cpe>cpe:/a:xstream_project:xstream</cpe>
</suppress>
</suppressions>
\ No newline at end of file
