Re: [knox] branch master updated: OWASP false positives

Fri, 21 Dec 2018 04:08:18 -0800 

FYI I've already raised most of these here:
https://github.com/jeremylong/DependencyCheck/issues

Colm.

On Fri, Dec 21, 2018 at 3:22 AM <[email protected]> wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> krisden pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/knox.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>      new 89fcabe  OWASP false positives
> 89fcabe is described below
>
> commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> Author: Kevin Risden <[email protected]>
> AuthorDate: Thu Dec 20 22:21:59 2018 -0500
>
>     OWASP false positives
>
>     Signed-off-by: Kevin Risden <[email protected]>
> ---
>  .../resources/build-tools/dependency-check/suppressions.xml   | 11
> +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> index ed557c9..5074ddd 100644
> ---
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> +++
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> @@ -32,6 +32,12 @@ limitations under the License.
>          <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
>      </suppress>
>      <suppress>
> +        <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> +        <gav
> regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> +        <cpe>cpe:/a:apache:apache_http_server</cpe>
> +        <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> +    </suppress>
> +    <suppress>
>          <notes><![CDATA[file name: gateway-.*.jar]]></notes>
>          <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
>          <cpe>cpe:/a:apache:ambari</cpe>
> @@ -94,6 +100,11 @@ limitations under the License.
>          <cpe>cpe:/a:openid:openid</cpe>
>      </suppress>
>      <suppress>
> +        <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> +        <gav regex="true">^org\.slf4j:.*$</gav>
> +        <cve>CVE-2018-8088</cve>
> +    </suppress>
> +    <suppress>
>          <notes><![CDATA[file name: xz-.*.jar]]></notes>
>          <gav regex="true">^org\.tukaani:xz:.*$</gav>
>          <cve>CVE-2015-4035</cve>
>
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to